Exploitdb Exploits
50,076 exploits tracked across all sources.
PEAR LiveUser <= 0.16.8 - Directory Traversal via Remember Me Cookie
Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file existence, and possibly delete arbitrary files with short pathnames or possibly read arbitrary files, via a .. (dot dot) in the store_id value of a cookie.
by GulfTech Security
ManageEngine Firewall Analyzer 8.5 - Multiple Vulnerabilities
by Sachin Wagh
XM Easy Personal FTP Server 5.8.0 - 'HELP' Remote Denial of Service
by Pawan Lal
STIMS Cutter 1.1.3.20 - Buffer Overflow (Denial of Service) (PoC)
by Shantanu Khandelwal
STIMS Buffer 1.1.20 - Buffer Overflow (PoC) (SEH Overwrite)
by Shantanu Khandelwal
QuickHeal Total Security - Denial of Service via webssx.sys Driver
The webssx.sys driver in QuickHeal 16.00 allows remote attackers to cause a denial of service.
by Fitzl Csaba
CVSS 7.5
Geeklog 1.4.0-1.4.0sr1 and 1.3.11-1.3.11sr4 - SQL Injection via Userid or Sessid Parameter
Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to inject arbitrary SQL commands via the (1) userid variable to users.php or (2) sessid variable to lib-sessions.php.
by GulfTech Security
Chamilo LMS IDOR - 'messageId' Delete POST Injection
by Vulnerability-Lab
Adobe Flash Player <18.0.0.324-20.0.0.267 - RCE
Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion."
by Google Security Research
CVSS 8.8
Linux Kernel 3.0.0-3.19.8 - Privilege Escalation via aufs POSIX ACL Handling
The aufs module for the Linux kernel 3.x and 4.x does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.
by halfdog
CVSS 7.8
Vesta Control Panel 0.9.8-15 - Persistent Cross-Site Scripting
by Necmettin COSKUN
ADOdb 4.71 - Cross-Site Scripting via next_page Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF.
by GulfTech Security
Redaxo 5.0.0 - Multiple Vulnerabilities
by LSE Leading Security Experts GmbH
Fedora < 9.2.9.v20150224 - Information Disclosure
The exception handling code in Eclipse Jetty before 9.2.9.v20150224 allows remote attackers to obtain sensitive information from process memory via illegal characters in an HTTP header, aka JetLeak.
by LiquidWorm
CVSS 7.5
Adobe Flash Player <18.0.0.329-20.0.0.306 - RCE
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion."
by Google Security Research
CVSS 8.8
Adobe Flash Player <18.0.0.329, 19.x, 20.x - Use After Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0974, CVE-2016-0975, CVE-2016-0982, and CVE-2016-0983.
by Google Security Research
CVSS 8.8
Adobe Flash Player <18.0.0.329, 19.x, 20.x - Memory Corruption
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.
by Google Security Research
CVSS 8.8
Adobe Flash Player <18.0.0.329, 19.x, 20.x - Use After Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0973, CVE-2016-0975, CVE-2016-0982, CVE-2016-0983, and CVE-2016-0984.
by Google Security Research
CVSS 8.8
Adobe Flash - H264 Parsing Out-of-Bounds Read
by Google Security Research
By Source