Exploitdb Exploits
50,076 exploits tracked across all sources.
Adobe Flash Player <18.0.0.329,19.x,20.x - Memory Corruption
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0964, CVE-2016-0965, CVE-2016-0966, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.
by Google Security Research
CVSS 8.8
Adobe Flash Player <18.0.0.329, 19.x, 20.x - Memory Corruption
Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0965, CVE-2016-0966, CVE-2016-0967, CVE-2016-0968, CVE-2016-0969, CVE-2016-0970, CVE-2016-0972, CVE-2016-0976, CVE-2016-0977, CVE-2016-0978, CVE-2016-0979, CVE-2016-0980, and CVE-2016-0981.
by Google Security Research
CVSS 8.8
Adobe Flash Player <18.0.0.329,19.x,20.x - Buffer Overflow
Heap-based buffer overflow in Adobe Flash Player before 18.0.0.329 and 19.x and 20.x before 20.0.0.306 on Windows and OS X and before 11.2.202.569 on Linux, Adobe AIR before 20.0.0.260, Adobe AIR SDK before 20.0.0.260, and Adobe AIR SDK & Compiler before 20.0.0.260 allows attackers to execute arbitrary code via unspecified vectors.
by Google Security Research
CVSS 8.8
Adobe Flash Player < 28.0.0.161 - Use-After-Free in Primetime SDK Media Player Listener Handling
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.
by smgorelik
CVSS 7.8
WordPress Plugin ALO EasyMail NewsLetter 2.6.01 - Cross-Site Request Forgery
by Mohsen Lotfi
phpMyBackupPro 2.5 - Remote Command Execution / Cross-Site Request Forgery
by hyp3rlinx
ManageEngine OPutils 8.0 - Multiple Vulnerabilities
by Kaustubh G. Padwad
ManageEngine Network Configuration Management Build 11000 - Privilege Escalation
by Kaustubh G. Padwad
GNU C Library <2.23 - Buffer Overflow
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
by Google Security Research
CVSS 8.1
Microsoft Windows - Privilege Escalation
Double free vulnerability in the Ancillary Function Driver (AFD) in afd.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
by Rick Larabee
Microsoft Windows Kerberos - Authentication Bypass via Crafted KDC
Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate password changes, which allows remote attackers to bypass authentication by deploying a crafted Key Distribution Center (KDC) and then performing a sign-in action, aka "Windows Kerberos Security Feature Bypass."
by Nabeel Ahmed
CVSS 6.2
Delta Industrial Automation DCISoft 1.12.09 - Local Stack Buffer Overflow
by LiquidWorm
NTPd ntp-4.2.6p5 - 'ctl_putdata()' Buffer Overflow (PoC)
by Marcin Kozlowski
Adobe Flash Player < 28.0.0.161 - Use-After-Free in Primetime SDK Media Player Listener Handling
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.
by smgorelik
CVSS 7.8
File Replication Pro 7.2.0 - Multiple Vulnerabilities
by Vantage Point Security
lastore-daemon <0.9.66-1 - Privilege Escalation
A local privilege escalation vulnerability exists in lastore-daemon, the system package manager daemon used in Deepin Linux (developed by Wuhan Deepin Technology Co., Ltd.). In versions 0.9.53-1 (Deepin 15.5) and 0.9.66-1 (Deepin 15.7), the D-Bus configuration permits any user in the sudo group to invoke the InstallPackage method without password authentication. By default, the first user created on Deepin is in the sudo group. An attacker with shell access can craft a .deb package containing a malicious post-install script and use dbus-send to install it via lastore-daemon, resulting in arbitrary code execution as root.
by King's Way
D-Link DCS-930L Firmware < 2.12 - Remote Code Execution via SystemCommand Parameter
setSystemCommand on D-Link DCS-930L devices before 2.12 allows a remote attacker to execute code via an OS command in the SystemCommand parameter.
by Metasploit
CVSS 7.2
Yeager CMS 1.2.1 - Server-Side Request Forgery via dbhost Parameter
Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_lite/tests/test_adodb_lite.php, libs/org/adodb_lite/tests/test_datadictionary.php, or libs/org/adodb_lite/tests/test_adodb_lite_sessions.php.
by SEC Consult
CVSS 7.2
Yeager CMS 1.2.1 - SQL Injection via pagedir_orderby Parameter
SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter.
by SEC Consult
CVSS 8.8
Yeager CMS 1.2.1 - SQL Injection via Password Recovery UserEmail Parameter
SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter.
by SEC Consult
CVSS 9.8
Yeager CMS 1.2.1 - SQL Injection via Password Reset Token Parameter
SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter.
by SEC Consult
CVSS 9.8
By Source