Exploitdb Exploits
50,076 exploits tracked across all sources.
Oracle Supply Chain Products Suite < 2.0.0.6 - Security Feature Bypass
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.
by Ramon de C Valle
CVSS 6.5
Oracle Java SE <8.0 - Info Disclosure
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
by Ramon de C Valle
FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap Out-of-Bounds Reads
by Google Security Research
Python 3.3 < 3.5 - 'product_setstate()' Out-of-Bounds Read
by John Leitch
Python 2.7 hotshot Module - 'pack_string' Heap Buffer Overflow (PoC)
by John Leitch
Python 2.7 - 'strop.replace()' Method Integer Overflow
by John Leitch
Samsung Galaxy S6 - Denial of Service in Samsung Gallery GIF Parser
Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
by Google Security Research
CVSS 5.5
Samsung Gallery on Samsung Galaxy S6 - Denial of Service via Bitmap Decoding
Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
by Google Security Research
CVSS 5.5
Samsung Galaxy S6 <Oct 2015 - Memory Corruption
LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file.
by Google Security Research
CVSS 6.5
Samsung Galaxy S6 Edge - Memory Corruption
The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial of service (memory corruption) via a crafted BMP image file.
by Google Security Research
Samsung Galaxy S6 Edge Firmware - Remote Code Execution via Crafted JPG Image
The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process crash) and execute arbitrary code via a crafted JPG.
by Google Security Research
CVSS 8.8
Symantec pcAnywhere 12.5.x-12.5.3 & IT Management Suite 7.0-7.1 - RCE via TCP Port 5631
The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631.
by Tomislav Paskalev
Sam Spade 1.14 - Crawl Website Buffer Overflow
by MandawCoder
Microsoft Windows - Local Privilege Escalation via Object Reference
The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows Object Reference Elevation of Privilege Vulnerability."
by Google Security Research
Pligg CMS 2.0.2 - Cross-Site Request Forgery / Code Execution
by Curesec Research Team
PHP Server Monitor 3.1.1 - Multiple Cross-Site Request Forgery Vulnerabilities
by hyp3rlinx
PHP Server Monitor 3.1.1 - Cross-Site Request Forgery / Privilege Escalation
by hyp3rlinx
Oxwall < 1.7.4 - Cross-Site Request Forgery via Maintenance Mode Parameters
Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall before 1.8 allow remote attackers to hijack the authentication of administrators for requests that (1) put the website under maintenance via the maintenance_enable parameter or (2) conduct cross-site scripting (XSS) attacks via the maintenance_text parameter to admin/pages/maintenance.
by High-Tech Bridge SA
By Source