Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-1793 EXPLOITDB MEDIUM ruby
Oracle Supply Chain Products Suite < 2.0.0.6 - Security Feature Bypass
The X509_verify_cert function in crypto/x509/x509_vfy.c in OpenSSL 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c does not properly process X.509 Basic Constraints cA values during identification of alternative certificate chains, which allows remote attackers to spoof a Certification Authority role and trigger unintended certificate verifications via a valid leaf certificate.
by Ramon de C Valle
CVSS 6.5
CVE-2014-6593 EXPLOITDB ruby
Oracle Java SE <8.0 - Info Disclosure
Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25; Java SE Embedded 7u71 and 8u6; and JRockit 27.8.4 and 28.3.4 allows remote attackers to affect confidentiality and integrity via vectors related to JSSE.
by Ramon de C Valle
EIP-2026-102595 EXPLOITDB text VERIFIED
FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap Out-of-Bounds Reads
by Google Security Research
EIP-2026-117244 EXPLOITDB python VERIFIED
Gold MP4 Player - '.swf' Local Overflow
by Vivek Mahajan
EIP-2026-116112 EXPLOITDB text
Python 3.3 < 3.5 - 'product_setstate()' Out-of-Bounds Read
by John Leitch
EIP-2026-116111 EXPLOITDB text
Python 2.7 hotshot Module - 'pack_string' Heap Buffer Overflow (PoC)
by John Leitch
EIP-2026-116110 EXPLOITDB text
Python 2.7 - 'strop.replace()' Method Integer Overflow
by John Leitch
EIP-2026-103642 EXPLOITDB text
Python 2.7 - 'array.fromstring' Method Use-After-Free
by John Leitch
CVE-2015-7898 EXPLOITDB MEDIUM text VERIFIED
Samsung Galaxy S6 - Denial of Service in Samsung Gallery GIF Parser
Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
by Google Security Research
CVSS 5.5
CVE-2015-7895 EXPLOITDB MEDIUM text VERIFIED
Samsung Gallery on Samsung Galaxy S6 - Denial of Service via Bitmap Decoding
Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
by Google Security Research
CVSS 5.5
CVE-2015-7896 EXPLOITDB MEDIUM text VERIFIED
Samsung Galaxy S6 <Oct 2015 - Memory Corruption
LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file.
by Google Security Research
CVSS 6.5
CVE-2015-7897 EXPLOITDB text VERIFIED
Samsung Galaxy S6 Edge - Memory Corruption
The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial of service (memory corruption) via a crafted BMP image file.
by Google Security Research
CVE-2015-7894 EXPLOITDB HIGH text VERIFIED
Samsung Galaxy S6 Edge Firmware - Remote Code Execution via Crafted JPG Image
The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process crash) and execute arbitrary code via a crafted JPG.
by Google Security Research
CVSS 8.8
CVE-2011-3478 EXPLOITDB python VERIFIED
Symantec pcAnywhere 12.5.x-12.5.3 & IT Management Suite 7.0-7.1 - RCE via TCP Port 5631
The host-services component in Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), does not properly filter login and authentication data, which allows remote attackers to execute arbitrary code via a crafted session on TCP port 5631.
by Tomislav Paskalev
EIP-2026-119345 EXPLOITDB text
actiTIME 2015.2 - Multiple Vulnerabilities
by LiquidWorm
EIP-2026-117993 EXPLOITDB python VERIFIED
TCPing 2.1.0 - Local Buffer Overflow
by hyp3rlinx
EIP-2026-117889 EXPLOITDB python
Sam Spade 1.14 - Scan Addresses Buffer Overflow
by VIKRAMADITYA
EIP-2026-117888 EXPLOITDB python VERIFIED
Sam Spade 1.14 - Crawl Website Buffer Overflow
by MandawCoder
CVE-2015-2554 EXPLOITDB text VERIFIED
Microsoft Windows - Local Privilege Escalation via Object Reference
The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows Object Reference Elevation of Privilege Vulnerability."
by Google Security Research
EIP-2026-111342 EXPLOITDB text
Pligg CMS 2.0.2 - Multiple SQL Injections
by Curesec Research Team
EIP-2026-111341 EXPLOITDB text
Pligg CMS 2.0.2 - Directory Traversal
by Curesec Research Team
EIP-2026-111340 EXPLOITDB text
Pligg CMS 2.0.2 - Cross-Site Request Forgery / Code Execution
by Curesec Research Team
EIP-2026-110760 EXPLOITDB text
PHP Server Monitor 3.1.1 - Multiple Cross-Site Request Forgery Vulnerabilities
by hyp3rlinx
EIP-2026-110759 EXPLOITDB html
PHP Server Monitor 3.1.1 - Cross-Site Request Forgery / Privilege Escalation
by hyp3rlinx
CVE-2015-5534 EXPLOITDB text
Oxwall < 1.7.4 - Cross-Site Request Forgery via Maintenance Mode Parameters
Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall before 1.8 allow remote attackers to hijack the authentication of administrators for requests that (1) put the website under maintenance via the maintenance_enable parameter or (2) conduct cross-site scripting (XSS) attacks via the maintenance_text parameter to admin/pages/maintenance.
by High-Tech Bridge SA