Exploitdb Exploits
50,076 exploits tracked across all sources.
Zend Framework < 1.12.14, 2.x < 2.4.6, 2.5.x < 2.5.2 - XML External Entity Injection via Multibyte Encoded Characters
The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters.
by Dawid Golunski
Hitron Router CGN3ACSMR 4.5.8.16 - Arbitrary Code Execution
by Dolev Farhi
IBM AIX/VIOS <7.1 - Privilege Escalation
lquerylv in cmdlvm in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x allows local users to gain privileges via a crafted DBGCMD_LQUERYLV environment-variable value.
by S2 Crew
Sam Spade 1.14 - Scan From IP Address Field Overflow Crash (SEH) (PoC)
by Luis Martínez
KCodes NetUSB - Stack-Based Buffer Overflow via Long Computer Name
Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote attackers to execute arbitrary code by providing a long computer name in a session on TCP port 20005.
by Adrián Ruiz Bermudo
HipChat for JIRA <6.30.0 - Code Injection
The HipChat for JIRA plugin before 6.30.0 for Atlassian JIRA allows remote authenticated users to execute arbitrary Java code via unspecified vectors, related to "Velocity Template Injection Vulnerability."
by Chris Wood
Sagem FAST3304-V2 - Authentication Bypass (2)
by Soufiane Alami Hassani
Samsung Galaxy S6 - Remote Code Execution via HTML Email Content
SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript.
by Google Security Research
CVSS 8.8
Samsung Graphics 2D driver - Memory Corruption
Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598.
by Google Security Research
CVSS 7.0
Android < 5.1.1 - Information Disclosure via Weak Email Composer Intent Permissions
The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent.
by Google Security Research
CVSS 5.5
Exynos Seiren Audio < - Buffer Overflow
Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter.
by Google Security Research
CVSS 5.5
Samsung m2m1shot_driver - Stack-based Buffer Overflow via ioctl Call
Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in the Samsung m2m1shot driver framework, as used in Samsung S6 Edge, allows local users to have unspecified impact via a large data.buf_out.num_planes value in an ioctl call.
by Google Security Research
CVSS 7.8
Th3 MMA - 'mma.php' Backdoor Arbitrary File Upload (Metasploit)
by Metasploit
Apple OS X <10.11 - Privilege Escalation
rsh in the remote_cmds component in Apple OS X before 10.11 allows local users to obtain root privileges via vectors involving environment variables.
by Metasploit
macOS < 10.11.1 - Unauthenticated AppleScript Execution Bypass
Script Editor in Apple OS X before 10.11.1 allows remote attackers to bypass an intended user-confirmation requirement for AppleScript execution via unspecified vectors.
by Metasploit
Alreader 2.5 .fb2 - Based Stack Overflow (SEH) (ASLR + DEP Bypass)
by g00dv1n
Easy File Sharing Web Server 7.2 - Remote Overflow (SEH)
by Audit0r
Realtyna RPL < 8.9.5 - Cross-Site Request Forgery via add_user Action
Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allows remote attackers to hijack the authentication of administrators for requests that add a user via an add_user action to administrator/index.php.
by Bikramaditya Guha
CVSS 8.8
Realtyna RPL <8.9.5 - SQL Injection
Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allow remote administrators to execute arbitrary SQL commands via the (1) id, (2) copy_field in a data_copy action, (3) pshow in an update_field action, (4) css, (5) tip, (6) cat_id, (7) text_search, (8) plisting, or (9) pwizard parameter to administrator/index.php.
by Bikramaditya Guha
CVSS 7.2
Microsoft Windows - Remote Code Execution via SafeArrayDimen Function
OleAut32.dll in OLE in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted web site, as demonstrated by an array-redimensioning attempt that triggers improper handling of a size value in the SafeArrayDimen function, aka "Windows OLE Automation Array Remote Code Execution Vulnerability."
by Ehsan Noreddini
CVSS 8.8
TeamSpeak Client 3.0.18.1 - Remote File Inclusion / Remote Code Execution
by Scurippio
By Source