Exploitdb Exploits

50,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-6655 EXPLOITDB html
Pligg CMS 2.0.2 - Cross-Site Request Forgery via Admin User Addition
Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via a request to admin/admin_users.php.
by Arash Khazaei
CVE-2015-0816 EXPLOITDB ruby VERIFIED
Firefox < 37.0 and ESR 31.x < 31.6 - Remote Code Execution via resource: URL Bypass
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 do not properly restrict resource: URLs, which makes it easier for remote attackers to execute arbitrary JavaScript code with chrome privileges by leveraging the ability to bypass the Same Origin Policy, as demonstrated by the resource: URL associated with PDF.js.
by Metasploit
CVE-2015-4481 EXPLOITDB text VERIFIED
Firefox < 40.0 - Race Condition via Hard Link to Log File
Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update.
by Google Security Research
CVE-2015-2456 EXPLOITDB text VERIFIED
Microsoft Lync - Remote Code Execution via TrueType Font Parsing
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2455.
by Google Security Research
CVE-2015-2463 EXPLOITDB text VERIFIED
Microsoft .NET Framework - Remote Code Execution via TrueType Font Parsing
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2464.
by Google Security Research
CVE-2015-2464 EXPLOITDB text VERIFIED
Microsoft .NET Framework - Remote Code Execution via TrueType Font Parsing
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2463.
by Google Security Research
CVE-2015-2455 EXPLOITDB text VERIFIED
Microsoft .NET Framework - Remote Code Execution via TrueType Font Parsing
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2456.
by Google Security Research
CVE-2015-2432 EXPLOITDB text VERIFIED
Windows Adobe Type Manager Library - Remote Code Execution via Crafted OpenType Font
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."
by Google Security Research
CVE-2015-2461 EXPLOITDB text VERIFIED
Windows Adobe Type Manager Library - Remote Code Execution via Crafted OpenType Font
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2458 and CVE-2015-2459.
by Google Security Research
CVE-2015-2462 EXPLOITDB text VERIFIED
.NET Framework - Remote Code Execution via Crafted OpenType Font
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."
by Google Security Research
CVE-2015-2458 EXPLOITDB text VERIFIED
Windows Adobe Type Manager Library - Remote Code Execution via Crafted OpenType Font
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2459 and CVE-2015-2461.
by Google Security Research
CVE-2015-2460 EXPLOITDB text VERIFIED
.NET Framework - Remote Code Execution via Crafted OpenType Font
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."
by Google Security Research
CVE-2015-2459 EXPLOITDB text VERIFIED
Windows Adobe Type Manager Library - Remote Code Execution via Crafted OpenType Font
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2458 and CVE-2015-2461.
by Google Security Research
CVE-2015-2470 EXPLOITDB text VERIFIED
Microsoft Office 2007-2013 & Word Viewer RCE via Crafted Document
Integer underflow in Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office for Mac 2011, and Word Viewer allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Integer Underflow Vulnerability."
by Google Security Research
CVE-2015-2469 EXPLOITDB text VERIFIED
Microsoft Office and Word - Remote Code Execution via Crafted Document
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, and Office for Mac 2011 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
by Google Security Research
EIP-2026-115743 EXPLOITDB text VERIFIED
Microsoft Office 2007 - 'wwlib.dll' fcPlcfFldMom Uninitialized Heap Usage
by Google Security Research
CVE-2015-2431 EXPLOITDB text VERIFIED
Microsoft Office and Live Meeting - Remote Code Execution via Crafted OGL Font
Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office Graphics Library (OGL) font, aka "Microsoft Office Graphics Component Remote Code Execution Vulnerability."
by Google Security Research
CVE-2015-2467 EXPLOITDB text VERIFIED
Microsoft Office 2007 SP3 - Remote Code Execution via Crafted Document
Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
by Google Security Research
CVE-2015-2468 EXPLOITDB text VERIFIED
Microsoft Office - Remote Code Execution via Crafted Document
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office for Mac 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Word Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
by Google Security Research
CVE-2015-7767 EXPLOITDB python VERIFIED
Konica Minolta FTP Utility 1.0 - RCE
Buffer overflow in Konica Minolta FTP Utility 1.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long USER command.
by Shankar Damodaran
CVE-2015-6805 EXPLOITDB text
MDC Private Message 1.0.0 - Authenticated Stored Cross-Site Scripting via Message Field
Cross-site scripting (XSS) vulnerability in the MDC Private Message plugin 1.0.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the message field in a private message.
by Chris Kellum
EIP-2026-113798 EXPLOITDB text VERIFIED
WordPress Plugin Googmonify 0.8.1 - Cross-Site Scripting / Cross-Site Request Forgery
by Ehsan Hosseini
EIP-2026-109892 EXPLOITDB text
Netsweeper 4.0.9 - Arbitrary File Upload / Execution
by Anastasios Monachos
CVE-2014-9605 EXPLOITDB text
Netsweeper <3.1.10, <4.0.9, <4.1.2 - Auth Bypass
WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character in the login and password parameters to webupgrade/webupgrade.php. NOTE: this was originally reported as an SQL injection vulnerability, but this may be inaccurate.
by Anastasios Monachos
CVE-2014-9618 EXPLOITDB CRITICAL text
Netsweeper <3.1.10, <4.0.9, <4.1.2 - Auth Bypass
The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.
by Anastasios Monachos
CVSS 9.8