Exploitdb Exploits
50,076 exploits tracked across all sources.
Adobe Photoshop CC <16.0 - Memory Corruption
Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
by Francis Provencher
Adobe Photoshop CC < 16.0 and Bridge CC < 6.11 - Remote Code Execution
Integer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors.
by Francis Provencher
Paintshop Pro X7 - '.gif' Conversion Heap Memory Corruption 'LZWMinimumCodeSize' (Denial of Service)
by Francis Provencher
CUPS < 2.0.3 - Remote Code Execution via IPP Job Request
The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.
by Google Security Research
ManageEngine SupportCenter Plus 7.90 - Path Traversal & Arbitrary File Write via Attachment.jsp
Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp.
by Vulnerability-Lab
eSellerate SDK 3.6.5.0 - Buffer Overflow via GetWebStoreURL ActiveX Control
Buffer overflow in the GetWebStoreURL function in a certain ActiveX control in eSellerateControl365.dll 3.6.5.0 in eSellerate SDK allows user-assisted remote attackers to execute arbitrary code via a long first argument.
by metacom
WinylPlayer 3.0.3 - Memory Corruption (PoC)
by Rajganesh Pandurangan
HansoPlayer 3.4.0 - Memory Corruption (PoC)
by Rajganesh Pandurangan
ManageEngine SupportCenter Plus 7.90 - Authenticated Cross-Site Scripting via Query Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct parameter to jsp/ResetADPwd.jsp, or (3) redirectTo parameter to jsp/CacheScreenWidth.jsp.
by Vulnerability-Lab
LivelyCart 1.2.0 - SQL Injection via Search Query Parameter
SQL injection vulnerability in LivelyCart 1.2.0 allows remote attackers to execute arbitrary SQL commands via the search_query parameter to product/search.
by Manish Tanwar
BlackCat CMS < 1.1.2 - Path Traversal via widgets/logs.php dl Parameter
Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the dl parameter.
by d4rkr0id
CVSS 7.5
Akronymmanager < 0.5.0 - Authenticated SQL Injection via id Parameter
SQL injection vulnerability in mod1/index.php in the Akronymmanager (sb_akronymmanager) extension before 7.0.0 for TYPO3 allows remote authenticated users with permission to maintain acronyms to execute arbitrary SQL commands via the id parameter.
by RedTeam Pentesting
ektron Content Management System < 9.1 - Cross-Site Request Forgery via Menu Actions Endpoint
Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.120) allows remote attackers to hijack the authentication of content administrators for requests that delete content via a delete action.
by Jerold Hoong
E-Detective Lawful Interception System - Multiple Vulnerabilities
by Mustafa Al-Bassam
rubyonrails/web_console < 2.1.2 and rubygems/web-console < 2.1.3 - Improper Access Control via X-Forwarded-For Header
request.rb in Web Console before 2.1.3, as used with Ruby on Rails 3.x and 4.x, does not properly restrict the use of X-Forwarded-For headers in determining a client's IP address, which allows remote attackers to bypass the whitelisted_ips protection mechanism via a crafted request.
by Metasploit
Linux kernel <3.19.0-21.21 - Privilege Escalation
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.
by rebel
CVSS 7.8
Linux kernel <3.19.0-21.21 - Privilege Escalation
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.
by rebel
CVSS 7.8
Apexis IP CAM - Information Disclosure
by Sunplace Solutions
FileZilla 3.11.0.2 SFTP Module - Denial of Service
by 3unnym00n
By Source