Exploits

Exploit Database - Exploits for Penetration Testers, Researchers, and Ethical Hackers

共24443Exploits
日期 标题 类型 平台 作者
2017-05-23

Apple macOS/iOS Kernel – Use-After-Free Due to Bad Locking in Unix Domain Socket File Descriptor Externalization

  • dos
  • multiple
  • Google Security Research
    2017-05-23

    Apple macOS/iOS – ‘CAMediaTimingFunctionBuiltin’ NSKeyedArchiver Memory Corruption Due to Lack of Bounds Checking

  • dos
  • multiple
  • Google Security Research
    2017-05-23

    Apple macOS/iOS – ‘TIKeyboardLayout initWithCoder:’ NSKeyedArchiver Heap Corruption Due to Rounding Error

  • dos
  • multiple
  • Google Security Research
    2017-05-23

    Apple macOS/iOS – NSUnarchiver Heap Corruption Due to Lack of Bounds Checking in [NSBuiltinCharacterSet initWithCoder:]

  • dos
  • multiple
  • Google Security Research
    2017-05-23

    Apple macOS/iOS – Memory Corruption Due to Bad Bounds Checking in NSCharacterSet Coding for NSKeyedUnarchiver

  • dos
  • multiple
  • Google Security Research
    2017-05-22

    VMware Workstation for Linux 12.5.2 build-4638234 – ALSA Configuration Host Local Privilege Escalation

  • local
  • linux
  • Google Security Research
    2017-05-22

    Aerohive HiveOS 5.1r5 < 6.1r5 - Remote Code Execution

  • webapps
  • hardware
  • Ike-Clinton
    2017-05-22

    Linux Kernel 4.11 – eBPF Verifier Log Leaks Lower Half of map Pointer

  • dos
  • linux
  • Google Security Research
    2017-05-22

    Apple macOS – ‘stackshot’ Raw Frame Pointers

  • dos
  • macos
  • Google Security Research
    2017-05-22

    Apple macOS – ’32-bit syscall exit’ Kernel Register Leak

  • dos
  • macos
  • Google Security Research
    2017-05-21

    PlaySMS 1.4 – ‘import.php’ Remote Code Execution

  • webapps
  • php
  • Touhid M.Shaikh
    2017-05-20

    Mantis Bug Tracker 1.3.10/2.3.0 – Cross-Site Request Forgery

  • webapps
  • php
  • hyp3rlinx
    2017-05-20

    KMCIS CaseAware – Cross-Site Scripting

  • webapps
  • php
  • justpentest
    2017-05-20

    Secure Auditor 3.0 – Directory Traversal

  • remote
  • windows
  • hyp3rlinx
    2017-05-19

    Tecnovision DLX Spot – Authentication Bypass

  • webapps
  • php
  • Simon Brannstrom
    2017-05-19

    Tecnovision DLX Spot – SSH Backdoor Access

  • remote
  • multiple
  • Simon Brannstrom
    2017-05-19

    Sure Thing Disc Labeler 6.2.138.0 – Buffer Overflow (PoC)

  • dos
  • windows
  • Chance Johnson
    2017-05-19

    D-Link DIR-600M Wireless N 150 – Authentication Bypass

  • webapps
  • hardware
  • Touhid M.Shaikh
    2017-05-19

    PlaySMS 1.4 – Remote Code Execution

  • webapps
  • php
  • Touhid M.Shaikh
    2017-05-19

    ManageEngine ServiceDesk Plus 9.0 – Authentication Bypass

  • webapps
  • java
  • ByteM3
    2017-05-19

    SAP Business One for Android 1.2.3 – XML External Entity Injection

  • webapps
  • xml
  • Ravindra Singh Rathore
    2017-05-19

    Belden Garrettcom 6K/10K Switches – Authentication Bypass / Memory Corruption

  • webapps
  • php
  • David Tomaschik
    2017-05-19

    Oracle PeopleSoft – Server-Side Request Forgery

  • webapps
  • java
  • ERPScan
    2017-05-19

    Joomla! 3.7.0 – ‘com_fields’ SQL Injection

  • webapps
  • php
  • Mateus Lino
    2017-05-19

    Tecnovision DLX Spot – Arbitrary File Upload

  • webapps
  • php
  • Simon Brannstrom
    2017-05-18

    KDE 4/5 – ‘KAuth’ Local Privilege Escalation

  • local
  • linux
  • Stealth
    2017-05-17

    INFOR EAM 11.0 Build 201410 – ‘filtervalue’ SQL Injection

  • webapps
  • xml
  • Yoroi
    2017-05-17

    Mozilla Firefox 50 < 55 - Stack Overflow Denial of Service

  • dos
  • multiple
  • Geeknik Labs
    2017-05-17

    Oracle PeopleSoft – XML External Entity to SYSTEM Remote Code Execution

  • remote
  • xml
  • Ambionics Security
    2017-05-17

    BuilderEngine 3.5.0 – Arbitrary File Upload and Execution (Metasploit)

  • remote
  • php
  • Metasploit
    2017-05-17

    WordPress Plugin PHPMailer 4.6 – Host Header Command Injection (Metasploit)

  • remote
  • php
  • Metasploit
    2017-05-17

    Serviio Media Server – checkStreamUrl Command Execution (Metasploit)

  • remote
  • windows
  • Metasploit
    2017-05-17

    Oracle PeopleSoft Enterprise PeopleTools < 8.55 - Remote Code Execution Via Blind XML External Entity

  • webapps
  • java
  • Charles Fol
    2017-05-17

    Dup Scout Enterprise 9.5.14 – GET Buffer Overflow (Metasploit)

  • remote
  • windows
  • Metasploit
    2017-05-17

    Microsoft Windows – Running Object Table Register ROTFLAGS_ALLOWANYCLIENT Privilege Escalation

  • dos
  • windows
  • Google Security Research
    2017-05-17

    Microsoft Windows – COM Aggregate Marshaler/IRemUnknown2 Type Confusion Privilege Escalation

  • local
  • windows
  • Google Security Research
    2017-05-17

    Adobe Flash – Out-of-Bounds Read in Getting TextField Width

  • dos
  • multiple
  • Google Security Research
    2017-05-17

    Adobe Flash – Margin Handling Heap Corruption

  • dos
  • multiple
  • Google Security Research
    2017-05-17

    Adobe Flash – AVC Deblocking Out-of-Bounds Read

  • dos
  • multiple
  • Google Security Research
    2017-05-17

    Apple iOS < 10.3.2 - Notifications API Denial of Service

  • dos
  • ios
  • CoffeeBreakers
    2017-05-17

    Microsoft Windows 7/2008 R2 – ‘EternalBlue’ SMB Remote Code Execution (MS17-010)

  • remote
  • windows
  • sleepya
    2017-05-17

    Microsoft Windows 8/8.1/2012 R2 (x64) – ‘EternalBlue’ SMB Remote Code Execution (MS17-010)

  • remote
  • windows_x86-64
  • sleepya
    2017-05-17

    INFOR EAM 11.0 Build 201410 – Persistent Cross-Site Scripting via Comment Fields

  • webapps
  • xml
  • Yoroi
    2017-05-15

    Quest Privilege Manager – pmmasterd Buffer Overflow (Metasploit)

  • remote
  • linux
  • Metasploit
    2017-05-15

    Microsoft Windows 7 Kernel – Pool-Based Out-of-Bounds Reads Due to bind() Implementation Bugs in afd.sys / tcpip.sys

  • dos
  • windows
  • Google Security Research
    2017-05-15

    Microsoft Windows 7 Kernel – ‘win32k!xxxClientLpkDrawTextEx’ Stack Memory Disclosure

  • dos
  • windows
  • Google Security Research
    2017-05-15

    Microsoft Windows 10 Kernel – ‘nt!NtTraceControl (EtwpSetProviderTraits)’ Pool Memory Disclosure

  • dos
  • windows
  • Google Security Research
    2017-05-15

    Microsoft Windows 7 Kernel – Uninitialized Memory in the Default dacl Descriptor of System Processes Token

  • dos
  • windows
  • Google Security Research
    2017-05-15

    Mailcow 0.14 – Cross-Site Request Forgery

  • webapps
  • php
  • hyp3rlinx
    2017-05-15

    LabF nfsAxe 3.7 FTP Client – Remote Buffer Overflow (SEH)

  • remote
  • windows
  • Tulpa