CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

353 matches found

exploitpack•added 2018/03/23 12:0 a.m.•27 views

Crashmail 1.6 - Stack-Based Buffer Overflow (ROP)

Crashmail 1.6 - Stack-Based Buffer Overflow ROP Exploit author: Juan Sacco Website: http://exploitpack.com Description: Crashmail is prone to a stack-based buffer overflow because the application fails to perform adequate boundary checks on user supplied input. Impact: An attacker could exploit...

0.9AI score

Exploits0

Metasploit•added 2018/01/23 7:0 a.m.•58 views

Command Shell, Reverse UDP (via python)

Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.6-2.7 and 3.4+. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = :dynamic include...

7.1AI score

Exploits0

Debian CVE•added 2017/12/14 4:0 p.m.•23 views

CVE-2017-17522

Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that exploitation is...

8.8CVSS8.6AI score0.03595EPSS

Exploits1

CVE•added 2017/11/27 10:0 a.m.•231 views

CVE-2017-14176

CVE-2017-14176 affects Bazaar (bzr) 2.7.0 and earlier, via a vulnerability in subprocess SSH handling when using bzr+ssh URLs with an initial dash in the hostname. Connected data confirms the issue impacts the bzr 2.7.0- series; no patch is available currently. Exploitation details are not provid...

9.3CVSS9.2AI score0.05978EPSS

Exploits0References7Affected Software1

Debian CVE•added 2017/11/27 10:0 a.m.•30 views

CVE-2017-14176

Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-16228, CVE-2017-1000116, and CVE-2017-1000117...

9.3CVSS7.2AI score0.05978EPSS

Exploits0

RedhatCVE•added 2017/11/03 2:19 p.m.•39 views

CVE-2017-16228

Dulwich before 0.18.5, when an SSH subprocess is used, allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-12976, CVE-2017-1000116, and CVE-2017-1000117...

10CVSS7.3AI score0.77823EPSS

Exploits12References1

UbuntuCve•added 2017/10/29 8:29 p.m.•31 views

CVE-2017-16228

9.8CVSS7.1AI score0.03394EPSS

Exploits0References5

NVD•added 2017/10/29 8:29 p.m.•30 views

CVE-2017-16228

9.8CVSS8.7AI score0.03394EPSS

Exploits0References3

PyPA•added 2017/10/29 8:29 p.m.•4 views

PYSEC-2017-12

9.8CVSS7.8AI score0.03394EPSS

Exploits0References4Affected Software1

OSV•added 2017/10/29 8:29 p.m.•31 views

CVE-2017-16228

9.8CVSS9.2AI score

Exploits0References3

OSV•added 2017/10/29 8:29 p.m.•45 views

PYSEC-2017-12

9.8CVSS7.3AI score0.03394EPSS

Exploits0References4

Cvelist•added 2017/10/29 8:0 p.m.•34 views

CVE-2017-16228

9.4AI score0.03394EPSS

Exploits0References3

Debian CVE•added 2017/10/29 8:0 p.m.•40 views

CVE-2017-16228

9.8CVSS9AI score0.03394EPSS

Exploits0

0day.today•added 2017/10/27 12:0 a.m.•33 views

Tizen Studio 1.3 Smart Development Bridge <2.3.2 - Buffer Overflow PoC Exploit

Exploit for windows platform in category dos / poc Exploit Title: Smart Development Bridge =2.3.2 part of Tizen Studio 1.3 Windows x86/x64 - Buffer Overflow PoC Date: 22.10.17 Exploit Author: Marcin Kopec Vendor Homepage: https://developer.tizen.org/ Software Link:...

7AI score

Exploits0

RedhatCVE•added 2017/09/12 7:48 a.m.•40 views

CVE-2017-14176

10CVSS7.5AI score0.77823EPSS

Exploits12References1

OSV•added 2017/09/05 12:0 a.m.•1 views

UBUNTU-CVE-2017-14176

8.8CVSS7.1AI score0.05978EPSS

Exploits0References4

OSV•added 2017/06/22 12:0 a.m.•13 views

PSF-2017-8 Environment variables injection in subprocess on Windows

On Windows, prevent passing invalid environment variables and command arguments to subprocess.Popen. It is possible to inject an environment variable in subprocess on Windows if a user data is passed to a subprocess via environment variable. Check for invalid environment variable names containing...

7AI score

Exploits0References1

Kitploit•added 2017/03/19 1:22 p.m.•488 views

gdbgui - A browser-based frontend/gui for GDB

A modern, browser-based frontend to gdb gnu debugger. Add breakpoints, view stack traces, and more in C, C++, Go, and Rust! Simply run gdbgui from the terminal and a new tab will open in your browser. Install sudo pip install gdbgui --upgrade Since gdbgui is under active development, consider...

7.2AI score

Exploits0References3

0day.today•added 2016/12/23 12:0 a.m.•6692 views

OpenSSH 7.4 - agent Protocol Arbitrary Library Loading Vulnerability

The OpenSSH agent permits its clients to load PKCS11 providers using the commands SSHAGENTCADDSMARTCARDKEY and SSHAGENTCADDSMARTCARDKEYCONSTRAINED if OpenSSH was compiled with the ENABLEPKCS11 flag normally enabled and the agent isn't locked. For these commands, the client has to specify a provid...

7.5CVSS7.9AI score0.37431EPSS

Exploits4

Tenable Nessus•added 2016/06/24 12:0 a.m.•34 views

Oracle Linux 7 : setroubleshoot / and / setroubleshoot-plugins (ELSA-2016-1293)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2016-1293 advisory. setroubleshoot 3.2.24-4.0.1 - Add setroubleshoot-oracle-enterprise.patch to change bug reporting URL to linux.oracle.com 3.2.24-4 - Catch all subproces...

7CVSS7AI score0.00479EPSS

Exploits2References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by