Lucene search
K
ExploitdbRecent

47904 matches found

Exploit DB
Exploit DB
added 2019/08/30 12:0 a.m.201 views

Sentrifugo 3.2 - Persistent Cross-Site Scripting

Exploit Title: Sentrifugo 3.2 - Persistent Cross-Site Scripting Google Dork: N/A Date: 8/29/2019 Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15814 Multiple Stored XSS vulnerabilities were found in Sentrifugo 3.2. In most...

5.4CVSS5.8AI score0.01581EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/08/30 12:0 a.m.347 views

WordPress Plugin WooCommerce Product Feed 2.2.18 - Cross-Site Scripting

Exploit Title: WordPress Plugin WooCommerce Product Feed = 2.2.18 - Cross-Site Scripting Date: 30 August 2019 Exploit Author: Damian Ebelties https://zerodays.lol/ Vendor Homepage: https://wordpress.org/plugins/webappick-product-feed-for-woocommerce/ Version: = 2.2.18 Tested on: Ubuntu 18.04.1 CV...

5.4CVSS5.9AI score0.03213EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/08/30 12:0 a.m.287 views

Sentrifugo 3.2 - File Upload Restriction Bypass

Exploit Title: Sentrifugo 3.2 - File Upload Restriction Bypass Google Dork: N/A Date: 8/29/2019 Exploit Author: creosote Vendor Homepage: http://www.sentrifugo.com/ Version: 3.2 Tested on: Ubuntu 18.04 CVE : CVE-2019-15813 Multiple File Upload Restriction Bypass vulnerabilities were found in...

8.8CVSS9AI score0.33236EPSS
Exploits7
Exploit DB
Exploit DB
added 2019/08/30 12:0 a.m.208 views

Easy MP3 Downloader 4.7.8.8 - 'Unlock Code' Denial of Service

!/usr/bin/python SWAMI KARUPASAMI THUNAI print""" Exploit Title: Easy MP3 Downloader Denial of Service Date: 2019-08-29 Exploit Author: Mohan Ravichandran & Snazzy Sanoj Organization : StrongBox IT Vulnerable Software: Easy MP3 Downloader Version: 4.7.8.8 Software Link:...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/30 12:0 a.m.241 views

Asus Precision TouchPad 11.0.0.25 - Denial of Service

!/usr/bin/python Exploit Title: Asus Precision TouchPad 11.0.0.25 - DoS/Privesc Date: 29-08-2019 Exploit Author: Athanasios Tserpelis of Telspace Systems Vendor Homepage: https://www.asus.com Version: 11.0.0.25 Software Link : https://www.asus.com Contact: [email protected] Twitter:...

9.8CVSS9.8AI score0.11536EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/08/30 12:0 a.m.200 views

SQL Server Password Changer 1.90 - Denial of Service

Exploit Title: SQL Server Password Changer v1.90 Denial of Service Exploit Date: 29.08.2019 Vendor Homepage:https://www.top-password.com/ Exploit Author: Velayutham Selvaraj & Praveen Thiyagarayam TwinTech Solutions Tested Version: v2.10 Tested on: Windows 8 x64 Windows 7 x64 1.- Run python code...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/30 12:0 a.m.223 views

Canon PRINT 2.5.5 - Information Disclosure

Exploit Title: Content Provider URI Injection on Canon PRINT 2.5.5 CVE-2019-14339 Date: 24th July, 2019 Exploit Author: 0x48piraj Vendor Homepage: https://www.usa.canon.com/internet/portal/us/home/explore/printing-innovations/mobile-printing/canon-print-app Software Link:...

5.5CVSS5.8AI score0.05393EPSS
Exploits6
Exploit DB
Exploit DB
added 2019/08/30 12:0 a.m.195 views

VX Search Enterprise 10.4.16 - 'User-Agent' Denial of Service

Exploit Title: VX Search Enterprise v10.4.16 DoS Google Dork: N/A Date: 17.01.2018 Exploit Author: James Chamberlain chumb0 Vendor Homepage: http://www.vxsearch.com/downloads.html Software Link: http://www.vxsearch.com/setups/vxsearchentsetupv10.4.16.exe Version: v10.4.16 Tested on: Windows 7 Hom...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/30 12:0 a.m.309 views

YouPHPTube 7.4 - Remote Code Execution

Exploit Title: YouPHPTube &webSiteTitle=Zerodays.lol&databaseHost=&databaseName=&databasePass=&databasePort=&databaseUser="...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/29 12:0 a.m.251 views

Webkit JSC: JIT - Uninitialized Variable Access in ArgumentsEliminationPhase::transform

https://github.com/WebKit/webkit/blob/94e868c940d46c5745869192d07255331d00102b/Source/JavaScriptCore/dfg/DFGArgumentsEliminationPhase.cppL743 case GetByVal: ... unsigned numberOfArgumentsToSkip = 0; if candidate-op == PhantomCreateRest numberOfArgumentsToSkip = candidate-numberOfArgumentsToSkip;...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/29 12:0 a.m.199 views

PilusCart 1.4.1 - Local File Disclosure

Exploit Title: PilusCart = 1.4.1 - Local File Disclosure Date: 29 August 2019 Exploit Author: Damian Ebelties https://zerodays.lol/ Vendor Homepage: https://sourceforge.net/projects/pilus/ Version: = 1.4.1 Tested on: Ubuntu 18.04.1 The e-commerce software 'PilusCart' is not validating the...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/29 12:0 a.m.260 views

Jobberbase 2.0 - 'subscribe' SQL Injection

!/bin/bash Exploit Title: Jobberbase 2.0 - 'subscribe' SQL injection Date: 29 August 2019 Exploit Author: Damian Ebelties https://zerodays.lol/ Vendor Homepage: http://www.jobberbase.com/ Version: 2.0 Tested on: Ubuntu 18.04.1 : ' The page "/subscribe/" is vulnerable for SQL injection. Simply mak...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/28 12:0 a.m.229 views

Outlook Password Recovery 2.10 - Denial of Service

Exploit Title: Outlook Password Recovery v2.10 Denial of Service Exploit Date: 16.08.2019 Vendor Homepage:https://www.top-password.com/ Software Link: https://www.top-password.com/outlook-password-recovery.html Exploit Author: Velayutham Selvaraj & Praveen Thiyagarayam TwinTech Solutions Tested...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/28 12:0 a.m.429 views

SQLiteManager 1.2.0 / 1.2.4 - Blind SQL Injection

!-- Exploit Title: Blind SQL injection in SQLiteManager 1.2.0 and 1.2.4 Date: 17-02-2019 Exploit Author: Rafael Pedrero Vendor Homepage: http://www.sqlitemanager.org/ Software Link: http://www.sqlitemanager.org/ Version: SQLiteManager 1.2.0 and 1.2.4 Tested on: All CVE : CVE-2019-9083 Category:...

9.8CVSS9.8AI score0.17598EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/08/28 12:0 a.m.226 views

Jobberbase 2.0 CMS - 'jobs-in' SQL Injection

Exploit Title: Jobberbase 2.0 CMS - 'jobs-in' SQL Injection Google Dork: N/A Date: 28, August 2019 Exploit Author: Suvadip Kar Vendor Homepage: http://jobberbase.com/ Software Link: https://github.com/filipcte/jobberbase/zipball/master Version: 2.0 Tested on: Linux CVE : N/A...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/27 12:0 a.m.641 views

Tableau - XML External Entity

Exploit Title: Tableau XXE Google Dork: N/A Date: Reported to vendor July 2019, fix released August 2019. Exploit Author: Jarad Kopf Vendor Homepage: https://www.tableau.com/ Software Link: Tableau Desktop downloads: https://www.tableau.com/products/desktop/download Version/Products: See Tableau...

8.1CVSS7.8AI score0.14314EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/08/26 12:0 a.m.361 views

WordPress Plugin UserPro 4.9.32 - Cross-Site Scripting

Exploit Title: UserPro https://github.com/cosenary/Instagram-PHP-API/blob/master/example/success.phpL36 Proof-of-Concept: https://domain.tld/wp-content/plugins/userpro/lib/instagram/vendor/cosenary/instagram/example/success.php?error=&errordescription=...

6.1CVSS6.5AI score0.82962EPSS
Exploits6
Exploit DB
Exploit DB
added 2019/08/26 12:0 a.m.524 views

WordPress Plugin Import Export WordPress Users 1.3.1 - CSV Injection

Exploit Title: Wordpress Plugin Import Export WordPress Users = 1.3.1 - CSV Injection Exploit Author: Javier Olmedo Contact: @jjavierolmedo Website: https://sidertia.com Date: 2018-08-22 Google Dork: inurl:"/wp-content/plugins/users-customers-import-export-for-wp-woocommerce" Vendor: WebToffee...

7.3CVSS7.4AI score0.05141EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/08/26 12:0 a.m.347 views

LSoft ListServ < 16.5-2018a - Cross-Site Scripting

Exploit Title: LSoft ListServ 2. http://127.0.0.1/scripts/wa.exe?OK= References: 1. http://www.lsoft.com/manuals/16.5/LISTSERV16.5-2018aWhatsNew.pdf 2. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15501...

6.1CVSS6.5AI score0.08182EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/08/26 12:0 a.m.1962 views

Exim 4.87 / 4.91 - Local Privilege Escalation (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'expect' class MetasploitModule 'Exim 4.87 - 4.91 Local Privilege Escalation', 'Description' = %q This module exploits a flaw in Exim versions 4.87 to 4.91...

10CVSS9.7AI score0.99961EPSS
Exploits27
Exploit DB
Exploit DB
added 2019/08/26 12:0 a.m.340 views

openITCOCKPIT 3.6.1-2 - Cross-Site Request Forgery

Exploit Title: openITCOCKPIT 3.6.1-2 - CSRF 2 RCE Google Dork: N/A Date: 26-08-2019 Exploit Author: Julian Rittweger Vendor Homepage: https://openitcockpit.io/ Software Link: https://github.com/it-novum/openITCOCKPIT/releases/tag/openITCOCKPIT-3.6.1-2 Fixed in: 3.7.1 |...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/26 12:0 a.m.289 views

Microsoft Windows 10 - SET_REPARSE_POINT_EX Mount Point Security Feature Bypass

Windows: SETREPARSEPOINTEX Mount Point Security Feature Bypass Platform: Windows 10 1903, 1809 not tested earlier Class: Security Feature Bypass Summary: The NTFS driver supports a new FS control code to set a mount point which the existing sandbox mitigation doesn’t support allowing a sandboxed...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/23 12:0 a.m.362 views

Nimble Streamer 3.0.2-2 < 3.5.4-9 - Directory Traversal

Nimble Streamer 3.0.2-2 to 3.5.4-9 - Path Traversal Exploit Author: MAYASEVEN Source at "https://mayaseven.com/nimble-directory-traversal-in-nimble-streamer-version-3-0-2-2-to-3-5-4-9/" Published on 08/04/2019 Vendor Homepage at "https://wmspanel.com/nimble" Affected Version 3.0.2-2 to 3.5.4-9...

6.5CVSS6.7AI score0.23978EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/08/21 12:0 a.m.107 views

Nagios XI 5.6.5 - Remote Code Execution / Root Privilege Escalation

?php / A vulnerability exists in Nagios XI = 5.6.5 allowing an attacker to leverage an RCE to escalate privileges to root. The exploit requires access to the server as the 'nagios' user, or CCM access via the web interface with perissions to manage plugins. The getprofile.sh script, invoked by...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/21 12:0 a.m.147 views

Cisco UCS Director, Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data - Multiple Vulnerabilities

Multiple critical vulnerabilities in Cisco UCS Director, Cisco Integrated Management Controller Supervisor and Cisco UCS Director Express for Big Data Discovered by Pedro Ribeiro [email protected] from Agile Information Security...

10CVSS8.6AI score0.75863EPSS
Exploits14
Exploit DB
Exploit DB
added 2019/08/21 12:0 a.m.820 views

Pulse Secure 8.1R15.1/8.2/8.3/9.0 SSL VPN - Arbitrary File Disclosure (Metasploit)

Exploit Title: File disclosure in Pulse Secure SSL VPN metasploit Google Dork: inurl:/dana-na/ filetype:cgi Date: 8/20/2019 Exploit Author: 0xDezzy Justin Wagner, Alyssa Herrera Vendor Homepage: https://pulsesecure.net Version: 8.1R15.1, 8.2 before 8.2R12.1, 8.3 before 8.3R7.1, and 9.0 before...

10CVSS9.9AI score0.99999EPSS
Exploits22
Exploit DB
Exploit DB
added 2019/08/21 12:0 a.m.393 views

LibreOffice < 6.2.6 Macro - Python Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LibreOffice Macro Python Code Execution', 'Description' = %q LibreOffice comes bundled with sample macros written in Python and allows the abilit...

9.8CVSS9.2AI score0.31215EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/08/20 12:0 a.m.156 views

QEMU - Denial of Service

include include include include include include include include include include include include include include include include include define diex do \ perrorx; \ exitEXITFAILURE; \ while0; // Constans define SRCADDR "10.0.2.15" define DSTADDR "10.0.2.2" define INTERFACE "ens3" define ETHHDRLEN ...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/20 12:0 a.m.324 views

WordPress Plugin Add Mime Types 2.2.1 - Cross-Site Request Forgery

Exploit Title: CSRF vulnerabilities in WP Add Mime Types Plugin...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/19 12:0 a.m.268 views

YouPHPTube 7.2 - 'userCreate.json.php' SQL Injection

Exploit Title: YouPHPTube 7.3 SQL Injection Google Dork: / Date: 19.08.2019 Exploit Author: Fabian Mosch, r-tec IT Security GmbH Vendor Homepage: https://www.youphptube.com/ Software Link: https://github.com/YouPHPTube/YouPHPTube Version: 7.3 Tested on: Linux/Windows CVE : CVE-2019-14430 The...

5.3CVSS5.6AI score0.02984EPSS
Exploits5
Exploit DB
Exploit DB
added 2019/08/19 12:0 a.m.663 views

Fortinet FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure

Exploit Title: Fortinet FortiOS Leak file - Reading login/passwords in clear text. Google Dork: intext:"Please Login" inurl:"/remote/login" Date: 17/08/2019 Exploit Author: Carlos E. Vieira Vendor Homepage: https://www.fortinet.com/ Software Link:...

9.8CVSS9.9AI score0.99999EPSS
Exploits22
Exploit DB
Exploit DB
added 2019/08/19 12:0 a.m.162 views

RAR Password Recovery 1.80 - 'User Name and Registration Code' Denial of Service

Exploit Title: RAR Password Recovery v1.80 Denial of Service Exploit Date: 16.08.2019 Vendor Homepage:https://www.top-password.com/ Software Link: https://www.top-password.com/download/RARPRSetup.exe Exploit Author: Achilles Tested Version: v1.80 Tested on: Windows 7 x64 Windows XP SP3 1.- Run...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/19 12:0 a.m.1547 views

Webmin 1.920 - Remote Code Execution

!/bin/sh CVE-2019-15107 Webmin Unauhenticated Remote Command Execution based on Metasploit module https://www.exploit-db.com/exploits/47230 Original advisory: https://pentest.com.tr/exploits/DEFCON-Webmin-1920-Unauthenticated-Remote-Command-Execution.html Alternative advisory spanish:...

10CVSS9.8AI score0.99766EPSS
Exploits38
Exploit DB
Exploit DB
added 2019/08/19 12:0 a.m.244 views

Neo Billing 3.5 - Persistent Cross-Site Scripting

Exploit Title: Neo Billing 3.5 - Stored Cross Site Scripting Vulnerability Date: 18.8.2019. Exploit Author: n1x MS-WEB Vendor Homepage: https://codecanyon.net/item/neo-billing-accounting-invoicing-and-crm-software/20896547 Version: 3.5 CWE : CWE-79 CVE: CVE-2020-23518 Description Neo Billing os a...

5.4CVSS5.8AI score0.02001EPSS
Exploits2
Exploit DB
Exploit DB
added 2019/08/19 12:0 a.m.163 views

Kimai 2 - Persistent Cross-Site Scripting

Exploit Title: Kimai 2- persistent cross-site scripting XSS Date: 07/15/2019 Exploit Author: osamaalaa Vendor Homepage: link Software Link: https://github.com/kevinpapst/kimai2 Fixed on Github : https://github.com/kevinpapst/kimai2/pull/962 Version: 2 1-Normal user will try to add timesheet from...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/19 12:0 a.m.1368 views

Fortinet FortiOS 5.6.3 - 5.6.7 / FortiOS 6.0.0 - 6.0.4 - Credentials Disclosure (Metasploit)

Exploit Title: Fortinet FortiOS Leak file - Reading login/passwords in clear text. Google Dork: intext:"Please Login" inurl:"/remote/login" Date: 17/08/2019 Exploit Author: Carlos E. Vieira Vendor Homepage: https://www.fortinet.com/ Software Link:...

9.8CVSS9.9AI score0.99999EPSS
Exploits22
Exploit DB
Exploit DB
added 2019/08/16 12:0 a.m.181 views

EyesOfNetwork 5.1 - Authenticated Remote Command Execution

Exploit Title: EyesOfNetwork 5.1 - Authenticated Remote Command Execution Google Dork: N/A Date: 2019-08-14 Exploit Author: Nassim Asrir Vendor Homepage: https://www.eyesofnetwork.com/ Software Link: https://www.eyesofnetwork.com/?pageid=48&lang=fr Version: 5.1 "; while$read = fread$handle,100 ec...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/16 12:0 a.m.348 views

Integria IMS 5.0.86 - Arbitrary File Upload

Exploit Title: Integria IMS 5.0.86 - Arbitrary File Upload Date: 2019-08-16 Exploit Author: Greg.Priest Vendor Homepage: https://integriaims.com/ Software Link: https://sourceforge.net/projects/integria/files/5.0.86/ Version: Integria IMS 5.0.86 Tested on: Windows CVE : N/A...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/16 12:0 a.m.237 views

GetGo Download Manager 6.2.2.3300 - Denial of Service

Exploit Title : GetGo Download Manager 6.2.2.3300 - Denial of Service Date: 2019-08-15 Author - Malav Vyas Vulnerable Software: GetGo Download Manager 6.2.2.3300 Vendor Home Page: www.getgosoft.com Software Link: http://www.getgosoft.com/getgodm/ Tested On: Windows 7 64Bit, Windows 10 64Bit Attac...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/16 12:0 a.m.219 views

Joomla! component com_jsjobs 1.2.6 - Arbitrary File Deletion

Exploit Title: Joomla! component comjsjobs 1.2.6 - Arbitrary File Deletion Dork: inurl:"index.php?option=comjsjobs" Date: 2019-08-16 Exploit Author: qw3rTyTy Vendor Homepage: https://www.joomsky.com/ Software Link: https://www.joomsky.com/5/download/1 Version: 1.2.6 Tested on: Debian/nginx/joomla...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/16 12:0 a.m.116 views

Web Wiz Forums 12.01 - 'PF' SQL Injection

Exploit Title: Web Wiz Forums 12.01 - 'PF' SQL Injection Date: 2019-09-16 Exploit Author: n1x MS-WEB Vendor Homepage: https://www.webwiz.net/web-wiz-forums/forum-downloads.htm Version: 12.01 Tested on Windows Vulnerable parameter: PF memberprofile.asp GET Request GET /memberprofile.asp?PF=10'...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/15 12:0 a.m.214 views

Adobe Acrobat Reader DC for Windows - free() of Uninitialized Pointer due to Malformed JBIG2Globals Stream

We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- 4970.179c: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handling. This...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/15 12:0 a.m.315 views

Microsoft Font Subsetting - DLL Heap Corruption in ReadTableIntoStructure

-----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used in the document where the fonts are embedded. It is used by Windows G...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/15 12:0 a.m.157 views

Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed JP2 Stream

We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- 2728.1fa8: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handling. This...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/15 12:0 a.m.131 views

Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow While Processing Malformed PDF

We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- 36ec.3210: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handling. This...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/15 12:0 a.m.152 views

Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in WriteTableFromStructure

-----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used in the document where the fonts are embedded. It is used by Windows G...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/15 12:0 a.m.180 views

Microsoft Font Subsetting - DLL Heap Corruption in ReadAllocFormat12CharGlyphMapList

-----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used in the document where the fonts are embedded. It is used by Windows G...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/15 12:0 a.m.130 views

Adobe Acrobat Reader DC for Windows - Heap-Based Out-of-Bounds read due to Malformed JP2 Stream

We have observed the following access violation exception in the latest version of Adobe Acrobat Reader DC for Windows, when opening a malformed PDF file: --- cut --- 180c.327c: Access violation - code c0000005 first chance First chance exceptions are reported before any exception handling. This...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/15 12:0 a.m.139 views

Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in FixSbitSubTableFormat1

-----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used in the document where the fonts are embedded. It is used by Windows G...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2019/08/15 12:0 a.m.138 views

Microsoft Font Subsetting - DLL Heap Corruption in MakeFormat12MergedGlyphList

-----===== Background =====----- The Microsoft Font Subsetting DLL fontsub.dll is a default Windows helper library for subsetting TTF fonts; i.e. converting fonts to their more compact versions based on the specific glyphs used in the document where the fonts are embedded. It is used by Windows G...

7.4AI score
Exploits0
Total number of security vulnerabilities47904