Exploitdb Exploits
459 exploits tracked across all sources.
Opencart 3.0.3.2 - 'extension/feed/google_base' Denial of Service (PoC)
by Todor Donev
Netgear DGN2200 / DGND3700 - Admin Password Disclosure
by Social Engineering Neo
Intelbras IWR 3000N <1.5.0 - DoS
An issue was discovered on Intelbras IWR 3000N 1.5.0 devices. A malformed login request allows remote attackers to cause a denial of service (reboot), as demonstrated by JSON misparsing of the \""} string to v1/system/login.
by Social Engineering Neo
CVSS 7.5
Asus Hg100 Firmware < 1.05.12 - Denial of Service
The web api server on Port 8080 of ASUS HG100 firmware up to 1.05.12, which is vulnerable to Slowloris HTTP Denial of Service: an attacker can cause a Denial of Service (DoS) by sending headers very slowly to keep HTTP or HTTPS connections and associated resources alive for a long period of time. CVSS 3.0 Base score 7.4 (Availability impacts). CVSS vector: (CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H).
by YinT Wang
CVSS 7.5
Asus Hg100 Firmware - Denial of Service
ASUS HG100 devices allow denial of service via an IPv4 packet flood.
by YinT Wang
CVSS 7.5
Paessler Prtg Network Monitor < 18.2.39 - OS Command Injection
An issue was discovered in PRTG Network Monitor before 18.2.39. An attacker who has access to the PRTG System Administrator web console with administrative privileges can exploit an OS command injection vulnerability (both on the server and on devices) by sending malformed parameters in sensor or notification management scenarios.
by M4LV0
CVSS 7.2
AirDroid <4.2.1.6 - DoS
The AirDroid application through 4.2.1.6 for Android allows remote attackers to cause a denial of service (service crash) via many simultaneous sdctl/comm/lite_auth/ requests.
by s4vitar
CVSS 7.5
Sricam IP CCTV - DoS
Sricam IP CCTV cameras are vulnerable to denial of service via multiple incomplete HTTP requests because the web server (based on gSOAP 2.8.x) is configured for an iterative queueing approach (aka non-threaded operation) with a timeout of several seconds.
by Andrew Watson
CVSS 7.5
xorg-x11-server <1.20.3 - Privilege Escalation
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
by Marco Ivaldi
CVSS 6.6
Serv-U FTP Server prepareinstallation Privilege Escalation
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.
by bcoles
CVSS 8.8
S-nail < 14.8.5 - Race Condition
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument.
by bcoles
CVSS 7.0
Linux Nested User Namespace idmap Limit Local Privilege Escalation
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.
by bcoles
CVSS 7.0
Linux Nested User Namespace idmap Limit Local Privilege Escalation
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.
by bcoles
CVSS 7.0
VMware Workstation Pro/Player - Privilege Escalation
VMware Workstation Pro/Player contains an insecure library loading vulnerability via ALSA sound driver configuration files. Successful exploitation of this issue may allow unprivileged host users to escalate their privileges to root in a Linux host machine.
by bcoles
CVSS 7.8
Deepin Linux 15 - 'lastore-daemon' Local Privilege Escalation
by bcoles
xorg-x11-server <1.20.3 - Privilege Escalation
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
by Marco Ivaldi
CVSS 6.6
Linux Nested User Namespace idmap Limit Local Privilege Escalation
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.
by bcoles
CVSS 7.0
Linux Nested User Namespace idmap Limit Local Privilege Escalation
In the Linux kernel 4.15.x through 4.19.x before 4.19.2, map_write() in kernel/user_namespace.c allows privilege escalation because it mishandles nested user namespaces with more than 5 UID or GID ranges. A user who has CAP_SYS_ADMIN in an affected user namespace can bypass access controls on resources outside the namespace, as demonstrated by reading /etc/shadow. This occurs because an ID transformation takes place properly for the namespaced-to-kernel direction but not for the kernel-to-namespaced direction.
by bcoles
CVSS 7.0
Imagemagick < 6.9.10-9 - Information Disclosure
ReadXBMImage in coders/xbm.c in ImageMagick before 7.0.8-9 leaves data uninitialized when processing an XBM file that has a negative pixel value. If the affected code is used as a library loaded into a process that includes sensitive information, that information sometimes can be leaked via the image data.
by ttffdd
CVSS 6.5
xorg-x11-server <1.20.3 - Privilege Escalation
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
by Marco Ivaldi
CVSS 6.6
net-snmp 5.7.3 - (Unauthenticated) Denial of Service (PoC)
by Magnus Klaaborg Stubman
Pango <1.42.3 - DoS
libpango in Pango 1.40.8 through 1.42.3, as used in hexchat and other products, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted text with invalid Unicode sequences.
by Jeffery M
CVSS 6.5
PostgreSQL - Privilege Escalation
A race condition in the postgresql init script could be used by attackers able to access the postgresql account to escalate their privileges to root.
by Johannes Segitz
CVSS 7.3
By Source