Exploitdb Exploits
462 exploits tracked across all sources.
Apport <2.17.1 - Privilege Escalation
The crash reporting feature in Apport 2.13 through 2.17.x before 2.17.1 allows local users to gain privileges via a crafted usr/share/apport/apport file in a namespace (container).
by Ricardo F. Teixeira
D-Link DSL-2640B ADSL Router - 'ddnsmngr' Remote DNS Change
by Todor Donev
Shuttle Tech ADSL Modem/Router 915 WM - Remote DNS Change
by Todor Donev
RedStar 3.0 Desktop - Enable sudo Privilege Escalation
by prdelka & sfan55
Liferay Portal 7.0.0 M1/7.0.0 M2/7.0.0 M3 - Remote Code Execution
by drone
Cacti superlinks plugin 1.4-2 - SQL Injection via id Parameter
SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Wireghoul
IBM Tivoli Monitoring <6.3.0 - Privilege Escalation
Monitoring Agent for UNIX Logs 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP09, and 6.2.3 through FP04 and Monitoring Server (ms) and Shared Libraries (ax) 6.2.0 through FP03, 6.2.1 through FP04, 6.2.2 through FP08, 6.2.3 through FP01, and 6.3.0 through FP01 in IBM Tivoli Monitoring (ITM) on UNIX allow local users to gain privileges via unspecified vectors.
by Robert Jaroszuk
D-Link DSL-2760U-E1 - Stored Cross-Site Scripting via Hostname in dhcpinfo.html
Cross-site scripting (XSS) vulnerability in dhcpinfo.html in D-link DSL-2760U-E1 allows remote attackers to inject arbitrary web script or HTML via a hostname.
by Yuval tisf Nativ
BlackBerry QNX Neutrino RTOS <6.5.x - Privilege Escalation
/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument.
by cenobyte
GitLab < 6.5.0 - Cross-Site Scripting via HTML File Upload
Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versions before 6.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML file, as demonstrated by README.html.
by hellok
Cisco Unified Communications Manager - Information Disclosure via TFTP RRQ Operation
The TFTP service in Cisco Unified Communications Manager (aka CUCM or Unified CM) allows remote attackers to obtain sensitive information from a phone via an RRQ operation, as demonstrated by discovering a cleartext UseUserCredential field in an SPDefault.cnf.xml file. NOTE: the vendor reportedly disputes the significance of this report, stating that this is an expected default behavior, and that the product's documentation describes use of the TFTP Encrypted Config option in addressing this issue
by daniel svartman
CVSS 7.3
D-Link DIR-Series Routers - '/model/__show_info.php' Local File Disclosure
by tytusromekiatomek
IBM AIX 6.1/7.1 & VIOS 2.2.2.2-FP-26 SP-02 - Privilege Escalation
Multiple unspecified vulnerabilities in the InfiniBand subsystem in IBM AIX 6.1 and 7.1, and VIOS 2.2.2.2-FP-26 SP-02, allow local users to gain privileges via vectors involving (1) arp.ib or (2) ibstat.
by Kristian Erik Hermansen
Android 1.6-4.2 - Unauthenticated Arbitrary Code Execution via APK Signature Bypass
Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic signatures for applications, which allows attackers to execute arbitrary code via an application package file (APK) that is modified in a way that does not violate the cryptographic signature, probably involving multiple entries in a Zip file with the same name in which one entry is validated but the other entry is installed, aka Android security bug 8219321 and the "Master Key" vulnerability.
by Bluebox Security
Kloxo <6.1.12 - Privilege Escalation
Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attackers with Apache-level access to escalate privileges to root without authentication.
by HTP
Konftel 300IP SIP-based Conference Phone 2.1.2 - Remote Bypass Reboot
by Todor Donev
Linux Kernel <= 3.7.9 - Sensitive Keystroke Timing Exposure via inotify on /dev/ptmx
The Linux kernel through 3.7.9 allows local users to obtain sensitive information about keystroke timing by using the inotify API on the /dev/ptmx device.
by vladz
lighttpd < 1.4.32 - Denial of Service via Empty Token in Connection Header
The http_request_split_value function in request.c in lighttpd before 1.4.32 allows remote attackers to cause a denial of service (infinite loop) via a request with a header containing an empty token, as demonstrated using the "Connection: TE,,Keep-Alive" header.
by t4c
Apple Mac OS X < 5.7.1 - Resource Management Error
Net-SNMP 5.7.1 and earlier, when AgentX is registering to handle a MIB and processing GETNEXT requests, allows remote attackers to cause a denial of service (crash or infinite loop, CPU consumption, and hang) by causing the AgentX subagent to timeout.
by Ken Farnen
Viscosity 1.4.1 - Privilege Escalation via ViscosityHelper Path Validation Issue
A Privilege Escalation vulnerability exists in Viscosity 1.4.1 on Mac OS X due to a path name validation issue in the setuid-set ViscosityHelper binary, which could let a remote malicious user execute arbitrary code
by zx2c4
CVSS 9.8
Tunnelblick < 3.3beta20 - Privilege Escalation via argv[0] Pathname Manipulation
Tunnelblick 3.3beta20 and earlier relies on argv[0] to determine the name of an appropriate (1) kernel module pathname or (2) executable file pathname, which allows local users to gain privileges via an execl system call.
by zx2c4
Linux Kernel < 3.0.0 - Missing Authorization in OverlayFS
OverlayFS in the Linux kernel before 3.0.0-16.28, as used in Ubuntu 10.0.4 LTS and 11.10, is missing inode security checks which could allow attackers to bypass security restrictions and perform unauthorized actions.
by Gary Poster
CVSS 7.8
acpid2 < 2.0.16 - Privilege Escalation via pidof Mismanagement
samples/powerbtn/powerbtn.sh in acpid (aka acpid2) 2.0.16 and earlier uses the pidof program incorrectly, which allows local users to gain privileges by running a program with the name kded4 and a DBUS_SESSION_BUS_ADDRESS environment variable containing commands.
by otr
By Source