Exploitdb Exploits
3,149 exploits tracked across all sources.
Malwarebytes Anti-exploit < 1.04.1.1012 - Improper Input Validation
mbae.sys in Malwarebytes Anti-Exploit before 1.05.1.2014 allows local users to cause a denial of service (crash) via a crafted size in an unspecified IOCTL call, which triggers an out-of-bounds read. NOTE: some of these details are obtained from third party information.
by Parvez Anwar
Apple iOS <8.1.3, OS X <10.10.2, TV <7.0.3 - RCE
libnetcore in Apple iOS before 8.1.3, Apple OS X before 10.10.2, and Apple TV before 7.0.3 does not verify that certain values have the expected data type, which allows attackers to execute arbitrary code in an _networkd context via a crafted XPC message from a sandboxed app, as demonstrated by lack of verification of the XPC dictionary data type.
by Google Security Research
Apple Mac OSX 10.9.5 - IOKit IntelAccelerator Null Pointer Dereference
by Google Security Research
Apple Mac OSX 10.10 - IOKit IntelAccelerator Null Pointer Dereference
by Google Security Research
Apple Mac OSX 10.10 - BlueTooth TransferACLPacketToHW Crash (PoC)
by rpaleari & joystick
Apple Mac OSX 10.10 - BlueTooth DispatchHCIWriteStoredLinkKey Crash (PoC)
by rpaleari & joystick
Apple Mac OSX 10.10 - BlueTooth DispatchHCICreateConnection Crash (PoC)
by rpaleari & joystick
Apple Mac OSX 10.10 - BlueTooth BlueToothHCIChangeLocalName Crash (PoC)
by rpaleari & joystick
Apple OS X <10.10.2 - RCE
The xpc_data_get_bytes function in libxpc in Apple OS X before 10.10.2 does not verify that a dictionary's Attributes key has the xpc_data data type, which allows attackers to execute arbitrary code by providing a crafted dictionary to sysmond, related to an "XPC type confusion" issue.
by Google Security Research
Linux kernel 3.x - Memory Corruption
drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application.
by retme
Linux Kernel <=3.14.5 - Privilege Escalation
The futex_requeue function in kernel/futex.c in the Linux kernel through 3.14.5 does not ensure that calls have two different futex addresses, which allows local users to gain privileges via a crafted FUTEX_REQUEUE command that facilitates unsafe waiter modification.
by Kaiqu Chen
CVSS 7.8
Apple Mac OSX (Mavericks) - 'IOBluetoothHCIUserClient' Privilege Escalation
by rpaleari & joystick
OpenBSD 5.5 - Local Kernel Panic (Denial of Service)
by nitr0us
Aircrack-ng < 1.1 - Out-of-Bounds Write
Stack-based buffer overflow in the tcp_test function in aireplay-ng.c in Aircrack-ng before 1.2 RC 1 allows remote attackers to execute arbitrary code via a crafted length parameter value.
by Nick Sampanis
CVSS 9.8
Linux Kernel < 3.16.1 - Improper Privilege Management
fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows local users to gain privileges, interfere with backups and auditing on systems that had atime enabled, or cause a denial of service (excessive filesystem updating) on systems that had atime disabled via a "mount -o remount" command within a user namespace.
by Andy Lutomirski
Aztech ADSL - Info Disclosure
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file.
by Eric Fajardo
CVSS 9.8
GNU Glibc < 2.20 - Numeric Error
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
by taviso & scarybeasts
Linux kernel <3.15.4 - Privilege Escalation
The Linux kernel before 3.15.4 on Intel processors does not properly restrict use of a non-canonical value for the saved RIP address in the case of a system call that does not use IRET, which allows local users to leverage a race condition and gain privileges, or cause a denial of service (double fault), via a crafted application that makes ptrace and fork system calls.
by Vitaly Nikolenko
Linux kernel <3.14.8 - Privilege Escalation
The capabilities implementation in the Linux kernel before 3.14.8 does not properly consider that namespaces are inapplicable to inodes, which allows local users to bypass intended chmod restrictions by first creating a user namespace, as demonstrated by setting the setgid bit on a file with group ownership of root.
by Vitaly Nikolenko
Freedesktop Dbus-glib < 0.100 - Improper Input Validation
The dbus_g_proxy_manager_filter function in dbus-gproxy in Dbus-glib before 0.100.1 does not properly verify the sender of NameOwnerChanged signals, which allows local users to gain privileges via a spoofed signal.
by Sebastian Krahmer
Linux Kernel < 3.0.75 - Numeric Error
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
by Vitaly Nikolenko
CVSS 8.4
Linux kernel <3.14.6 - Info Disclosure
The media_device_enum_entities function in drivers/media/media-device.c in the Linux kernel before 3.14.6 does not initialize a certain data structure, which allows local users to obtain sensitive information from kernel memory by leveraging /dev/media0 read access for a MEDIA_IOC_ENUM_ENTITIES ioctl call.
by Salva Peiro
By Source