Exploitdb Exploits
3,149 exploits tracked across all sources.
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
by x90c
Linux Kernel < 3.7.5 - Access Control
The msr_open function in arch/x86/kernel/msr.c in the Linux kernel before 3.7.6 allows local users to bypass intended capability restrictions by executing a crafted application as root, as demonstrated by msr32.c.
by spender
Symantec Workspace Virtualization <6.4.1953.0 - Privilege Escalation
Symantec Workspace Virtualization before 6.x before 6.4.1953.0, when a virtual application layer is configured, allows local users to gain privileges via an application that performs crafted interaction with the operating system.
by MJ0011
Cisco WebEx One-Click Client Password Encryption - Information Disclosure
by Brad Antoniewicz
FreeBSD 9 Address Space Manipulation Privilege Escalation
The vm_map_lookup function in sys/vm/vm_map.c in the mmap implementation in the kernel in FreeBSD 9.0 through 9.1-RELEASE-p4 does not properly determine whether a task should have write access to a memory location, which allows local users to bypass filesystem write permissions and consequently gain privileges via a crafted application that leverages read permissions, and makes mmap and ptrace system calls.
by Hunger
Linux Kernel < 3.0.75 - Numeric Error
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
by Andrea Bittau
CVSS 8.4
Linux Kernel 3.0.5 - 'test_root()' Local Denial of Service
by Jonathan Salwan
Microsoft Windows 7 - Path Traversal
The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
by Tavis Ormandy
Rrdtool - Format String Vulnerability
Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function.
by Thomas Pollet
Linux Kernel < 3.8.8 - Access Control
kernel/user_namespace.c in the Linux kernel before 3.8.9 does not have appropriate capability requirements for the uid_map and gid_map files, which allows local users to gain privileges by opening a file within an unprivileged process and then modifying the file within a privileged process.
by Andrew Lutomirski
Linux Kernel < 3.0.75 - Numeric Error
The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call.
by sd
CVSS 8.4
Sudo <1.8.4 - RCE
Format string vulnerability in the sudo_debug function in Sudo 1.8.0 through 1.8.3p1 allows local users to execute arbitrary code via format string sequences in the program name for sudo.
by aeon
Linux Kernel < 3.4.34 - Improper Input Validation
Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message.
by Kacper Szczesniak
Linux Kernel 3.0 < 3.3.5 - 'CLONE_NEWUSER|CLONE_FS' Local Privilege Escalation
by Sebastian Krahmer
Linux Kernel < 3.8.4 - Improper Input Validation
The sctp_getsockopt_assoc_stats function in net/sctp/socket.c in the Linux kernel before 3.8.4 does not validate a size value before proceeding to a copy_from_user operation, which allows local users to gain privileges via a crafted application that contains an SCTP_GET_ASSOC_STATS getsockopt system call.
by Petr Matousek
Vmware Workstation - Improper Input Validation
The Virtual Machine Communication Interface (VMCI) implementation in vmci.sys in VMware Workstation 8.x before 8.0.5 and 9.x before 9.0.1 on Windows, VMware Fusion 4.1 before 4.1.4 and 5.0 before 5.0.2, VMware View 4.x before 4.6.2 and 5.x before 5.1.2 on Windows, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1 does not properly restrict memory allocation by control code, which allows local users to gain privileges via unspecified vectors.
by Artem Shishkin
rpi-update - Insecure Temporary File Handling / Security Bypass
by Technion
Linux Kernel < 3.4.34 - Improper Input Validation
Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message.
by sd
Linux Kernel < 3.4.34 - Improper Input Validation
Array index error in the __sock_diag_rcv_msg function in net/core/sock_diag.c in the Linux kernel before 3.7.10 allows local users to gain privileges via a large family value in a Netlink message.
by SynQ
Nvidia Display Driver Service (Nsvr) - Local Buffer Overflow
by Jon Bailey
Broadcom WIDCOMM Bluetooth - 'btkrnl.sys' Driver Privilege Escalation
by Nikita Tarakanov
By Source