Exploitdb Exploits
3,149 exploits tracked across all sources.
Cain & Abel 2.7.3 - 'dagc.dll' DLL Loading Arbitrary Code Execution
by d3c0der
Google Android 1.x/2.x - Local Privilege Escalation
by The Android Exploid Crew
Android 1.x/2.x HTC Wildfire - Local Privilege Escalation
by The Android Exploid Crew
Panda Global Protection 2010 - Local Denial of Service (unfiltered wcscpy())
by Heurs
Looknstop Look 'n' Stop Firewall - Improper Input Validation
lnsfw1.sys 6.0.2900.5512 in Look 'n' Stop Firewall 2.06p4 and 2.07 allows local users to cause a denial of service (crash) via a crafted 0x80000064 IOCTL request that triggers an assertion failure. NOTE: some of these details are obtained from third party information.
by Heurs
Tedfelix Acpid < 2.0.8 - Improper Input Validation
acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service (daemon hang) via a crafted application that performs a connect system call but no read system calls.
by Vasiliy Kulikov
Avira AntiVir Personal - Multiple Code Execution Vulnerabilities (1)
by D.Elser
Microsoft Windows XP SP3 - Privilege Escalation
The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
by Ruben Santamarta
Securstar Drivecrypt < 5.4 - Improper Input Validation
DCR.sys driver in SecurStar DriveCrypt 5.4, 5.3, and earlier allows local users to execute arbitrary code via a crafted argument to the 0x00073800 IOCTL.
by mu-b
Solaris 10/OpenSolaris - DoS
tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request, which triggers a NULL pointer dereference.
by peri.carding
Linux Kernel < 2.6.34 (Ubuntu 10.10 x86/x64) - 'CAP_SYS_ADMIN' Local Privilege Escalation (2)
by Joe Sylve
GNU Glibc - Resource Management Error
Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
by Maksymilian Arciemowicz
GNU Glibc - Denial of Service
The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
by Maksymilian Arciemowicz
Quick Notes Plus 5.0 47 - Multiple DLL Loading Arbitrary Code Executions
by d3c0der
Linux Kernel < 2.6.34 (Ubuntu 10.10 x86) - 'CAP_SYS_ADMIN' Local Privilege Escalation (1)
by Dan Rosenberg
Ace Video Workshop 1.2.0.0 - 'ir50_lcs.dll' DLL Loading Arbitrary Code Execution
by d3c0der
Microsoft Windows XP SP2-7 - Privilege Escalation
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability."
by Tarjei Mandt
ImgBurn <2.5.4.0 - RCE
Untrusted search path vulnerability in ImgBurn.exe in ImgBurn 2.4.0.0, 2.5.4.0, and other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a CUE file.
by d3c0der
Linux Kernel < 2.6.36.2 - Improper Privilege Management
The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permissions for the debugfs custom_method file, which allows local users to gain privileges by placing a custom ACPI method in the ACPI interpreter tables, related to the acpi_debugfs_init function in drivers/acpi/debugfs.c.
by Jon Oberheide
Linux Kernel < 2.6.9 - Access Control
drivers/acpi/debugfs.c in the Linux kernel before 3.0 allows local users to modify arbitrary kernel memory locations by leveraging root privileges to write to the /sys/kernel/debug/acpi/custom_method file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4347.
by Jon Oberheide
Microsoft Windows 7 - Improper Input Validation
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
by Stefan LE BERRE
By Source