Exploitdb Exploits

3,138 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-100057 EXPLOITDB c VERIFIED
Google Android 1.x/2.x - Local Privilege Escalation
by The Android Exploid Crew
EIP-2026-100052 EXPLOITDB c VERIFIED
Android 1.x/2.x HTC Wildfire - Local Privilege Escalation
by The Android Exploid Crew
EIP-2026-100670 EXPLOITDB c
FreeBSD 8.0 - Local Forced Reboot (Denial of Service)
by kingcope
EIP-2026-116038 EXPLOITDB c
Panda Global Protection 2010 - Local Denial of Service (unfiltered wcscpy())
by Heurs
EIP-2026-116037 EXPLOITDB c
Panda Global Protection 2010 - Local Denial of Service
by Heurs
CVE-2011-0652 EXPLOITDB c
Look 'n' Stop Firewall 2.06p4 and 2.07 - Denial of Service via Crafted IOCTL Request
lnsfw1.sys 6.0.2900.5512 in Look 'n' Stop Firewall 2.06p4 and 2.07 allows local users to cause a denial of service (crash) via a crafted 0x80000064 IOCTL request that triggers an assertion failure. NOTE: some of these details are obtained from third party information.
by Heurs
CVE-2011-1159 EXPLOITDB c VERIFIED
acpid < 2.0.9 - Denial of Service via Unread Socket Connection
acpid.c in acpid before 2.0.9 does not properly handle a situation in which a process has connected to acpid.socket but is not reading any data, which allows local users to cause a denial of service (daemon hang) via a crafted application that performs a connect system call but no read system calls.
by Vasiliy Kulikov
EIP-2026-118294 EXPLOITDB c VERIFIED
Avira AntiVir Personal - Multiple Code Execution Vulnerabilities (1)
by D.Elser
CVE-2010-2743 EXPLOITDB c VERIFIED
Microsoft Windows XP SP3 - Privilege Escalation
The kernel-mode drivers in Microsoft Windows XP SP3 do not properly perform indexing of a function-pointer table during the loading of keyboard layouts from disk, which allows local users to gain privileges via a crafted application, as demonstrated in the wild in July 2010 by the Stuxnet worm, aka "Win32k Keyboard Layout Vulnerability." NOTE: this might be a duplicate of CVE-2010-3888 or CVE-2010-3889.
by Ruben Santamarta
CVE-2011-0513 EXPLOITDB c
SecurStar DriveCrypt <= 5.4 - Local Privilege Escalation via DCR.sys IOCTL 0x00073800
DCR.sys driver in SecurStar DriveCrypt 5.4, 5.3, and earlier allows local users to execute arbitrary code via a crafted argument to the 0x00073800 IOCTL.
by mu-b
CVE-2008-5689 EXPLOITDB c
OpenSolaris snv_01-snv_76 - Denial of Service via SIOCGTUNPARAM IOCTL Request
tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request, which triggers a NULL pointer dereference.
by peri.carding
EIP-2026-102911 EXPLOITDB c
Linux Kernel < 2.6.34 (Ubuntu 10.10 x86/x64) - 'CAP_SYS_ADMIN' Local Privilege Escalation (2)
by Joe Sylve
CVE-2010-4052 EXPLOITDB c
glibc 2.11.3/2.12.x-2.12.2 DoS via Adjacent Repetition in Regex
Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
by Maksymilian Arciemowicz
CVE-2010-4051 EXPLOITDB c
glibc through 2.11.3 and 2.12.x through 2.12.2 - Denial of Service via RE_DUP_MAX Overflow in regcomp
The regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (application crash) via a regular expression containing adjacent bounded repetitions that bypass the intended RE_DUP_MAX limitation, as demonstrated by a {10,}{10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD, related to a "RE_DUP_MAX overflow."
by Maksymilian Arciemowicz
EIP-2026-119066 EXPLOITDB c VERIFIED
Quick Notes Plus 5.0 47 - Multiple DLL Loading Arbitrary Code Executions
by d3c0der
EIP-2026-103351 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.34 (Ubuntu 10.10 x86) - 'CAP_SYS_ADMIN' Local Privilege Escalation (1)
by Dan Rosenberg
EIP-2026-118224 EXPLOITDB c VERIFIED
Ace Video Workshop 1.2.0.0 - 'ir50_lcs.dll' DLL Loading Arbitrary Code Execution
by d3c0der
CVE-2010-2744 EXPLOITDB c VERIFIED
Microsoft Windows XP SP2-7 - Privilege Escalation
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly manage a window class, which allows local users to gain privileges by creating a window, then using (1) the SetWindowLongPtr function to modify the popup menu structure, or (2) the SwitchWndProc function with a switch window information pointer, which is not re-initialized when a WM_NCCREATE message is processed, aka "Win32k Window Class Vulnerability."
by Tarjei Mandt
EIP-2026-116933 EXPLOITDB c
Bywifi 2.8.1 - Local Stack Buffer Overflow
by anonymous
CVE-2011-0403 EXPLOITDB c VERIFIED
ImgBurn - Untrusted Search Path and DLL Hijacking via Trojan Horse dwmapi.dll
Untrusted search path vulnerability in ImgBurn.exe in ImgBurn 2.4.0.0, 2.5.4.0, and other versions allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a CUE file.
by d3c0der
CVE-2010-4347 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.36.2 - Privilege Escalation via ACPI Debugfs Custom Method
The ACPI subsystem in the Linux kernel before 2.6.36.2 uses 0222 permissions for the debugfs custom_method file, which allows local users to gain privileges by placing a custom ACPI method in the ACPI interpreter tables, related to the acpi_debugfs_init function in drivers/acpi/debugfs.c.
by Jon Oberheide
CVE-2011-1021 EXPLOITDB c VERIFIED
Linux Kernel < 3.0 - Arbitrary Kernel Memory Write via ACPI Debugfs Custom Method
drivers/acpi/debugfs.c in the Linux kernel before 3.0 allows local users to modify arbitrary kernel memory locations by leveraging root privileges to write to the /sys/kernel/debug/acpi/custom_method file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-4347.
by Jon Oberheide
CVE-2010-3944 EXPLOITDB c VERIFIED
Windows 7 and Windows Server 2008 - Privilege Escalation via win32k.sys Input Validation
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Corruption Vulnerability."
by Stefan LE BERRE
CVE-2010-4258 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.36.2 - Privilege Escalation via KERNEL_DS get_fs Handling
The do_exit function in kernel/exit.c in the Linux kernel before 2.6.36.2 does not properly handle a KERNEL_DS get_fs value, which allows local users to bypass intended access_ok restrictions, overwrite arbitrary kernel memory locations, and gain privileges by leveraging a (1) BUG, (2) NULL pointer dereference, or (3) page fault, as demonstrated by vectors involving the clear_child_tid feature and the splice system call.
by Dan Rosenberg
CVE-2010-4052 EXPLOITDB c VERIFIED
glibc 2.11.3/2.12.x-2.12.2 DoS via Adjacent Repetition in Regex
Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
by Maksymilian Arciemowicz
By Source
All 3,138 Writeup 62,021 Exploitdb 50,076 Nomisec 22,325 Github 3,504 Metasploit 3,295 Vulncheck_xdb 926 Inthewild 514 Gitlab 470 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,507 ruby 5,985 c 3,621 perl 2,849 html 2,072 php 1,332 bash 462 java 370 c++ 257 javascript 228 shell 127 go 72 postscript 25 typescript 25