Text Exploits
31,332 exploits tracked across all sources.
Nvidia Gpu Driver < 342.00 - Information Disclosure
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70000D4 which may lead to leaking of kernel memory contents to user space through an uninitialized buffer.
by Google Security Research
CVSS 5.5
Nvidia Gpu Driver < 342.00 - Access Control
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x100010b where a missing array bounds check can allow a user to write to kernel memory, leading to denial of service or potential escalation of privileges.
by Google Security Research
CVSS 7.8
Apple Mac OS X < 10.11.5 - Use After Free
Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 allows local users to gain privileges via unspecified vectors.
by Google Security Research
CVSS 7.8
Safari Webkit JIT Exploit for iOS 7.1.2
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors.
by Google Security Research
CVSS 7.8
Apple Mac OS X < 10.11.5 - Use After Free
Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 allows local users to gain privileges via unspecified vectors.
by Google Security Research
CVSS 7.8
InfraPower PPS-02-S Q213V1 - Multiple Cross-Site Scripting Vulnerabilities
by LiquidWorm
InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference
by LiquidWorm
InfraPower PPS-02-S Q213V1 - Cross-Site Request Forgery
by LiquidWorm
Joomla! <3.6.4 - RCE
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.
by Xiphos Research Ltd
CVSS 8.1
HP TouchSmart Calendar 4.1.4245 - Insecure File Permissions Privilege Escalation
by hyp3rlinx
Joomla! <3.6.4 - Privilege Escalation
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.
by Xiphos Research Ltd
CVSS 9.8
Boonex Dolphin 7.3.2 - Authentication Bypass
by Saadi Siddiqui
Orange Inventel LiveBox 5.08.3-sp - Cross-Site Request Forgery
by BlackMamba
Industrial Secure Routers EDR-810 / EDR-G902 / EDR-G903 - Insecure Configuration Management
by Sniper Pex
Castlamp Zenbership - CSRF
Zenbership v107 has CSRF via admin/cp-functions/event-add.php.
by Besim
CVSS 8.8
RealNetworks RealPlayer <18.1.5.705 - Memory Corruption
Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file.
by Alwin Peppels
CVSS 5.5
Oracle Netbeans - Path Traversal
Unspecified vulnerability in the NetBeans component in Oracle Fusion Middleware 8.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the October 2016 CPU. Oracle has not commented on third-party claims that this issue is a directory traversal vulnerability which allows local users with certain permissions to write to arbitrary files and consequently gain privileges via a .. (dot dot) in a archive entry in a ZIP file imported as a project.
by hyp3rlinx
CVSS 5.7
Oracle BI Publisher - Info Disclosure
Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality via unknown vectors.
by Jakub Palaczynski
CVSS 7.7
Microsoft Windows 10 - Improper Privilege Management
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." a different vulnerability than CVE-2016-3266, CVE-2016-7185, and CVE-2016-7211.
by Google Security Research
CVSS 7.8
Microsoft Windows 10 - Information Disclosure
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability."
by Google Security Research
CVSS 5.5
By Source