Exploitdb Exploits

31,392 exploits tracked across all sources.

Sort: Activity Stars
CVE-2016-8805 EXPLOITDB HIGH text VERIFIED
NVIDIA Windows GPU Display Driver - Privilege Escalation
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x7000014 where a value passed from an user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.
by Google Security Research
CVSS 7.8
CVE-2016-8807 EXPLOITDB HIGH text VERIFIED
NVIDIA Windows GPU Display Driver <342.00-375.63 - Buffer Overflow
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x10000e9 where a value is passed from an user to the driver is used without validation as the size input to memcpy() causing a stack buffer overflow, leading to denial of service or potential escalation of privileges.
by Google Security Research
CVSS 7.8
CVE-2016-7390 EXPLOITDB HIGH text VERIFIED
NVIDIA GPU Driver R340 < 342.00 and R375 < 375.63 - Denial of Service or Privilege Escalation via DxgDdiEscape Handler
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x7000194 where a value passed from a user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.
by Google Security Research
CVSS 7.8
CVE-2016-8811 EXPLOITDB HIGH text VERIFIED
NVIDIA Windows GPU Display Driver R340 <342.00 and R375 <375.63 - DoS
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x7000170 where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges.
by Google Security Research
CVSS 7.8
CVE-2016-8808 EXPLOITDB HIGH text VERIFIED
NVIDIA Windows GPU Display Driver and R375 <342.00-375.63 - Privilege Escalation
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70000d5 where a value passed from an user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.
by Google Security Research
CVSS 7.8
CVE-2016-8810 EXPLOITDB HIGH text VERIFIED
NVIDIA GPU Driver R340 < 342.00 & R375 < 375.63 - DoS or Privilege Escalation via Unvalidated Array Index
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x100009a where a value passed from an user to the driver is used without validation as the index to an internal array, leading to denial of service or potential escalation of privileges.
by Google Security Research
CVSS 7.8
CVE-2016-8809 EXPLOITDB HIGH text VERIFIED
NVIDIA Windows GPU Display Driver <342.00-375.63 - DoS/Privilege Es...
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70001b2 where the size of an input buffer is not validated, leading to denial of service or potential escalation of privileges.
by Google Security Research
CVSS 7.8
CVE-2016-7386 EXPLOITDB MEDIUM text VERIFIED
NVIDIA GPU Driver R340 < 342.00 and R375 < 375.63 - Kernel Memory Leak via DxgDdiEscape Handler
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x70000D4 which may lead to leaking of kernel memory contents to user space through an uninitialized buffer.
by Google Security Research
CVSS 5.5
CVE-2016-7391 EXPLOITDB HIGH text VERIFIED
NVIDIA GPU Driver R340 < 342.00 and R375 < 375.63 - Denial of Service or Privilege Escalation via DxgDdiEscape Handler
For the NVIDIA Quadro, NVS, and GeForce products, NVIDIA Windows GPU Display Driver R340 before 342.00 and R375 before 375.63 contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgDdiEscape ID 0x100010b where a missing array bounds check can allow a user to write to kernel memory, leading to denial of service or potential escalation of privileges.
by Google Security Research
CVSS 7.8
CVE-2016-4625 EXPLOITDB HIGH text VERIFIED
macOS < 10.11.6 - Use-After-Free in IOSurface
Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 allows local users to gain privileges via unspecified vectors.
by Google Security Research
CVSS 7.8
CVE-2016-4669 EXPLOITDB HIGH text VERIFIED
Safari Webkit JIT Exploit for iOS 7.1.2
An issue was discovered in certain Apple products. iOS before 10.1 is affected. macOS before 10.12.1 is affected. tvOS before 10.0.1 is affected. watchOS before 3.1 is affected. The issue involves the "Kernel" component. It allows local users to execute arbitrary code in a privileged context or cause a denial of service (MIG code mishandling and system crash) via unspecified vectors.
by Google Security Research
CVSS 7.8
CVE-2016-4625 EXPLOITDB HIGH text VERIFIED
macOS < 10.11.6 - Use-After-Free in IOSurface
Use-after-free vulnerability in IOSurface in Apple OS X before 10.11.6 allows local users to gain privileges via unspecified vectors.
by Google Security Research
CVSS 7.8
EIP-2026-107841 EXPLOITDB text
InfraPower PPS-02-S Q213V1 - Multiple Cross-Site Scripting Vulnerabilities
by LiquidWorm
EIP-2026-107840 EXPLOITDB text
InfraPower PPS-02-S Q213V1 - Local File Disclosure
by LiquidWorm
EIP-2026-107839 EXPLOITDB text
InfraPower PPS-02-S Q213V1 - Insecure Direct Object Reference
by LiquidWorm
EIP-2026-107838 EXPLOITDB text
InfraPower PPS-02-S Q213V1 - Cross-Site Request Forgery
by LiquidWorm
EIP-2026-107837 EXPLOITDB text
InfraPower PPS-02-S Q213V1 - Authentication Bypass
by LiquidWorm
EIP-2026-101804 EXPLOITDB text
InfraPower PPS-02-S Q213V1 - Remote Command Execution
by LiquidWorm
EIP-2026-101319 EXPLOITDB text
InfraPower PPS-02-S Q213V1 - Hard-Coded Credentials
by LiquidWorm
CVE-2016-8870 EXPLOITDB HIGH text
Joomla! < 3.6.3 - Unauthenticated User Account Creation via UsersModelRegistration
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4, when registration has been disabled, allows remote attackers to create user accounts by leveraging failure to check the Allow User Registration configuration setting.
by Xiphos Research Ltd
CVSS 8.1
EIP-2026-117283 EXPLOITDB text
HP TouchSmart Calendar 4.1.4245 - Insecure File Permissions Privilege Escalation
by hyp3rlinx
CVE-2016-8869 EXPLOITDB CRITICAL text
Joomla! <3.6.4 - Privilege Escalation
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.
by Xiphos Research Ltd
CVSS 9.8
EIP-2026-105597 EXPLOITDB text VERIFIED
Boonex Dolphin 7.3.2 - Authentication Bypass
by Saadi Siddiqui
EIP-2026-101908 EXPLOITDB text
Orange Inventel LiveBox 5.08.3-sp - Cross-Site Request Forgery
by BlackMamba
EIP-2026-101803 EXPLOITDB text
Industrial Secure Routers EDR-810 / EDR-G902 / EDR-G903 - Insecure Configuration Management
by Sniper Pex