Exploitdb Exploits
31,394 exploits tracked across all sources.
Apple iOS <9.2.1-OS X <10.11.3-tvOS <9.1.1 - Privilege Escalation/DoS
The IOHIDFamily API in Apple iOS before 9.2.1, OS X before 10.11.3, and tvOS before 9.1.1 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
by Google Security Research
CVSS 7.8
WordPress appointment-booking-calendar 1.1.24 Privilege Escalation XSS
WordPress appointment-booking-calendar 1.1.24 contains multiple privilege escalation vulnerabilities that allow unauthenticated attackers to modify calendar settings and inject persistent cross-site scripting payloads through the admin.php page parameters. Attackers can inject malicious JavaScript into the 'ict' and 'ics' options or the calendar 'name' parameter via GET requests to execute arbitrary scripts when the calendar is displayed or accessed in the administration interface.
by i0akiN SEC-LABORATORY
CVSS 7.2
WordPress Plugin Booking Calendar Contact Form 1.1.24 - addslashes SQL Injection
by i0akiN SEC-LABORATORY
BK Mobile jQuery CMS 2.4 - Multiple Vulnerabilities
by Rahul Pratap Singh
Secure Item Hub 1.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
Foxit Reader 7.2.8.1124 - '.PDF' Parsing Memory Corruption
by Francis Provencher
WordPress Plugin Booking Calendar Contact Form 1.1.23 - Shortcode SQL Injection
by i0akiN SEC-LABORATORY
Wireshark - hiqnet_display_data Static Out-of-Bounds Read
by Google Security Research
Wireshark - dissect_nhdr_extopt Stack Buffer Overflow
by Google Security Research
Wireshark - dissect_ber_constrained_bitstring Heap Out-of-Bounds Read
by Google Security Research
Wireshark - 'nettrace_3gpp_32_423_file_open' Stack Out-of-Bounds Read
by Google Security Research
Wireshark - 'iseries_check_file_type' Stack Out-of-Bounds Read
by Google Security Research
pdfium - opj_jp2_apply_pclr 'libopenjpeg' Heap Out-of-Bounds Read
by Google Security Research
pdfium - opj_j2k_read_mcc 'libopenjpeg' Heap Out-of-Bounds Read
by Google Security Research
Microsoft Windows - Local Privilege Escalation via Reparse Point Mishandling
The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which allows local users to gain privileges via a crafted application, aka "Windows Mount Point Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0007.
by Google Security Research
CVSS 7.3
Microsoft Windows - Local Privilege Escalation via Reparse Point Mishandling
The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which allows local users to gain privileges via a crafted application, aka "Windows Mount Point Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0006.
by Google Security Research
CVSS 7.8
Microsoft Windows - Local Privilege Escalation via Reparse Point Mishandling
The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which allows local users to gain privileges via a crafted application, aka "Windows Mount Point Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0006.
by Google Security Research
CVSS 7.8
WordPress Plugin Booking Calendar Contact Form 1.1.23 - SQL Injection
by i0akiN SEC-LABORATORY
NTP Package <4.2.6.p3 - Privilege Escalation via Crontab Script
The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrary files and consequently gain privileges via vectors involving statistics directory cleanup.
by halfdog
CVSS 7.8
PDF-XChange Viewer 2.5.315.0 - Shading Type 7 Heap Memory Corruption
by Sébastien Morin
SeaWell Networks Spectrum SDC <2.05.00 - Path Traversal
Directory traversal vulnerability in configure_manage.php in SeaWell Networks Spectrum SDC 02.05.00.
by Karn Ganeshen
CVSS 6.5
SeaWell Networks Spectrum SDC <2.05.00 - Info Disclosure
SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account.
by Karn Ganeshen
CVSS 9.8
By Source