Exploitdb Exploits
31,337 exploits tracked across all sources.
VBox Communications Satellite Express Protocol <2.3.17.3 - Privileg...
The ndvbs module in VBox Communications Satellite Express Protocol 2.3.17.3 allows local users to write to arbitrary physical memory locations and gain privileges via a 0x00000ffd ioctl call.
by KoreLogic
Microsoft Excel - Memory Corruption
Microsoft Excel 2007 SP3, Excel 2010 SP2, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
by Google Security Research
Microsoft Excel - Memory Corruption
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
by Google Security Research
Microsoft Live Meeting Console - Memory Corruption
Buffer overflow in the Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2, Office 2007 SP3, Office 2010 SP2, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "Graphics Component Buffer Overflow Vulnerability."
by Google Security Research
Microsoft Excel - Memory Corruption
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel for Mac 2011 and 2016, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
by Google Security Research
Teiko Farol - SQL Injection
SQL injection vulnerability in the web application in Farol allows remote attackers to execute arbitrary SQL commands via the email parameter to tkmonitor/estrutura/login/Login.actions.php.
by Thierry Fernandes Faria
Total Commander 8.52 - Overwrite Buffer Overflow (SEH)
by Un_N0n
Microsoft Windows 10 - Access Control
Task Scheduler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to bypass intended filesystem restrictions and delete arbitrary files via unspecified vectors, aka "Windows Task File Deletion Elevation of Privilege Vulnerability."
by Google Security Research
Microsoft Windows 10 - Access Control
The Adobe Type Manager Library in Microsoft Windows 10 allows local users to gain privileges via a crafted application, aka "Font Driver Elevation of Privilege Vulnerability."
by Google Security Research
Microsoft Windows 10 - Access Control
The process-initialization implementation in win32k.sys in the kernel-mode drivers in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 does not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
by Google Security Research
Microsoft Windows 10 - Access Control
Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Task Management Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2524.
by Google Security Research
Microsoft Windows 10 - Access Control
Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 do not properly constrain impersonation levels, which allows local users to gain privileges via a crafted application, aka "Windows Task Management Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-2528.
by Google Security Research
CP Reservation Calender < 1.1.6 - SQL Injection
Multiple SQL injection vulnerabilities in dex_reservations.php in the CP Reservation Calendar plugin before 1.1.7 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a dex_reservations_calendar_load2 action or (2) dex_item parameter in a dex_reservations_check_posted_data action in a request to the default URI.
by i0akiN SEC-LABORATORY
Silver Peak VXOA < 6.2.11 - Multiple Vulnerabilities
by Security-Assessment.com
Ignite Realtime Openfire 3.10.2 - Privilege Escalation
Ignite Realtime Openfire 3.10.2 allows remote authenticated users to gain administrator access via the isadmin parameter to user-edit-form.jsp.
by hyp3rlinx
Igniterealtime Openfire - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to inject arbitrary web script or HTML via the (1) groupchatName parameter to plugins/clientcontrol/create-bookmark.jsp; the (2) urlName parameter to plugins/clientcontrol/create-bookmark.jsp; the (3) hostname parameter to server-session-details.jsp; or the (4) search parameter to group-summary.jsp.
by hyp3rlinx
Igniterealtime Openfire - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Ignite Realtime Openfire 3.10.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change a password via a crafted request to user-password.jsp, (2) add users via a crafted request to user-create.jsp, (3) edit server settings or (4) disable SSL on the server via a crafted request to server-props.jsp, or (5) add clients via a crafted request to plugins/clientcontrol/permitted-clients.jsp.
by hyp3rlinx
TP-Link NC200/NC220 Cloud Camera 300Mbps Wi-Fi - Hard-Coded Credentials
by LiquidWorm
WordPress Plugin EZ SQL Reports < 4.11.37 - Multiple Vulnerabilities
by Felipe Molina
ManageEngine OpManager 11.5 - Multiple Vulnerabilities
by xistence
By Source