Exploitdb Exploits
50,091 exploits tracked across all sources.
Windows - Elevation of Privilege via Improper Authentication Handling
An elevation of privilege vulnerability exists when Windows improperly handles authentication requests, aka "Microsoft Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 7.8
Windows Data Sharing Service - Privilege Escalation
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0572, CVE-2019-0573.
by Google Security Research
CVSS 7.8
Windows Data Sharing Service - Privilege Escalation
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0573, CVE-2019-0574.
by Google Security Research
CVSS 7.8
Windows Data Sharing Service - Privilege Escalation
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0571, CVE-2019-0572, CVE-2019-0574.
by Google Security Research
CVSS 7.8
Windows Data Sharing Service - Privilege Escalation
An elevation of privilege vulnerability exists when the Windows Data Sharing Service improperly handles file operations, aka "Windows Data Sharing Service Elevation of Privilege Vulnerability." This affects Windows Server 2016, Windows 10, Windows Server 2019, Windows 10 Servers. This CVE ID is unique from CVE-2019-0572, CVE-2019-0573, CVE-2019-0574.
by Google Security Research
CVSS 7.8
Windows COM Desktop Broker - Privilege Escalation
An elevation of privilege exists in Windows COM Desktop Broker, aka "Windows COM Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 8.8
Microsoft Edge - Privilege Escalation
An elevation of privilege vulnerability exists in Microsoft Edge Browser Broker COM object, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge.
by Google Security Research
CVSS 8.8
Dokan <1.2.0.1000 - Buffer Overflow
Dokan, versions between 1.0.0.5000 and 1.2.0.1000, are vulnerable to a stack-based buffer overflow in the dokan1.sys driver. An attacker can create a device handle to the system driver and send arbitrary input that will trigger the vulnerability. This vulnerability was introduced in the 1.0.0.5000 version update.
by Parvez Anwar
CVSS 7.8
xorg-x11-server <1.20.3 - Privilege Escalation
A flaw was found in xorg-x11-server before 1.20.3. An incorrect permission check for -modulepath and -logfile options when starting Xorg. X server allows unprivileged users with the ability to log in to the system via physical console to escalate their privileges and run arbitrary code under root privileges.
by Marco Ivaldi
CVSS 6.6
Real Estate Custom Script 2.0 - SQL Injection
by Ihsan Sencan
Live Call Support Widget 1.5 - Remote Code Execution / SQL Injection
by Ihsan Sencan
HuCart 5.7.4 - Cross-Site Request Forgery via Admin Account Addition
An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=edit_info&act_type=add.
by AllenChen
CVSS 8.8
Horde Imp - 'imap_open' Remote Command Execution
by Paolo Serracino_ Pietro Minniti_ Damiano Proietti
Find a Place CMS Directory 1.5 - SQL Injection
by Ihsan Sencan
Craigs Classified Ads CMS Theme 1.0.2 - SQL Injection
by Ihsan Sencan
Bigcart - Ecommerce Multivendor System 1.0 - SQL Injection
by Ihsan Sencan
Lenovo R2105 - Cross-Site Request Forgery (Command Execution)
by Nathu Nandwani
AudioCodes IP phone 420HD <2.2.12.126 - RCE
AudioCodes IP phone 420HD devices using firmware version 2.2.12.126 allow Remote Code Execution.
by Sysdream
CVSS 8.8
Serv-U FTP Server prepareinstallation Privilege Escalation
A privilege escalation vulnerability exists in SolarWinds Serv-U before 15.1.7 for Linux.
by bcoles
CVSS 8.8
s-nail < 14.8.5 - Path Traversal via randstr Argument
Directory traversal vulnerability in the setuid root helper binary in S-nail (later S-mailx) before 14.8.16 allows local users to write to arbitrary files and consequently gain root privileges via a .. (dot dot) in the randstr argument.
by bcoles
CVSS 7.0
By Source