Exploitdb Exploits
50,095 exploits tracked across all sources.
Linux kernel through 4.14.3 - Use-After-Free in DCCP Disconnect Handler
The dccp_disconnect function in net/dccp/proto.c in the Linux kernel through 4.14.3 allows local users to gain privileges or cause a denial of service (use-after-free) via an AF_UNSPEC connect system call during the DCCP_LISTEN state.
by Mohamed Ghannam
CVSS 7.8
Sera 1.2 - Insufficiently Protected Credentials via Plain Text Password Storage
Sera 1.2 stores the user's login password in plain text in their home directory. This makes privilege escalation trivial and also exposes the user and system keychains to local attacks.
by Mark Wadham
CVSS 7.8
Proxifier for Mac <2.19.2 - Privilege Escalation
Proxifier for Mac before 2.19.2, when first run, allows local users to gain privileges by replacing the KLoader binary with a Trojan horse program.
by Mark Wadham
CVSS 7.8
HashiCorp Vagrant VMware Fusion <5.0.3 - Privilege Escalation
If HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.3 is installed but VMware Fusion is not, a local attacker can create a fake application directory and exploit the suid sudo helper in order to escalate to root.
by Mark Wadham
CVSS 7.8
HashiCorp Vagrant VMware Fusion Plugin 5.0.1 - Local Privilege Escalation via Update Process Race Condition
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.1, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.
by Mark Wadham
CVSS 7.8
HashiCorp Vagrant VMware Fusion 5.0.0 - Local Privilege Escalation via Plugin Update Race Condition
In HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 5.0.0, a local attacker or malware can silently subvert the plugin update process in order to escalate to root privileges.
by Mark Wadham
CVSS 7.0
HashiCorp Vagrant VMware Fusion < 4.0.24 - Unauthenticated Privilege Escalation via SUID Wrapper Binary
An insecure suid wrapper binary in the HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) 4.0.24 and earlier allows a non-root user to obtain a root shell.
by Mark Wadham
CVSS 7.8
HashiCorp Vagrant VMware Fusion <4.0.24 - Privilege Escalation
HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo helper scripts, allows local users to execute arbitrary code with root privileges by overwriting one of the scripts.
by Mark Wadham
CVSS 8.8
Arq 5.0.0.65-5.9.9 - Local Privilege Escalation via Helper App Data Packet
The (1) arq_updater, (2) arqcommitter, (3) standardrestorer, (4) arqglacierrestorer, and (5) arqs3glacierrestorer helper apps in Arq 5.x before 5.10 for Mac allow local users to gain root privileges via a crafted data packet.
by Mark Wadham
CVSS 7.8
Arq < 5.9.7 - Local Privilege Escalation via Symlink Attack on Updater Binary
The setpermissions function in the auto-updater in Arq before 5.9.7 for Mac allows local users to gain root privileges via a symlink attack on the updater binary itself.
by Mark Wadham
CVSS 7.4
EIP-2026-103369
EXPLOITDB
Apple macOS 10.13.1 (High Sierra) - Insecure Cron System Local Privilege Escalation
by Mark Wadham
EIP-2026-101658
EXPLOITDB
Dasan Networks GPON ONT WiFi Router H640X 12.02-01121 / 2.77p1-1124 / 3.03p2-1146 - Remote Code Execution
by SecuriTeam
Perspective ICM Investigation & Case 5.1.1.16 - Authenticated Privilege Escalation
Perspective ICM Investigation & Case 5.1.1.16 allows remote authenticated users to modify access level permissions and consequently gain privileges by leveraging insufficient validation methods and missing cross server side checking mechanisms.
by Konstantinos Alexiou
CVSS 8.8
Techno Portfolio Management Panel 1.0 - SQL Injection
Techno Portfolio Management Panel 1.0 allows an attacker to inject SQL commands via a single.php?id= request.
by Ihsan Sencan
CVSS 9.8
Posty Readymade Classifieds Script 1.0 - SQL Injection
Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request.
by Ihsan Sencan
CVSS 9.8
EIP-2026-119559
EXPLOITDB
TeamViewer 11 < 13 (Windows 10 x86) - Inline Hooking / Direct Memory Modification Permission Change
by gellin
Ruby < 2.4.3 - OS Command Injection via Net::FTP Localfile Pipe Character
Ruby before 2.4.3 allows Net::FTP command injection. Net::FTP#get, getbinaryfile, gettextfile, put, putbinaryfile, and puttextfile use Kernel#open to open a local file. If the localfile argument starts with the "|" pipe character, the command following the pipe character is executed. The default value of localfile is File.basename(remotefile), so malicious FTP servers could cause arbitrary command execution.
by Etienne Stalmans
CVSS 8.8
Socusoft Co Photo 2 Video Converter 8.0.0 - Buffer Overflow
Socusoft Co Photo 2 Video Converter 8.0.0 is affected by: Buffer Overflow - Local shell-code execution and Denial of Service. The impact is: Local privilege escalation (dependant upon conditions), shell code execution and denial-of-service. The component is: pdmlog.dll library. The attack vector is: The attacker must have access to local system (either directly, or remotley).
by ret2eax
CVSS 7.8
Abyss Web Server < 2.11.6 - Heap Memory Corruption
by hyp3rlinx
By Source