Exploitdb Exploits
50,076 exploits tracked across all sources.
Joomla! <3.6.4 - Privilege Escalation
The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site.
by Xiphos Research Ltd
CVSS 9.8
SmallFTPd 1.0.3 - 'mkd' Denial of Service
by ScrR1pTK1dd13
Boonex Dolphin 7.3.2 - Authentication Bypass
by Saadi Siddiqui
Linux Kernel 2.x-4.x < 4.8.3 - Local Privilege Escalation via Dirty COW Race Condition
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
by Phil Oester
CVSS 7.0
Komfy Switch with Camera DKZ-201S/W - WiFi Password Disclosure
by Jason Doyle
Network Scanner 4.0.0 - Local Buffer Overflow (SEH)
by n30m1nd
Microsoft Windows XP/Server 2003 - Privilege Escalation
NDISTAPI.sys in the NDISTAPI driver in Remote Access Service (RAS) in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP2 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "NDISTAPI Elevation of Privilege Vulnerability."
by Tomislav Paskalev
Orange Inventel LiveBox 5.08.3-sp - Cross-Site Request Forgery
by BlackMamba
Industrial Secure Routers EDR-810 / EDR-G902 / EDR-G903 - Insecure Configuration Management
by Sniper Pex
Zenbership v107 - Cross-Site Request Forgery via Event Add Function
Zenbership v107 has CSRF via admin/cp-functions/event-add.php.
by Besim
CVSS 8.8
RealNetworks RealPlayer <18.1.5.705 - Memory Corruption
Improper handling of a repeating VRAT chunk in qcpfformat.dll allows attackers to cause a Null pointer dereference and crash in RealNetworks RealPlayer 18.1.5.705 through a crafted .QCP media file.
by Alwin Peppels
CVSS 5.5
Oracle VM VirtualBox 4.3.28 - '.ovf' Crash (PoC)
by sultan albalawi
FreePBX 13 - Remote Command Execution / Privilege Escalation
by Christopher Davis
Linux Kernel 2.x-4.x < 4.8.3 - Local Privilege Escalation via Dirty COW Race Condition
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
by Robin Verton
CVSS 7.0
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
by Hacker Fantastic
CVSS 9.8
Portable UPnP SDK <1.6.21 - Code Injection
Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.
by Jacob Baines
CVSS 7.5
Oracle NetBeans 8.1 - Directory Traversal and Arbitrary File Write via ZIP Project Import
Unspecified vulnerability in the NetBeans component in Oracle Fusion Middleware 8.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the October 2016 CPU. Oracle has not commented on third-party claims that this issue is a directory traversal vulnerability which allows local users with certain permissions to write to arbitrary files and consequently gain privileges via a .. (dot dot) in a archive entry in a ZIP file imported as a project.
by hyp3rlinx
CVSS 5.7
Oracle BI Publisher - Info Disclosure
Unspecified vulnerability in the BI Publisher (formerly XML Publisher) component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, and 12.2.1.0.0 allows remote authenticated users to affect confidentiality via unknown vectors.
by Jakub Palaczynski
CVSS 7.7
Microsoft Internet Explorer 10-11 and Edge - Elevation of Privilege via Private Namespace Access
Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3387.
by Google Security Research
CVSS 5.3
Microsoft Internet Explorer 10-11 and Edge - Elevation of Privilege via Private Namespace Access
Microsoft Internet Explorer 10 and 11 and Microsoft Edge do not properly restrict access to private namespaces, which allows remote attackers to gain privileges via unspecified vectors, aka "Microsoft Browser Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3388.
by Google Security Research
CVSS 7.5
Windows 10 Gold, 1511, and 1607 - Local Privilege Escalation via Registry API Call
The kernel in Microsoft Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability."
by Google Security Research
CVSS 5.0
By Source