Exploitdb Exploits
50,076 exploits tracked across all sources.
Windows Kernel-Mode Drivers - Privilege Escalation via Crafted Application
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." a different vulnerability than CVE-2016-3266, CVE-2016-7185, and CVE-2016-7211.
by Google Security Research
CVSS 7.8
Microsoft Windows - Unauthorized Registry Information Disclosure via Kernel API
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability."
by Google Security Research
CVSS 5.5
Microsoft Windows Vista - Remote Code Execution via Crafted True Type Font
The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows attackers to execute arbitrary code via a crafted True Type font, aka "True Type Font Parsing Elevation of Privilege Vulnerability."
by Google Security Research
CVSS 9.8
Microsoft Windows and Office - ASLR Bypass via TrueType Font Parsing
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "True Type Font Parsing Information Disclosure Vulnerability."
by Google Security Research
CVSS 5.5
Microsoft Edge - Remote Code Execution via Chakra JavaScript Engine Memory Corruption
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3389, CVE-2016-7190, and CVE-2016-7194.
by Google Security Research
CVSS 7.5
Microsoft Edge - Remote Code Execution via Chakra JavaScript Engine Memory Corruption
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3386, CVE-2016-3389, and CVE-2016-7190.
by Google Security Research
CVSS 7.5
Microsoft Edge - Remote Code Execution via Chakra JavaScript Engine Memory Corruption
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3386, CVE-2016-3389, and CVE-2016-7194.
by Google Security Research
CVSS 7.5
Microsoft Edge - Remote Code Execution via Chakra JavaScript Engine
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Remote Code Execution Vulnerability."
by Google Security Research
CVSS 7.5
SPIP < 3.1.2 - Authenticated Remote Code Execution via Crafted INCLUDE/INCLURE Tag
The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action.
by Sysdream
CVSS 8.8
SPIP < 3.1.2 - Cross-Site Request Forgery via XML Validator
Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code.
by Sysdream
CVSS 8.8
SPIP < 3.1.2 - Path Traversal via var_url Parameter
Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action.
by Sysdream
CVSS 7.5
OpenNMS - Java Object Unserialization Remote Code Execution (Metasploit)
by Metasploit
Hak5 WiFi Pineapple 2.0-2.3 - Predictable CSRF Token
Hak5 WiFi Pineapple 2.0 through 2.3 uses predictable CSRF tokens.
by Metasploit
CVSS 7.5
MiCasaVerde VeraLite <1.5.408 - RCE
The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag.
by Jacob Baines
CVSS 8.8
Vembu StoreGrid 4.0 Unquoted Service Path Privilege Escalation
Vembu StoreGrid 4.0 contains an unquoted service path vulnerability in the RemoteBackup and RemoteBackup_webServer services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and restart the service to execute code with LocalSystem privileges.
by Joey Lane
CVSS 7.8
Realtek High Definition Audio Driver 6.0.1.6730 Privilege Escalation
Realtek High Definition Audio Driver 6.0.1.6730 contains an unquoted service path vulnerability that allows local attackers to escalate privileges by placing a malicious executable in the service path. Attackers can insert an executable file in the unquoted path and restart the service to execute code with LocalSystem privileges.
by Joey Lane
CVSS 7.8
IObit Advanced SystemCare 10.0.2 Unquoted Service Path Privilege Escalation
IObit Advanced SystemCare 10.0.2 contains an unquoted service path vulnerability in the AdvancedSystemCareService10 service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the service path and trigger privilege escalation when the service restarts or the system reboots, executing code with LocalSystem privileges.
by Amir.ght
CVSS 7.8
PDF Complete 4.1.12 Corporate Edition - Unquoted Service Path Privilege Escalation
by Joey Lane
Lenovo ThinkVantage Communications Utility 3.0.42.0 - Unquoted Service Path Privilege Escalation
by Joey Lane
Lenovo Slim USB Keyboard 1.09 - Unquoted Service Path Privilege Escalation
by Joey Lane
Lenovo RapidBoot HDD Accelerator 1.00.0802 - Unquoted Service Path Privilege Escalation
by Joey Lane
By Source