Exploitdb Exploits
50,076 exploits tracked across all sources.
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed 15.1.0.0096 - Unquoted Service Path Privilege Escalation
by Joey Lane
Intel(R) Management Engine Components 8.0.1.1399 - Unquoted Service Path Privilege Escalation
by Joey Lane
HikVision Security Systems - Activex Buffer Overflow
by Yuriy Gurkin
XhP CMS 0.5.1 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
by Ahsan Tahir
Intel(R) PROSet/Wireless WiFi Software 15.01.1000.0927 - Unquoted Service Path Privilege Escalation
by Joey Lane
CNDSOFT 2.3 - Cross-Site Request Forgery / Arbitrary File Upload
by Besim
Linux Kernel 2.x-4.x < 4.8.3 - Local Privilege Escalation via Dirty COW Race Condition
Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka "Dirty COW."
by Phil Oester
CVSS 7.0
Microsoft Windows - Local Privilege Escalation via AFD.sys Input Validation
The Ancillary Function Driver (AFD) in afd.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
by Tomislav Paskalev
Microsoft Windows - Local Privilege Escalation via Win32k Kernel-Mode Driver
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability." a different vulnerability than CVE-2016-3266, CVE-2016-3376, and CVE-2016-7211.
by Google Security Research
CVSS 7.8
Windows Kernel - Local Privilege Escalation via Registry API Call
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0075.
by Google Security Research
CVSS 5.0
Microsoft Windows 8.1/10, Server 2012, RT 8.1 - Local Privilege Escalation via Registry API
The kernel in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold, 1511, and 1607 allows local users to gain privileges via a crafted application that makes an API call to access sensitive information in the registry, aka "Windows Kernel Local Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0073.
by Google Security Research
CVSS 5.5
Pluck CMS 4.7.3 - Cross-Site Request Forgery (Add Page)
by Ahsan Tahir
The Unarchiver 3.11.1 - '.tar.Z' Crash (PoC)
by Antonio Z.
ManageEngine ServiceDesk Plus 9.2 Build 9207 - Unauthorized Information Disclosure
by p0z
Spy Emergency build 23.0.205 Unquoted Service Path Privilege Escalation
Spy Emergency build 23.0.205 contains an unquoted service path vulnerability in the SpyEmrgHealth and SpyEmrgSrv services that allows local attackers to escalate privileges by inserting malicious executables. Attackers can place executable files in the unquoted service path and trigger service restart or system reboot to execute code with LocalSystem privileges.
by Amir.ght
CVSS 7.8
Windows 10 - Privilege Escalation via Standard Collector Service Library Loading
The Standard Collector Service in Windows Diagnostics Hub in Microsoft Windows 10 Gold, 1511, and 1607 mishandles library loading, which allows local users to gain privileges via a crafted application, aka "Windows Diagnostics Hub Elevation of Privilege Vulnerability."
by Google Security Research
CVSS 7.8
Subrion CMS 4.0.5 - Cross-Site Request Forgery Bypass / Persistent Cross-Site Scripting
by Ahsan Tahir
Ruby on Rails Dynamic Render File Upload Remote Code Execution
Directory traversal vulnerability in Action View in Ruby on Rails before 3.2.22.1, 4.0.x and 4.1.x before 4.1.14.1, 4.2.x before 4.2.5.1, and 5.x before 5.0.0.beta1.1 allows remote attackers to read arbitrary files by leveraging an application's unrestricted use of the render method and providing a .. (dot dot) in a pathname.
by Metasploit
CVSS 7.5
PHP Telephone Directory - Multiple Vulnerabilities
by larrycompress
PHP NEWS 1.3.0 - Cross-Site Request Forgery (Add Admin)
by Meryem AKDOĞAN
Linux kernel <4.6.5 - Privilege Escalation
The apparmor_setprocattr function in security/apparmor/lsm.c in the Linux kernel before 4.6.5 does not validate the buffer size, which allows local users to gain privileges by triggering an AppArmor setprocattr hook.
by Vitaly Nikolenko
CVSS 7.8
By Source