Exploitdb Exploits
50,076 exploits tracked across all sources.
Microsoft Win32k - Privilege Escalation
Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."
by hfiref0x
CVSS 7.8
Microsoft Windows < - Privilege Escalation
The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly validate an unspecified address, which allows local users to bypass the KASLR protection mechanism, and consequently discover the cng.sys base address, via a crafted application, aka "Windows Kernel Security Feature Bypass Vulnerability."
by 4B5F5F4B
BulletProof FTP Client <2.63 - Buffer Overflow
Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 allows user-assisted attackers to execute arbitrary code via a bookmark file entry with a long host name, which appears as a host parameter within the quick-connect bar.
by Gabor Seljan
Forma LMS 1.3 - Multiple PHP Object Injection Vulnerabilities
by Filippo Roncari
Elasticsearch <1.4.5, <1.5.2 - Path Traversal
Directory traversal vulnerability in Elasticsearch before 1.4.5 and 1.5.x before 1.5.2, when a site plugin is enabled, allows remote attackers to read arbitrary files via unspecified vectors.
by pandujar
OYO File Manager 1.1 (iOS / Android) - Multiple Vulnerabilities
by Vulnerability-Lab
QEMU < 2.3.0 - Memory Corruption via Floppy Disk Controller Commands
The Floppy Disk Controller (FDC) in QEMU, as used in Xen 4.5.x and earlier and KVM, allows local guest users to cause a denial of service (out-of-bounds write and guest crash) or possibly execute arbitrary code via the (1) FD_CMD_READ_ID, (2) FD_CMD_DRIVE_SPECIFICATION_COMMAND, or other unspecified commands, aka VENOM.
by Marcus Meissner
OpenLitespeed 1.3.9 - Use-After-Free (Denial of Service)
by Denis Andzakovic
Wireless Photo Transfer 3.0 iOS - Local File Inclusion
by Vulnerability-Lab
Woltlab Burning Board 2.x and earlier - SQL Injection via Email Verification
SQL injection vulnerability in the verify_email function in Woltlab Burning Board 2.x and earlier allows remote attackers to execute arbitrary SQL commands via the $email variable.
by GulfTech Security
WordPress Plugin Booking Calendar Contact Form 1.0.2 - Multiple Vulnerabilities
by i0akiN SEC-LABORATORY
SixApart MovableType - Storable Perl Code Execution (Metasploit)
by Metasploit
VideoCharge Vanilla 3.16.4.06 - Local Buffer Overflow
by evil_comrade
VideoCharge Professional + Express Vanilla 3.18.4.04 - Local Buffer Overflow
by evil_comrade
VideoCharge Express 3.16.3.04 - Local Buffer Overflow
by evil_comrade
WordPress Plugin N-Media Website Contact Form with File Upload 1.3.4 - Arbitrary File Upload (2)
by Claudio Viviani & F17.c0de
Wing FTP Server Admin 4.4.5 - Cross-Site Request Forgery (Add User)
by hyp3rlinx
By Source