By Risk Score
By Publish Date
By Recent Activity
local vulnerabilities and exploits
(subscribe to this query)
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none....
Local file inclusion vulnerability in Zenphoto 1.4.14 and earlier allows a remote attacker with an administrative privilege to execute arbitrary code or obtain sensitive information....
misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program....
1 EDB exploit available
Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 allows local users to cause a denial of service (segmentation fault) and possibly execute arbitrary code via format string specifiers in command line arguments....
Local Server 1.0.9 has a Buffer Overflow via crafted data on Port 4008....
Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to...
Unquoted Windows search path vulnerability in iTunesHelper.exe in iTunes 220.127.116.11 and iTunes 5 for Windows might allow local users to gain privileges via a malicious C:\program.exe file....
In OctoberCMS (october/october composer package) versions from 1.0.319 and before 1.0.466, an attacker can exploit this vulnerability to read local files of an October CMS server. The vulnerability is only exploitable by an authenticated backend user with the `cms.manage_assets`...
The Local Security Authority Subsystem Service (LSASS) in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly process authentication requests, which allows local users to gain privileges via a request with a crafted length, aka "LSASS Length Validation...
Mozilla Firefox before 23.0, Firefox ESR 17.x before 17.0.8, Thunderbird before 17.0.8, Thunderbird ESR 17.x before 17.0.8, and SeaMonkey before 2.20 do not properly restrict local-filesystem access by Java applets, which allows user-assisted remote attackers to read arbitrary...