kf

74 exploits Active since Jul 2001
CVE-2007-2175 EXPLOITDB ruby WORKING POC
Apple QuickTime Java extensions - RCE
Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007.
CVE-2007-6165 EXPLOITDB ruby WORKING POC
Mail in Apple Mac OS X Leopard (10.5.1) - RCE
Mail in Apple Mac OS X Leopard (10.5.1) allows user-assisted remote attackers to execute arbitrary code via an AppleDouble attachment containing an apparently-safe file type and script in a resource fork, which does not warn the user that a separate program is going to be executed. NOTE: this is a regression error related to CVE-2006-0395.
CVE-2001-1127 EXPLOITDB c WORKING POC
Progress Database 8.3D and 9.1C - Buffer Overflow via Multiple Executables
Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump.
CVE-2005-3523 EXPLOITDB perl WORKING POC
gpsdrive < 2.09 - Remote Code Execution via Format String in Friendsd2 Direction Field
Format string vulnerability in friendsd2 in GpsDrive allows remote attackers to execute arbitrary code via the dir (direction) field.
EIP-2026-103244 EXPLOITDB text WORKING POC
WIDZ 1.0/1.5 - Remote Code Execution
CVE-2005-3523 EXPLOITDB perl WORKING POC
gpsdrive < 2.09 - Remote Code Execution via Format String in Friendsd2 Direction Field
Format string vulnerability in friendsd2 in GpsDrive allows remote attackers to execute arbitrary code via the dir (direction) field.
CVE-2004-1388 EXPLOITDB c WORKING POC
BerliOS GPD daemon 1.9.0-2.7 - Remote Code Execution via Format String in GPS Request
Format string vulnerability in the gpsd_report function for BerliOS GPD daemon (gpsd, formerly pygps) 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls.
CVE-2002-1767 EXPLOITDB c WORKING POC
Oracle Database Server 8.1.5 - Buffer Overflow via Long Command Line Argument
Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for Linux allows local users to execute arbitrary code as the oracle user via a long command line argument.
EIP-2026-103057 EXPLOITDB c WORKING POC
Affix Bluetooth Protocol Stack 3.1/3.2 - Signed Buffer Index (2)
CVE-2001-1178 EXPLOITDB bash WORKING POC
XFree86 xman - Buffer Overflow via MANPATH
Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable.
EIP-2026-103030 EXPLOITDB perl WORKING POC
ViRobot Linux Server 2.0 - Local Overflow
CVE-2005-3566 EXPLOITDB perl WORKING POC
VERITAS Cluster Server for UNIX < 4.0MP2 - Local Buffer Overflow via VCSI18N_LANG Environment Variable
Buffer overflow in various ha commands of VERITAS Cluster Server for UNIX before 4.0MP2 allows local users to execute arbitrary code via a long VCSI18N_LANG environment variable to (1) haagent, (2) haalert, (3) haattr, (4) hacli, (5) hacli_runcmd, (6) haclus, (7) haconf, (8) hadebug, (9) hagrp, (10) hahb, (11) halog, (12) hareg, (13) hares, (14) hastatus, (15) hasys, (16) hatype, (17) hauser, and (18) tststew.
CVE-2003-0449 EXPLOITDB c WORKING POC
Progress Database 9.1-9.1D06 - Privilege Escalation
Progress Database 9.1 to 9.1D06 trusts user input to find and load libraries using dlopen, which allows local users to gain privileges via (1) a PATH environment variable that points to malicious libraries, as demonstrated using libjutil.so in_proapsv, or (2) the -installdir command line parameter, as demonstrated using librocket_r.so in _dbagent.
CVE-2003-1050 EXPLOITDB text WORKING POC
IBM DB2 Universal Database 8.1 - Buffer Overflow
Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.
CVE-2003-0390 EXPLOITDB c STUB
Options Parsing Tool <3.18 - Buffer Overflow
Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as opt_warn_2, as used in functions such as opt_atoi.
CVE-2003-1050 EXPLOITDB text WORKING POC
IBM DB2 Universal Database 8.1 - Buffer Overflow
Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow local users to execute arbitrary code via long command line arguments to (1) db2start, (2) db2stop, or (3) db2govd.
EIP-2026-102551 EXPLOITDB c STUB
Affix Bluetooth Protocol Stack 3.1/3.2 - Signed Buffer Index (1)
CVE-2010-0188 EXPLOITDB HIGH ruby WORKING POC
Adobe Acrobat and Reader 8.x < 8.2.1 and 9.x < 9.3.1 - Remote Code Execution
Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
CVSS 7.8
CVE-2010-0188 EXPLOITDB HIGH ruby WORKING POC
Adobe Acrobat and Reader 8.x < 8.2.1 and 9.x < 9.3.1 - Remote Code Execution
Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors.
CVSS 7.8
CVE-2006-3459 EXPLOITDB ruby WORKING POC
libtiff < 3.8.2 - Stack-Based Buffer Overflow via Large tdir_count in TIFFFetchShortPair
Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c.
CVE-2006-3459 EXPLOITDB ruby WORKING POC
libtiff < 3.8.2 - Stack-Based Buffer Overflow via Large tdir_count in TIFFFetchShortPair
Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c.
CVE-2006-3459 EXPLOITDB ruby WORKING POC
libtiff < 3.8.2 - Stack-Based Buffer Overflow via Large tdir_count in TIFFFetchShortPair
Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, including a large tdir_count value in the TIFFFetchShortPair function in tif_dirread.c.
CVE-2003-0274 EXPLOITDB perl WORKING POC
ListProc 8.2.09 - Buffer Overflow via Long ULISTPROC_UMASK Value
Buffer overflow in catmail for ListProc 8.2.09 and earlier allows remote attackers to execute arbitrary code via a long ULISTPROC_UMASK value.
CVE-2001-0805 EXPLOITDB text WORKING POC
Tarantella Enterprise 3.00-3.01 - Directory Traversal via ttawebtop.cgi pg Parameter
Directory traversal vulnerability in ttawebtop.cgi in Tarantella Enterprise 3.00 and 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the pg parameter.