Exploitdb Exploits
462 exploits tracked across all sources.
Addonics NAS Adapter - 'bts.cgi' (Authenticated) Remote Denial of Service
by h00die
Linux Kernel < 2.6.29 - Local Privilege Escalation via exit_signal Field Manipulation
The exit_notify function in kernel/exit.c in the Linux kernel before 2.6.30-rc1 does not restrict exit signals when the CAP_KILL capability is held, which allows local users to send an arbitrary signal to a process by running a program that modifies the exit_signal field and then uses an exec system call to launch a setuid application.
by gat3way
macOS X < 10.5.6 - Privilege Escalation via HFS IOCTL Handler
XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_BOOT_INFO fcntl calls.
by mu-b
Addonics NAS Adapter - (Authenticated) Denial of Service
by h00die
Chuggnutt HTML to Text Converter <5.2.10 - RCE
html2text.php in Chuggnutt HTML to Text Converter, as used in PHPMailer before 5.2.10, RoundCube Webmail (roundcubemail) 0.2-1.alpha and 0.2-3.beta, Mahara, and AtMail Open 1.03, allows remote attackers to execute arbitrary code via crafted input that is processed by the preg_replace function with the eval switch.
by Hunger
Debian GNU/Linux - Local Privilege Escalation
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry.
by Paul Szabo
Sudo 1.6.9p18 - 'Defaults SetEnv' Local Privilege Escalation
by kingcope
Postfix < 2.3.15, 2.4 < 2.4.8, 2.5 < 2.5.4, 2.6 < 2.6-20080814 - Arbitrary File Write via Hard Link to Symlink
Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script.
by RoMaNSoFt
Red Hat Enterprise Linux 5 and Fedora 6-8 - Denial of Service via CWD Command Memory Leak
Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.
by Martin Nagy
SCO UnixWare 7.1.4 - Local Path Traversal via PKGINST Environment Variable
Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ".." sequences in an unspecified environment variable, probably PKGINST.
by qaaz
SCO UnixWare 7.1.4 - Path Traversal
Directory traversal vulnerability in (1) pkgadd and (2) pkgrm in SCO UnixWare 7.1.4 allows local users to gain privileges via unknown vectors.
by qaaz
Fedora Core - Arbitrary File Permission Change via Symlink Attack on /tmp/.font-unix
The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file.
by vl4dZ
X.Org Xserver <1.4.1 - Info Disclosure
X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.
by vl4dZ
wwwstats 3.21 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in clickstats.php in wwwstats 3.21 allow remote attackers to inject arbitrary web script or HTML via (1) the link parameter or (2) the User-Agent HTTP header.
by Jesus Olmos Gonzalez
Apache HTTP Server 2.0.x-2.2.x - XSS
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
by Adrian Pastor
OmniStar Article Manager - SQL Injection via Page ID Parameter
SQL injection vulnerability in article.php in OmniStar Article Manager allows remote attackers to execute arbitrary SQL commands via the page_id parameter in a favorite op action, a different vector than CVE-2006-5917.
by Cold Zero
IBM AIX 5.3 SP6 - Local Arbitrary Code Execution via pioout ParseRoutine Argument
pioout in IBM AIX 5.3 SP6 allows local users to execute arbitrary code by specifying a malicious library with the -R (ParseRoutine) command line argument.
by qaaz
AsteriDex < 3.0 - Remote Code Execution via CRLF Injection in callboth.php
Multiple CRLF injection vulnerabilities in callboth.php in AsteriDex 3.0 and earlier allow remote attackers to inject arbitrary shell commands via the (1) IN and (2) OUT parameters.
by Carl Livitt
Microsoft IIS Web Server 5.0 - Auth Bypass
The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private web directories via the CiWebhitsfile parameter to null.htw.
by Sha0
Joomla! com_philaform <1.2.0.0 - SQL Injection
SQL injection vulnerability in index.php in the Phil-a-Form (com_philaform) 1.2.0.0 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the form_id parameter.
by CypherXero
HP Tru64 UNIX <5.1B-4 - Privilege Escalation
Unspecified vulnerability in dop in HP Tru64 UNIX 5.1B-4, 5.1B-3, and 5.1A PK6 allows local users to gain privileges via a large amount of data in the environment, as demonstrated by a long environment variable.
by Daniele Calore
Apache HTTP Server 1.3.28-1.3.36 & 2.0.46-2.0.58 - DoS & RCE via mod_rewrite LDAP Handling
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
by axis
Nortel Application Switch 2424-1000 - Local Privilege Escalation
The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, which allows local users to exploit a race condition to replace a world-writable file in /tmp/NetClient and cause another user to execute arbitrary code when attempting to execute this client, as demonstrated by replacing /tmp/NetClient/client.
by Jon Hart
IBM Lotus Domino R5-R6 WebMail - Info Disclosure
IBM Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores HTTPPassword hashes from names.nsf in a manner accessible through Readviewentries and OpenDocument requests to the defaultview view, a different vector than CVE-2005-2428.
by Marco Ivaldi
By Source