Exploitdb Exploits
462 exploits tracked across all sources.
Qualcomm qpopper <4.0.8 - Privilege Escalation
poppassd in Qualcomm qpopper 4.0.8 allows local users to modify arbitrary files and gain privileges via the -t (trace file) command line argument.
by kingcope
Qualcomm qpopper <4.0.8 - Privilege Escalation
poppassd in Qualcomm qpopper 4.0.8 allows local users to modify arbitrary files and gain privileges via the -t (trace file) command line argument.
by kingcope
Linux Kernel <= 2.6.13 - Denial of Service via SCSI procfs Interface Memory Leak
Memory leak in the seq_file implementation in the SCSI procfs interface (sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a denial of service (memory consumption) via certain repeated reads from the /proc/scsi/sg/devices file, which is not properly handled when the next() iterator returns NULL or an error.
by anonymous
Lantronix Secure Console Server SCS820/SCS1620 - Multiple Local Vulnerabilities
by c0ntex
Skype Technologies Skype 0.92/1.0/1.1 - Insecure Temporary File Creation
by Giovanni Delvecchio
Gentoo webapp-config <1.10-r14 - Local Privilege Escalation
The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 allows local users to overwrite arbitrary files via a symlink attack on the postinst.txt temporary file.
by Eric Romang
cdrdao (Mandrake 10.2) - Local Privilege Escalation
by newbug
Linux kernel <2.6.12-rc4 - Code Injection
The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that, in certain conditions involving the create_elf_tables function, causes a negative length argument to pass a signed integer comparison, leading to a buffer overflow.
by Paul Starzetz
PHP-Nuke 6.x-7.6 - SQL Injection via Top Module querylang Parameter
SQL injection vulnerability in the Top module for PHP-Nuke 6.x through 7.6 allows remote attackers to execute arbitrary SQL commands via the querylang parameter.
by Fabrizi Andrea
ESMI PayPal Storefront - SQL Injection via idpages or id2 Parameter
Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow remote attackers to execute arbitrary SQL commands via the (1) idpages parameter to pages.php or the (2) id2 parameter to products1.php.
by Dcrab
IBM AIX <5.3.0 - Privilege Escalation
Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout.
by ri0t
Linux Kernel <= 2.6.11 - Denial of Service or Memory Corruption via ISO9660 Filesystem Handler
Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem.
by Michal Zalewski
ncpfs 2.2.6 - Symlink Attack via ncpmount and ncpumount
ncpfs 2.2.6 allows local users to cause a denial of service, obtain sensitive information, or possibly gain privileges via symlink attacks involving the (1) ncpmount and (2) ncpumount programs.
by super
IBM AIX 5.1-5.3 - Untrusted Execution Path via DIAGNOSTICS Environment Variable
Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program.
by cees-bart
IBM AIX <5.3.0 - Privilege Escalation
Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout.
by cees-bart
cscope <15-5 - Local Privilege Escalation
main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
by Gangstuck
cPanel 9.9.1 -R3 Front Page Extension - Installation Information Disclosure
by Karol Wiesek
Serendipity 0.7-beta1 - SQL Injection
SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php.
by aCiDBiTS
Microsoft .NET Framework - Remote Code Execution via JPEG COM Field Length Overflow
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
by Elia Florio
Microsoft .NET Framework - Remote Code Execution via JPEG COM Field Length Overflow
Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Graphic Device Interface Plus (GDI+) component, GDIPlus.dll, allows remote attackers to execute arbitrary code via a JPEG image with a small JPEG COM field length that is normalized to a large integer length before a memory copy operation.
by perplexy
cdrecord <2.01 - Privilege Escalation
cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.
by Max Vozeler
cdrecord <2.01 - Privilege Escalation
cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.
by I)ruid
By Source