Exploitdb Exploits
462 exploits tracked across all sources.
Pine <4.33 - Local Privilege Escalation
Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.
by mat
vixie_cron - Arbitrary Command Execution via Predictable Temporary File
crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file.
by Michal Zalewski
Red Hat Linux 6.2 - Privilege Escalation
dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
by mat
HP-UX 11.00 - Arbitrary File Read via crontab Symlink Attack
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.
by dubhe
CVSS 5.5
Slackware Linux - '/usr/bin/ppp-off' Insecure /tmp Call
by sinfony
Red Hat Linux 6.2 - Privilege Escalation
restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
by anonymous
modutils 2.3.x - Command Injection
modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.
by Michal Zalewski
Red Hat Linux 6.2 - Privilege Escalation
restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
by fish
Samba SWAT <2.0.7 - Local File Overwrite
Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file.
by Optyx
Samba 2.0.7 - Sensitive Information Exposure via SWAT cgi.log World-Readable Permissions
Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords.
by miah
HP-UX 11.00 - Arbitrary File Read via crontab Symlink Attack
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.
by Kyong-won Cho
CVSS 5.5
iPlanet iCal 2.1 Patch 2 - Arbitrary Command Execution via World-Writable Files
iCal 2.1 Patch 2 installs many files with world-writeable permissions, which allows local users to modify the iCal configuration and execute arbitrary commands by replacing the iplncal.sh program with a Trojan horse.
by @stake
iCal 2.1 Patch 2 - Privilege Escalation
csstart program in iCal 2.1 Patch 2 uses relative pathnames to install the libsocket and libnsl libraries, which could allow the icsuser account to gain root privileges by creating a Trojan Horse library in the current or parent directory.
by @stake
Cisco Secure PIX Firewall 5.2(2) - Info Disclosure
Cisco Secure PIX Firewall 5.2(2) allows remote attackers to determine the real IP address of a target FTP server by flooding the server with PASV requests, which includes the real IP address in the response when passive mode is established.
by Fabio Pietrosanti
Check Point Firewall-1 3.0-4.1 - Info Disclosure
Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords, which allows remote attackers to determine valid usernames and guess a password via a brute force attack.
by Gregory Duchemin
OpenSSH - Directory Traversal via Malicious SCP Server
Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack.
by Michal Zalewski
perl - Local Privilege Escalation via suidperl Escape Sequence Injection
suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.
by Michal Zalewski
Raptor GFX pgxconfig - Local Privilege Escalation via Command Line Options
Buffer overflows in pgxconfig in the Raptor GFX configuration tool allow local users to gain privileges via command line options.
by suid
Linux Kernel - Privilege Escalation via Setuid/Setcap Capabilities Bypass
The "capabilities" feature in Linux before 2.2.16 allows local users to cause a denial of service or gain privileges by setting the capabilities to prevent a setuid program from dropping privileges, aka the "Linux kernel setuid/setcap vulnerability."
by Wojciech Purczynski
KDE 1.1.2 - Local Privilege Escalation
The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files.
by IhaQueR
Novell NetWare - Buffer Overflow via Long URL
Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL.
by Michal Zalewski
EZShopper 3.0 - Arbitrary File Read and Command Execution via loadpage.cgi
EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters.
by suid
Timbuktu Pro 2.0b650 - Denial of Service via Port 407 and 1417
The authentication protocol in Timbuktu Pro 2.0b650 allows remote attackers to cause a denial of service via connections to port 407 and 1417.
by eth0
By Source