Exploitdb Exploits
459 exploits tracked across all sources.
Red Hat Linux 6.2 - Privilege Escalation
dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
by mat
HP-UX 11.00 - Info Disclosure
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.
by dubhe
CVSS 5.5
Slackware Linux - '/usr/bin/ppp-off' Insecure /tmp Call
by sinfony
Red Hat Linux 6.2 - Privilege Escalation
restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
by anonymous
modutils 2.3.x - Command Injection
modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.
by Michal Zalewski
Red Hat Linux 6.2 - Privilege Escalation
restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
by fish
Samba SWAT <2.0.7 - Local File Overwrite
Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file.
by Optyx
Samba <2.0.7 - Info Disclosure
Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords.
by miah
HP-UX 11.00 - Info Disclosure
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.
by Kyong-won Cho
CVSS 5.5
iCal 2.1 - Code Injection
iCal 2.1 Patch 2 installs many files with world-writeable permissions, which allows local users to modify the iCal configuration and execute arbitrary commands by replacing the iplncal.sh program with a Trojan horse.
by @stake
iCal 2.1 Patch 2 - Privilege Escalation
csstart program in iCal 2.1 Patch 2 uses relative pathnames to install the libsocket and libnsl libraries, which could allow the icsuser account to gain root privileges by creating a Trojan Horse library in the current or parent directory.
by @stake
Cisco Secure PIX Firewall 5.2(2) - Info Disclosure
Cisco Secure PIX Firewall 5.2(2) allows remote attackers to determine the real IP address of a target FTP server by flooding the server with PASV requests, which includes the real IP address in the response when passive mode is established.
by Fabio Pietrosanti
Check Point Firewall-1 3.0-4.1 - Info Disclosure
Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords, which allows remote attackers to determine valid usernames and guess a password via a brute force attack.
by Gregory Duchemin
sshd 1.2.xx - Path Traversal
Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack.
by Michal Zalewski
suidperl - Privilege Escalation
suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.
by Michal Zalewski
Tech-source Raptor Gfx Pgx32 - Buffer Overflow
Buffer overflows in pgxconfig in the Raptor GFX configuration tool allow local users to gain privileges via command line options.
by suid
Linux Kernel - Denial of Service
The "capabilities" feature in Linux before 2.2.16 allows local users to cause a denial of service or gain privileges by setting the capabilities to prevent a setuid program from dropping privileges, aka the "Linux kernel setuid/setcap vulnerability."
by Wojciech Purczynski
KDE 1.1.2 - Local Privilege Escalation
The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files.
by IhaQueR
Novell Netware - Buffer Overflow
Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL.
by Michal Zalewski
EZShopper 3.0 - Path Traversal
EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read arbitrary files via a .. (dot dot) attack or execute commands via shell metacharacters.
by suid
Netopia Timbuktu Pro - Denial of Service
The authentication protocol in Timbuktu Pro 2.0b650 allows remote attackers to cause a denial of service via connections to port 407 and 1417.
by eth0
Red Hat userhelper - Privilege Escalation
Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack.
by dildog
Unix Shell < - Local File Overwrite
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
by proton
CascadeView TFTP Server - Privilege Escalation
CascadeView TFTP server allows local users to gain privileges via a symlink attack.
by Loneguard
By Source