Exploitdb Exploits
462 exploits tracked across all sources.
Red Hat userhelper - Privilege Escalation
Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack.
by dildog
Unix Shell < - Local File Overwrite
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
by proton
CascadeView TFTP Server - Privilege Escalation
CascadeView TFTP server allows local users to gain privileges via a symlink attack.
by Loneguard
IRIX soundplayer - Privilege Escalation
IRIX soundplayer program allows local users to gain privileges by including shell metacharacters in a .wav file, which is executed via the midikeys program.
by Loneguard
Optivity NETarchitect - Command Injection
The bna_pass program in Optivity NETarchitect uses the PATH environmental variable for finding the "rm" program, which allows local users to execute arbitrary commands.
by Loneguard
sendmail < 8.10.0 - Denial of Service via ETRN Command Handling
Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated.
by Michal Zalewski
UnixWare - Local Privilege Escalation
UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file.
by Brock Tellier
SUSE Linux cdwtools - Local Buffer Overflow
Buffer overflows in Linux cdwtools 093 and earlier allows local users to gain root privileges.
by Brock Tellier
GNOME Libraries 1.0.8 - Buffer Overflow via Long --espeaker Argument
Buffer overflow in GNOME libraries 1.0.8 allows local user to gain root access via a long --espeaker argument in programs such as nethack.
by Brock Tellier
SUSE Linux - Buffer Overflow via HOME Environment Variable
Buffer overflow in sccw allows local users to gain root access via the HOME environmental variable.
by Brock Tellier
Solaris - Arbitrary File Creation via LD_PROFILE Environment Variable
The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack.
by Steve Mynott
CDE dtspcd - Unauthenticated Arbitrary Command Execution via Symlink Attack
The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.
by Job de Haas of ITSX
Oracle Intelligent Agent - Privilege Escalation
dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script.
by Brock Tellier
Red Hat Linux 5.2 and 6.0 - Server-Side Request Forgery via Squid cachemgr.cgi
The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems.
by fsaa
Lotus Domino 4.6.1/4.6.4 Notes - SMTPA MTA Mail Relay
by Robert Lister
Apple MacOS X 1.0 - Apache HTTP Server - DoS
A possible interaction between Apple MacOS X release 1.0 and Apache HTTP server allows remote attackers to cause a denial of service (crash) via a flood of HTTP GET requests to CGI programs, which generates a large number of processes.
by Juergen Schmidt
Solaris - Buffer Overflow via LC_MESSAGES Environmental Variable
Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable.
by UNYUN@ShadowPenguinSecurity
iParty < 1.2 - Denial of Service via Extended Character Flood
Buffer overflow in iParty server 1.2 and earlier allows remote attackers to cause a denial of service (crash) by connecting to default port 6004 and sending repeated extended characters.
by wh00t
ClearCase - Race Condition in db_loader
Race condition in the db_loader program in ClearCase gives local users root access by setting SUID bits.
by Mudge
Solaris ff.core - Privilege Escalation
Solaris ff.core allows local users to modify files.
by John McDonald
DataLynx suGuard - Command Injection
DataLynx suGuard trusts the PATH environment variable to execute the ps command, allowing local users to execute commands as root.
by Dr. Mudge
FLEXlm 4.0-5.0 - Arbitrary File Creation and Program Execution
Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX.
by Joel Eriksson
HP-UX - Privilege Escalation via PATH Manipulation
The October 1998 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the ps and grep commands.
by Loneguard
ioconfig on SGI IRIX 6.4 S2MP - Privilege Escalation
ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames.
by Loneguard
By Source