Exploitdb Exploits
459 exploits tracked across all sources.
Calibre E-Book Reader - Local Privilege Escalation (2)
by zx2c4
Calibre E-Book Reader - Local Privilege Escalation (1)
by zx2c4
FreeBSD <9.0-RC1 - Buffer Overflow
Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service (panic) or possibly gain privileges via a bind system call with a long pathname for a UNIX socket.
by Shaun Colley
HP Data Protector - Improper Input Validation
The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."
by SZ
HP Data Protector - Improper Input Validation
The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."
by Adrian Puente Z.
Sagem F@st 3304 Routers - PPPoE Credentials Information Disclosure
by securititracker
Nazgul Nostromo < 1.9.3 - Path Traversal
Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI.
by RedTeam Pentesting GmbH
SMC Networks SMCD3G Session Management - Authentication Bypass
by Zack Fasel & Matthew Jakubowski
Systemtap - Access Control
The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file.
by Tavis Ormandy
Barracuda <October 2010 - Path Traversal
Barracuda products, confirmed in Spam & Virus Firewall, SSL VPN, and Web Application Firewall versions prior to October 2010, contain a path traversal vulnerability in the view_help.cgi endpoint. The locale parameter fails to properly sanitize user input, allowing attackers to inject traversal sequences and null-byte terminators to access arbitrary files on the underlying system. By exploiting this flaw, unauthenticated remote attackers can retrieve sensitive configuration files such as /mail/snapshot/config.snapshot, potentially exposing credentials, internal settings, and other critical data.
by ShadowHatesYou
mountall <2.15.2 - Privilege Escalation
mountall.c in mountall before 2.15.2 uses 0666 permissions for the root.rules file, which allows local users to gain privileges by modifying this file.
by fuzz
Gantry 3.0.10 - SQL Injection
SQL injection vulnerability in the Gantry (com_gantry) component 3.0.10 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter to index.php.
by jdc
Oracle Solaris 9-10 - Info Disclosure
Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Management Console.
by Frank Stuart
Oracle Solaris <10 - Info Disclosure
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors.
by Frank Stuart
libpam-modules <1.1.0-2ubuntu1.1/1.1.1-2ubuntu5 - Privilege Escalation
pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file.
by anonymous
libpam-modules <1.1.0-2ubuntu1.1/1.1.1-2ubuntu5 - Privilege Escalation
pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file.
by Kristian Erik Hermansen
Altair Engineering PBS Pro 10.x - 'pbs_mom' Insecure Temporary File Creation
by Bartlomiej Balcerek
Oracle Solaris - Info Disclosure
Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager.
by Larry W. Cashdollar
(Tod Miller's) Sudo/SudoEdit 1.6.9p21/1.7.2p4 - Local Privilege Escalation
by kingcope
Systemtap - Numeric Error
Multiple integer signedness errors in the (1) __get_argv and (2) __get_compat_argv functions in tapset/aux_syscalls.stp in SystemTap 1.1 allow local users to cause a denial of service (script crash, or system crash or hang) via a process with a large number of arguments, leading to a buffer overflow.
by Josh Stone
Interspire Knowledge Manager 5 - 'callback.snipshot.php' Arbitrary File Creation
by Cory Marsh
By Source