Exploitdb Exploits
462 exploits tracked across all sources.
HP Application Lifestyle Management 11 - Privilege Escalation via /tmp/tmp.txt Symlink Attack
The GetInstalledPackages function in the configuration tool in HP Application Lifestyle Management (ALM) 11 on AIX, HP-UX, and Solaris allows local users to gain privileges via (1) a Trojan horse /tmp/tmp.txt FIFO or (2) a symlink attack on /tmp/tmp.txt.
by anonymous
glibc < 2.11.3 and 2.12.x < 2.12.2 - Privilege Escalation via LD_AUDIT Environment Variable
ld.so in the GNU C Library (aka glibc or libc6) before 2.11.3, and 2.12.x before 2.12.2, does not properly restrict use of the LD_AUDIT environment variable to reference dynamic shared objects (DSOs) as audit objects, which allows local users to gain privileges by leveraging an unsafe DSO located in a trusted library directory, as demonstrated by libpcprofile.so.
by zx2c4
Calibre E-Book Reader - Race Condition Privilege Escalation
by zx2c4
Calibre E-Book Reader - Local Privilege Escalation (2)
by zx2c4
Calibre E-Book Reader - Local Privilege Escalation (1)
by zx2c4
FreeBSD 7.3-9.0-RC1 - Buffer Overflow via Long UNIX Socket Pathname in bind System Call
Buffer overflow in the kernel in FreeBSD 7.3 through 9.0-RC1 allows local users to cause a denial of service (panic) or possibly gain privileges via a bind system call with a long pathname for a UNIX socket.
by Shaun Colley
HP Data Protector - Remote Code Execution via EXEC_CMD Argument Injection
The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."
by SZ
HP Data Protector - Remote Code Execution via EXEC_CMD Argument Injection
The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."
by Adrian Puente Z.
Sagem F@st 3304 Routers - PPPoE Credentials Information Disclosure
by securititracker
nostromo < 1.9.4 - Remote Code Execution and Arbitrary File Read via Encoded Dot-Dot-Slash
Directory traversal vulnerability in nhttpd (aka Nostromo webserver) before 1.9.4 allows remote attackers to execute arbitrary programs or read arbitrary files via a ..%2f (encoded dot dot slash) in a URI.
by RedTeam Pentesting GmbH
SMC Networks SMCD3G Session Management - Authentication Bypass
by Zack Fasel & Matthew Jakubowski
SystemTap 1.3 - Privilege Escalation via MODPROBE_OPTIONS Environment Variable
The staprun runtime tool in SystemTap 1.3 does not properly clear the environment before executing modprobe, which allows local users to gain privileges by setting the MODPROBE_OPTIONS environment variable to specify a malicious configuration file.
by Tavis Ormandy
Barracuda <October 2010 - Path Traversal
Barracuda products, confirmed in Spam & Virus Firewall, SSL VPN, and Web Application Firewall versions prior to October 2010, contain a path traversal vulnerability in the view_help.cgi endpoint. The locale parameter fails to properly sanitize user input, allowing attackers to inject traversal sequences and null-byte terminators to access arbitrary files on the underlying system. By exploiting this flaw, unauthenticated remote attackers can retrieve sensitive configuration files such as /mail/snapshot/config.snapshot, potentially exposing credentials, internal settings, and other critical data.
by ShadowHatesYou
mountall <2.15.2 - Privilege Escalation
mountall.c in mountall before 2.15.2 uses 0666 permissions for the root.rules file, which allows local users to gain privileges by modifying this file.
by fuzz
Gantry (com_gantry) 3.0.10 - SQL Injection via moduleid Parameter
SQL injection vulnerability in the Gantry (com_gantry) component 3.0.10 for Joomla! allows remote attackers to execute arbitrary SQL commands via the moduleid parameter to index.php.
by jdc
Oracle Solaris 9-10 - Info Disclosure
Unspecified vulnerability in Oracle Solaris 9 and 10 allows local users to affect confidentiality and integrity via unknown vectors related to Solaris Management Console.
by Frank Stuart
Oracle Solaris <10 - Info Disclosure
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors.
by Frank Stuart
libpam-modules <1.1.0-2ubuntu1.1/1.1.1-2ubuntu5 - Privilege Escalation
pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file.
by anonymous
libpam-modules <1.1.0-2ubuntu1.1/1.1.1-2ubuntu5 - Privilege Escalation
pam_motd (aka the MOTD module) in libpam-modules before 1.1.0-2ubuntu1.1 in PAM on Ubuntu 9.10 and libpam-modules before 1.1.1-2ubuntu5 in PAM on Ubuntu 10.04 LTS allows local users to change the ownership of arbitrary files via a symlink attack on .cache in a user's home directory, related to "user file stamps" and the motd.legal-notice file.
by Kristian Erik Hermansen
Altair Engineering PBS Pro 10.x - 'pbs_mom' Insecure Temporary File Creation
by Bartlomiej Balcerek
Oracle Solaris - Arbitrary File Write via Symlink Attack on /tmp/CLEANUP
Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager.
by Larry W. Cashdollar
By Source