Exploitdb Exploits
3,138 exploits tracked across all sources.
UnixWare 7.1.1 - Privilege Escalation
Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LC_MESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint.
by jGgM
hanterm 3.3.1 - Local Buffer Overflow via Long Argument
Buffer overflow in hanterm 3.3.1 and earlier allows local users to execute arbitrary code via a long string in the (1) -fn, (2) -hfb, or (3) -hfn argument.
by xperc
hanterm 3.3.1 - Local Buffer Overflow via Long Argument
Buffer overflow in hanterm 3.3.1 and earlier allows local users to execute arbitrary code via a long string in the (1) -fn, (2) -hfb, or (3) -hfn argument.
by Xpl017Elz
AtheOS 0.3.7 - Directory Traversal via Chroot Chdir Pathname
Directory traversal vulnerability in chroot function in AtheOS 0.3.7 allows attackers to escape the jail via a .. (dot dot) in the pathname argument to chdir.
by Jedi/Sector
Sambar Server 5.1 - Denial of Service and Possible Remote Code Execution via Long Argument to cgitest.exe
cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long argument.
by Tamer Sahin
ICQ for macOS X 10.0-10.1.2 - Buffer Overflow via Long Request
Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long request.
by Stephen
mIRC <= 5.91 - Remote Code Execution via Long Nickname
Buffer overflow in mIRC 5.91 and earlier allows a remote server to execute arbitrary code on the client via a long nickname.
by James Martin
TOLIS Group BRU 17.0 - Local Privilege Escalation
setlicense for TOLIS Group Backup and Restore Utility (BRU) 17.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/brutest.$$ temporary file.
by Andrew Griffiths
rsync - Remote Code Execution via Signedness Error in I/O Functions
Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server.
by sorbo
Sniffit 0.3.x - Remote Code Execution via Long MAIL FROM Header
Buffer overflow in Sniffit 0.3.x with the -L logging option enabled allows remote attackers to execute arbitrary commands via a long MAIL FROM mail header.
by g463
Chinput 3.0 - Local Buffer Overflow via HOME Environment Variable
Buffer overflow in Chinput 3.0 allows local users to execute arbitrary code via a long HOME environment variable.
by xperc
pi3web 2.0 beta 1 and 2 - Denial of Service via Long Physical Path with Trailing Dots
CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows remote attackers to cause a denial of service (crash) via a series of requests whose physical path is exactly 260 characters long and ends in a series of . (dot) characters.
by aT4r
Imlib2 <= 1.0.4 - Buffer Overflow via HOME Environment Variable
Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and earlier allows local users to execute arbitrary code via a long HOME environment variable.
by Charles Stevenson
FreeWnn 1.1 0 - jserver JS_MKDIR MetaCharacter Command Execution
by UNYUN
boozt_standard 0.9.8 - Local Buffer Overflow via Long Banner Name Field
Buffer overflow in index.cgi administration interface for Boozt! Standard 0.9.8 allows local users to execute arbitrary code via a long name field when creating a new banner.
by Rafael San Miguel Carrasco
RealOne Player < 8.0 - Buffer Overflow via Header Length Mismatch
Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header.
by UNYUN
ucd-snmp < 4.2.3 - Remote Code Execution via snmpnetstat Heap Overflow
Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and earlier, and net-snmp, allows remote attackers to execute arbitrary code via multiple getnextrequest PDU messages with conflicting ifindex variables, which cause snmpnetstat to write variable data past the end of an array.
by Juan M. de la Torre
SapporoWorks Black JumboDog 2.6.4/2.6.5 - HTTP Proxy Buffer Overflow
by UNYUN
Solaris - Remote Code Execution via cfsd_calloc Heap Overflow
Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.
by Last Stage of Delirium
rsync - Remote Code Execution via Signedness Error in I/O Functions
Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server.
by Teso
rsync - Remote Code Execution via Signedness Error in I/O Functions
Multiple signedness errors (mixed signed and unsigned numbers) in the I/O functions of rsync 2.4.6, 2.3.2, and other versions allow remote attackers to cause a denial of service and execute arbitrary code in the rsync client or server.
by Teso
OpenBSD ftpd - Remote Code Execution via Format String in setproctitle
FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do not properly cleanse untrusted format strings that are used in the setproctitle function (sometimes called by set_proc_title), which allows remote attackers to cause a denial of service or execute arbitrary commands.
by Teso
stunnel < 3.22 - Remote Code Execution via Format String in Client Mode
Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.
by deltha
Windows 98, 98SE, ME, and XP - Remote Code Execution via UPnP NOTIFY Location URL
Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL.
by JOCANOR
By Source