Exploitdb Exploits
3,138 exploits tracked across all sources.
FreeBSD 1.5 - Privilege Escalation via telnetd Environmental Variable Manipulation
Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain root privileges by modifying critical environmental variables that affect the behavior of telnetd.
by Teso
Red Hat Linux 7.0 and 7.1 - Local Privilege Escalation via LPRng Supplemental Group Handling
LPRng in Red Hat Linux 7.0 and 7.1 does not properly drop memberships in supplemental groups when lowering privileges, which could allow a local user to elevate privileges.
by zen-parse
su-wrapper 1.1.1 - Buffer Overflow via Long First Argument
Buffer overflow in su-wrapper 1.1.1 allows local users to execute arbitrary code via a long first argument.
by dex
PKCrew TIAtunnel 0.9 alpha2 - Authentication Mechanism Buffer Overflow
by qitest1
Solaris 8 and earlier - Buffer Overflow via OPENWINHOME Environment Variable
Buffer overflow in the Xview library as used by mailtool in Solaris 8 and earlier allows a local attacker to gain privileges via the OPENWINHOME environment variable.
by 51
Solaris SunOS 5.5.1-5.8 - Buffer Overflow via SOR or CFIME Environment Variable
Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long (1) SOR or (2) CFIME environment variable.
by Pablo Sor
Windows 2000 - Denial of Service and Privilege Escalation via Hardware Breakpoint Handling
Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes.
by Georgi Guninski
Internet Information Server < 5.0 - Directory Traversal via Double-Encoded Dot-Dot Sequences
Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.
by HuXfLuX
Internet Information Server < 5.0 - Directory Traversal via Double-Encoded Dot-Dot Sequences
Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.
by MovAX
Internet Information Server < 5.0 - Directory Traversal via Double-Encoded Dot-Dot Sequences
Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.
by Filip Maertens
Windows 2000 - Buffer Overflow in Internet Printing ISAPI Extension
Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.
by dark spyrit
HP-UX - Remote Code Execution via wu-ftpd SITE EXEC Format String
The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.
by qitest1
Windows 2000 - Buffer Overflow in Internet Printing ISAPI Extension
Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.
by Ryan Permeh
Novell BorderManager < 3.6 - Denial of Service via TCP SYN Flood
Remote attackers can cause a denial of service in Novell BorderManager 3.6 and earlier by sending TCP SYN flood to port 353.
by honoriak
Windows 2000 - Buffer Overflow in Internet Printing ISAPI Extension
Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.
by dark spyrit
Nullsoft Winamp 2.6x-2.7x - Buffer Overflow via AIP File
Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute arbitrary code via a long string in an AIP file.
by byterage
IRIX 6.2 - Authenticated Remote Code Execution via netprint -n Option
Unknown vulnerability in netprint in IRIX 6.2, and possibly other versions, allows local users with lp privileges attacker to execute arbitrary commands via the -n option.
by V9
WFTPD Pro 3.00 - Remote Code Execution via Long CWD Command
Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute arbitrary commands via a long CWD command.
by Len Budney
ISC InterNetNews <2.3.0 - Privilege Escalation
Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument.
by Enrique A.
Network Solutions Rwhoisd <1.5.x - RCE
Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows remote attackers to execute arbitrary code via format string specifiers in the -soa command.
by CowPower
Samba < 2.0.7 - Arbitrary File Write via Symlink Attack
Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient.
by Gabriel Maggiotti
Cyberscheduler - Buffer Overflow via Long Timezone Parameter
Buffer overflow in websync.exe in Cyberscheduler allows remote attackers to execute arbitrary commands via a long tzs (timezone) parameter.
by Enrique A.
Microsoft ISA Server 2000 - Denial of Service via Long Web Request
Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
by SecureXpert Labs
NetBSD - Remote Code Execution via Long Pattern String with {} Sequence
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.
by Elias Levy
Infodrom cfingerd <1.4.3 - Privilege Escalation
Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function.
by VeNoMouS
CVSS 9.8
By Source