Exploitdb Exploits
3,138 exploits tracked across all sources.
oops_proxy_server 1.5.2 - Remote Code Execution via HTML Parser Quotation Character Overflow
Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2 and earlier allows remote attackers to execute arbitrary commands via a large number of " (quotation) characters.
by diman
PHP 3 and 4 - Remote Code Execution via Format String Injection
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.
by Gneisenau
BitchX - Remote Code Execution via Long DNS Hostname
Buffer overflow in BitchX IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary commands via an IP address that resolves to a long DNS hostname or domain name.
by nimrood
Unix Shell < - Local File Overwrite
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
by t--zen
Beos - Resource Management Error
Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Server systems allow a remote attacker to cause a denial of service by sending a large number of identical fragmented IP packets, aka jolt2 or the "IP Fragment Reassembly" vulnerability.
by phonix
Caldera Openlinux Ebuilder - Access Control
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
by sk8
secure_locate - Memory Corruption via Malformed Database File
Secure Locate (slocate) allows local users to corrupt memory via a malformed database file that specifies an offset value that accesses memory outside of the intended buffer.
by Michel Kaempf
Microsoft SQL Server and MSDE - Buffer Overflow in xp_showcolv Extended Stored Procedure
The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
by David Litchfield
Microsoft SQL Server 2000-MSDE - Buffer Overflow
The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
by @stake
Microsoft SQL Server and MSDE - Denial of Service and Remote Code Execution via xp_displayparamstmt Buffer Overflow
The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
by David Litchfield
Solaris - Buffer Overflow via NETMGT_PROC_SERVICE Request
Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.
by Optyx
HP-UX 10.20 - Remote Code Execution via FTP PASS Command Format String
Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary commands via format strings in the PASS command.
by venglin
phf - Buffer Overflow via MIME Header
Buffer overflow in phf CGI program allows remote attackers to execute arbitrary commands by specifying a large number of arguments and including a long MIME header.
by proton
IBM AIX - Buffer Overflow in setsenv Command
Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument.
by Last Stage of Delirium
IBM AIX 4.3.x - Local Privilege Escalation via piobe Command Buffer Overflow
Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables.
by Last Stage of Delirium
IBM AIX - Buffer Overflow in Digest Command
Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands.
by Last Stage of Delirium
Caldera Openlinux Ebuilder - Access Control
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
by warning3
Caldera Openlinux Ebuilder - Access Control
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
by localcore
BSDi 3.0 inc - Local Buffer Overflow / Local Privilege Escalation
by vade79
By Source