Exploitdb Exploits
3,138 exploits tracked across all sources.
Red Hat Linux 6.2 - Privilege Escalation
dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
by mat
HP-UX - Remote Code Execution via wu-ftpd SITE EXEC Format String
The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.
by venglin
Perl 4.x and 5.x - Buffer Overflow in suidperl
Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.
by vade79
BSD 3.0 and 4.0 - Privilege Escalation via rcvtty Script Execution
rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before executing a script, which allows local attackers to gain privileges by specifying an alternate Trojan horse script on the command line.
by vade79
Caldera Openlinux Ebuilder - Access Control
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
by Solar Eclipse
Oracle 8i - Buffer Overflow in Connection Manager Control via Long Command Line Argument
Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control allows local users to gain privileges via a long command line argument.
by anonymous
Internet Information Server 4.0-5.0 - Path Traversal and Remote Code Execution via Unicode-Encoded URL
IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.
by Optyx
Internet Information Server 4.0-5.0 - Path Traversal and Remote Code Execution via Unicode-Encoded URL
IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.
by incubus
NetcPlus SmartServer3 3.75 - Weak Encryption
by Steven Alexander
NetcPlus BrowseGate 2.80.2 - Weak Encryption
by Steven Alexander
ethereal < 0.8.13 - Remote Code Execution via AFS ACL Parser Buffer Overflow
Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers to execute arbitrary commands via a packet with a long username.
by mat
Oracle Internet Directory - Buffer Overflow via Long Connect Parameter
Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain privileges via a long "connect" command line parameter.
by anonymous
LBNL Traceroute <1.4a5 - Buffer Overflow
Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option.
by Michel Kaempf
CGI Script Center News Update 1.1 - Info Disclosure
CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password.
by morpheus[bd]
CVSS 9.8
Solaris - Buffer Overflow via NETMGT_PROC_SERVICE Request
Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.
by nikolai abromov
Caldera Openlinux Ebuilder - Access Control
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
by warning3
Samba 2.0.7 - Unauthenticated Brute Force Password Guessing via SWAT Login
Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing attacks.
by dodeca-T
Recourse ManTrap 1.6 - Info Disclosure
Recourse ManTrap 1.6 sets up a chroot environment to hide the fact that it is running, but the inode number for the resulting "/" file system is higher than normal, which allows attackers to determine that they are in a chroot environment.
by f8labs
Recourse ManTrap <1.6 - Info Disclosure
Recourse ManTrap 1.6 does not properly hide processes from attackers, which could allow attackers to determine that they are in a honeypot system by comparing the results from kill commands with the process listing in the /proc filesystem.
by f8labs
Samba SWAT <2.0.7 - Local File Overwrite
Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file.
by Optyx
top <unknown> - Privilege Escalation
Format string vulnerability in top program allows local attackers to gain root privileges via the "kill" or "renice" function.
by truefinder
By Source