Exploitdb Exploits
3,149 exploits tracked across all sources.
GNU Inetutils < 1.9 - Buffer Overflow
Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.
by NighterMan & BatchDrake
Steve J Baker Plib - Memory Corruption
Buffer overflow in the ulSetError function in util/ulError.cxx in PLIB 1.8.5, as used in TORCS 1.3.1 and other products, allows user-assisted remote attackers to execute arbitrary code via vectors involving a long error message, as demonstrated by a crafted acc file for TORCS. NOTE: some of these details are obtained from third party information.
by Andrés Gómez
Configserver Security Firewall < 5.42 - Memory Corruption
Stack-based buffer overflow in CFS.c in ConfigServer Security & Firewall (CSF) before 5.43, when running on a DirectAdmin server, allows local users to cause a denial of service (crash) via a long string in an admin.list file.
by FoX HaCkEr
Tripodworks Gigapod Officehard Firmware < 3.04.03 - Denial of Service
GIGAPOD file servers (Appliance model and Software model) provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation.
8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests (CVE-2011-3192), which may lead to a denial-of-service (DoS) condition.
by Ramon de C Valle
CVSS 7.5
3ssoftware Codesys < 3.4 - Memory Corruption
Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080.
by Celil Ünüver
bzip2 <1.0.5 - Code Injection
The bzexe command in bzip2 1.0.5 and earlier generates compressed executables that do not properly handle temporary files during extraction, which allows local users to execute arbitrary code by precreating a temporary directory.
by vladz
Microsoft Winows 7 - Keyboard Layout Blue Screen of Death (MS10-073)
by instruder
Microsoft Windows - Buffer Overflow
Integer overflow in the TCP/IP implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code by sending a sequence of crafted UDP packets to a closed port, aka "Reference Counter Overflow Vulnerability."
by anonymous
CVSS 9.8
Linux Kernel 3.0.4 - '/proc/interrupts' Password Length Local Information Disclosure
by Vasiliy Kulikov
Calibre E-Book Reader - Local Privilege Escalation (3)
by zx2c4
Linux Kernel 2.6.37-rc1 - 'serial_multiport_struct' Local Information Leak
by Todor Donev
Android <2.3.6 - Info Disclosure
The PowerVR SGX driver in Android before 2.3.6 allows attackers to obtain potentially sensitive information from kernel stack memory via an application that uses a crafted length parameter in a request to the pvrsrvkm device.
by Geremy Condra
X.org X Server - Access Control
The X.Org X wrapper (xserver-wrapper.c) in Debian GNU/Linux and Ubuntu Linux does not properly verify the TTY of a user who is starting X, which allows local users to bypass intended access restrictions by associating stdin with a file that is misinterpreted as the console TTY.
by vladz
Linux PolicyKit Race Condition Privilege Escalation
Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID.
by xi4oyu
Linux PolicyKit Race Condition Privilege Escalation
Race condition in the pkexec utility and polkitd daemon in PolicyKit (aka polkit) 0.96 allows local users to gain privileges by executing a setuid program from pkexec, related to the use of the effective user ID instead of the real user ID.
by zx2c4
Norman Security Suite 8 - 'nprosec.sys' Local Privilege Escalation
by Xst3nZ
Apple Mac OS X <10.6.7 - Privilege Escalation
The i386_set_ldt system call in the kernel in Apple Mac OS X before 10.6.7 does not properly handle call gates, which allows local users to gain privileges via vectors involving the creation of a call gate entry.
by hkpco
Linux Kernel < 2.6.37 - Information Disclosure
The ipc subsystem in the Linux kernel before 2.6.37-rc1 does not initialize certain structures, which allows local users to obtain potentially sensitive information from kernel stack memory via vectors related to the (1) compat_sys_semctl, (2) compat_sys_msgctl, and (3) compat_sys_shmctl functions in ipc/compat.c; and the (4) compat_sys_mq_open and (5) compat_sys_mq_getsetattr functions in ipc/compat_mq.c.
by Jon Oberheide
Linux Kernel < 3.1 - Denial of Service
The Performance Events subsystem in the Linux kernel before 3.1 does not properly handle event overflows associated with PERF_COUNT_SW_CPU_CLOCK events, which allows local users to cause a denial of service (system hang) via a crafted application.
by Vince Weaver
CVSS 5.5
DVD X Player 5.5.0 Professional / Standard - '.plf' File Universal (ASLR + DEP Bypass)
by sickness
Kingsoft AntiVirus 2012 'KisKrnl.sys' 2011.7.8.913 - Kernel Mode Privilege Escalation
by MJ0011
NetBSD 5.1 - 'libc/net' Multiple Stack Buffer Overflows
by Maksymilian Arciemowicz
IBM DB2 - 'DT_RPATH' Insecure Library Loading Arbitrary Code Execution
by Tim Brown
By Source