Exploitdb Exploits
3,149 exploits tracked across all sources.
NetStumbler 0.4 - 'mfc71esn.dll' DLL Loading Arbitrary Code Execution
by Pepelux
Microsoft Visio 2007 - 'mfc80esn.dll' DLL Loading Arbitrary Code Execution
by Pepelux
IsoBuster 2.7 - 'wnaspi32.dll' DLL Loading Arbitrary Code Execution
by Pepelux
Adobe Dreamweaver CS4 - 'mfc80esn.dll' DLL Loading Arbitrary Code Execution
by Pepelux
Dupehunter Professional 9.0.0.3911 - 'Fwpuclnt.dll' DLL Loading Arbitrary Code Execution
by anT!-Tr0J4n
Freebsd < 7.3 - Improper Locking
The pfs_getextattr function in FreeBSD 7.x before 7.3-RELEASE and 8.x before 8.0-RC1 unlocks a mutex that was not previously locked, which allows local users to cause a denial of service (kernel panic), overwrite arbitrary memory locations, and possibly execute arbitrary code via vectors related to opening a file on a file system that uses pseudofs.
by Babcia Padlina
CVSS 7.8
Linux kernel <2.6.35 - Info Disclosure
The xfs implementation in the Linux kernel before 2.6.35 does not look up inode allocation btrees before reading inode buffers, which allows remote authenticated users to read unlinked files, or read or overwrite disk blocks that are currently assigned to an active file but were previously assigned to an unlinked file, by accessing a stale NFS filehandle.
by Red Hat
CVSS 8.1
Linux kernel <2.6.36-rc6 - Info Disclosure/DoS
Integer signedness error in the pkt_find_dev_from_minor function in drivers/block/pktcdvd.c in the Linux kernel before 2.6.36-rc6 allows local users to obtain sensitive information from kernel memory or cause a denial of service (invalid pointer dereference and system crash) via a crafted index value in a PKT_CTRL_CMD_STATUS ioctl call.
by Jon Oberheide
VirIT eXplorer 6.7.43 - 'tg-scan.dll' DLL Loading Arbitrary Code Execution
by anT!-Tr0J4n
Sothink SWF Decompiler - 'dwmapi.dll' DLL Loading Arbitrary Code Execution
by anT!-Tr0J4n
GreenBrowser - 'RSRC32.dll' DLL Loading Arbitrary Code Execution
by anT!-Tr0J4n
Easy Office Recovery - 'dwmapi.dll' DLL Loading Arbitrary Code Execution
by anT!-Tr0J4n
SWiSH Max3 - DLL Loading Arbitrary Code Execution
by anT!-Tr0J4n
Linux kernel <2.6.36-rc4-git2 - Privilege Escalation
The IA32 system call emulation functionality in arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.36-rc4-git2 on the x86_64 platform does not zero extend the %eax register after the 32-bit entry path to ptrace is used, which allows local users to gain privileges by triggering an out-of-bounds access to the system call table using the %rax register. NOTE: this vulnerability exists because of a CVE-2007-4573 regression.
by ben hawkes
Linux kernel <2.6.36-rc4-git2 - Privilege Escalation
The compat_alloc_user_space functions in include/asm/compat.h files in the Linux kernel before 2.6.36-rc4-git2 on 64-bit platforms do not properly allocate the userspace memory required for the 32-bit compatibility layer, which allows local users to gain privileges by leveraging the ability of the compat_mc_getsockopt function (aka the MCAST_MSFILTER getsockopt support) to control a certain length value, related to a "stack pointer underflow" issue, as exploited in the wild in September 2010.
by Ac1dB1tCh3z
CVSS 7.8
Mozilla Firefox <4.0 - Info Disclosure
The Math.random function in the JavaScript implementation in Mozilla Firefox 3.5.10 through 3.5.11, 3.6.4 through 3.6.8, and 4.0 Beta1 uses a random number generator that is seeded only once per document object, which makes it easier for remote attackers to track a user, or trick a user into acting upon a spoofed pop-up message, by calculating the seed value, related to a "temporary footprint" and an "in-session phishing attack." NOTE: this vulnerability exists because of an incorrect fix for CVE-2008-5913.
by Amit Klein
Microsoft Windows - Local Procedure Call (LPC) Privilege Escalation
by yuange
UltraVNC 1.0.8.2 - DLL Loading Arbitrary Code Execution
by Ivan Markovic
Linux kernel <2.6.27.53-2.6.35.4 - RCE/DoS
Integer overflow in net/can/bcm.c in the Controller Area Network (CAN) implementation in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows attackers to execute arbitrary code or cause a denial of service (system crash) via crafted CAN traffic.
by Jon Oberheide
Microsoft Groove 2007 SP2 - Privilege Escalation
Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability."
by Beenu Arora
Microsoft Windows Contacts - RCE
Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file. NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3147.
by storm
Acunetix Web Vulnerability Scanner - DLL Loading Arbitrary Code Execution
by Kolor
Bloodshed Dev-C++ 4.9.9.2 - Multiple EXE Loading Arbitrary Code Executions
by storm
TechSmith Snagit <11 - RCE
Untrusted search path vulnerability in TechSmith Snagit all versions 10.x and 11.x allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll that is located in the same folder as a snag, snagcc, or snagprof file.
by Encrypt3d.M!nd
By Source