Exploitdb Exploits
3,138 exploits tracked across all sources.
Apache Tomcat 4.1.0-4.1.37, 5.5.0-5.5.26, 6.0.0-6.0.16 - Directory Traversal via Encoded URI Sequences
Directory traversal vulnerability in Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when allowLinking and UTF-8 are enabled, allows remote attackers to read arbitrary files via encoded directory traversal sequences in the URI, a different vulnerability than CVE-2008-2370. NOTE: versions earlier than 6.0.18 were reported affected, but the vendor advisory lists 6.0.16 as the last affected version.
by mywisdom
IBM AIX < 5.3 - Remote Code Execution via Long NLST Command
Buffer overflow in ftpd in IBM AIX 5.3 and earlier allows remote attackers to execute arbitrary code via a long NLST command.
by kingcope
libpng <1.2.44, <1.4.3 - Buffer Overflow
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
by kripthor
CVSS 9.8
NFS/ONCplus < b.11.31_09 - Remote Code Execution via Format String in RPC Request
Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.
by Rodrigo Rubira Branco
Corel WordPerfect Office X5 15.0.0.357 - 'wpd' Buffer Overflow (PoC)
by LiquidWorm
iscripts Socialware 2.2.x - Multiple Vulnerabilities
by Salvatore Fresta
iScripts Socialware 2.2.x - Arbitrary File Upload
by Salvatore Fresta
Adobe Acrobat and Reader 9.x < 9.3.3 and 8.x < 8.2.3 - Denial of Service or Remote Code Execution
Unspecified vulnerability in Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allows attackers to cause a denial of service or possibly execute arbitrary code via unknown vectors.
by LiquidWorm
UltraISO 9.3.6.2750 - '.mds' / '.mdf' Buffer Overflow (PoC)
by fl0 fl0w
FreeBSD 7.2-8.1-PRERELEASE - Privilege Escalation via NFS Client fhsize Parameter
sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD 7.2 through 8.1-PRERELEASE, when vfs.usermount is enabled, does not validate the length of a certain fhsize parameter, which allows local users to gain privileges via a crafted mount request.
by Patroklos Argyroudis
FreeBSD 7.2-8.1-PRERELEASE - Privilege Escalation via NFS Client fhsize Parameter
sys/nfsclient/nfs_vfsops.c in the NFS client in the kernel in FreeBSD 7.2 through 8.1-PRERELEASE, when vfs.usermount is enabled, does not validate the length of a certain fhsize parameter, which allows local users to gain privileges via a crafted mount request.
by Patroklos Argyroudis
Microsoft MFC Library - Buffer Overflow
Stack-based buffer overflow in the UpdateFrameTitleForDocument method in the CFrameWnd class in mfc42.dll in the Microsoft Foundation Class (MFC) Library in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows context-dependent attackers to execute arbitrary code via a long window title that this library attempts to create at the request of an application, as demonstrated by the Trident PowerZip 7.2 Build 4010 application, aka "Windows MFC Document Title Updating Buffer Overflow Vulnerability."
by fl0 fl0w
H264WebCam 3.7 - Denial of Service via Long URI
H264WebCam 3.7 allows remote attackers to cause a denial of service (crash) via a long URI in a GET request, which triggers a NULL pointer dereference. NOTE: some of these details are obtained from third party information.
by fl0 fl0w
SaschArt SasCAM Webcam Server <= 2.7 - Denial of Service via Long GET Request
Soft SaschArt SasCAM Webcam Server 2.6.5, 2.7, and earlier allows remote attackers to cause a denial of service (crash) via a large number of requests with a long line, as demonstrated using a long GET request.
by fl0 fl0w
SureThing CD Labeler - '.m3u/.pls' Unicode Stack Overflow
by mr_me
Adobe Photoshop CS4 <11.0.2 - Buffer Overflow
Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file.
by LiquidWorm
Adobe Photoshop CS4 <11.0.2 - Buffer Overflow
Multiple buffer overflows in Adobe Photoshop CS4 before 11.0.2 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) .ASL, (2) .ABR, or (3) .GRD file.
by LiquidWorm
Kingsoft Webshield < 3.5.1.2 - Arbitrary Kernel Memory Overwrite via KAVSafe.sys IOCTL 0x830020d4
KAVSafe.sys 2010.4.14.609 and earlier, as used in Kingsoft Webshield 3.5.1.2 and earlier, allows local users to overwrite arbitrary kernel memory via a crafted request to IOCTL 0x830020d4 on the KAVSafe device.
by Xuanyuan Smart
Linux Kernel 2.6.29-2.6.32 - Unauthorized Sensitive Information Exposure via btrfs_ioctl_clone
The btrfs_ioctl_clone function in fs/btrfs/ioctl.c in the btrfs functionality in the Linux kernel 2.6.29 through 2.6.32, and possibly other versions, does not ensure that a cloned file descriptor has been opened for reading, which allows local users to read sensitive information from a write-only file descriptor.
by Dan Rosenberg
By Source