Exploitdb Exploits

3,149 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-102872 EXPLOITDB c VERIFIED
HTMLDOC 1.8.27 - '.html' File Handling Stack Buffer Overflow
by Pankaj Kohli
EIP-2026-102844 EXPLOITDB c VERIFIED
GemStone/S 6.3.1 - 'stoned' Local Buffer Overflow
by Jeremy Brown
CVE-2009-4834 EXPLOITDB c VERIFIED
Xpressengine Zeroboard - Code Injection
lib.php in Zeroboard 4.1 pl7 allows remote attackers to execute arbitrary PHP code via a crafted parameter name, possibly related to now_connect.php.
by SpeeDr00t
CVE-2009-2698 EXPLOITDB HIGH c VERIFIED
Linux Kernel <2.6.19 - Privilege Escalation
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
by Andi
CVSS 7.8
EIP-2026-115581 EXPLOITDB c VERIFIED
MailEnable 1.52 - HTTP Mail Service Stack Buffer Overflow (PoC)
by fl0 fl0w
CVE-2009-2698 EXPLOITDB HIGH c VERIFIED
Linux Kernel <2.6.19 - Privilege Escalation
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
by INetCop Security
CVSS 7.8
CVE-2009-3002 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.31 - Information Disclosure
The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c.
by Jon Oberheide
CVE-2009-2692 EXPLOITDB HIGH c VERIFIED
Linux kernel <2.6.30.4, <2.4.37.4 - Privilege Escalation
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
by Ramon de C Valle
CVSS 7.8
CVE-2009-3002 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.31 - Information Disclosure
The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c.
by Clément Lecigne
CVE-2009-3001 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.31 - Information Disclosure
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not initialize a certain data structure, which allows local users to read the contents of some kernel memory locations by calling getsockname on an AF_LLC socket.
by Jon Oberheide
EIP-2026-116855 EXPLOITDB c VERIFIED
Avast! 4.8.1335 Professional - Kernel Local Buffer Overflow
by Heurs
CVE-2009-2692 EXPLOITDB HIGH c VERIFIED
Linux kernel <2.6.30.4, <2.4.37.4 - Privilege Escalation
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
by INetCop Security
CVSS 7.8
EIP-2026-100957 EXPLOITDB c VERIFIED
FreeBSD 6.1 - 'kqueue()' Null Pointer Dereference Privilege Escalation
by Przemyslaw Frasunek
CVE-2009-3043 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.31 - Resource Management Error
The tty_ldisc_hangup function in drivers/char/tty_ldisc.c in the Linux kernel 2.6.31-rc before 2.6.31-rc8 allows local users to cause a denial of service (system crash, sometimes preceded by a NULL pointer dereference) or possibly gain privileges via certain pseudo-terminal I/O activity, as demonstrated by KernelTtyTest.c.
by Eric W. Biederman
EIP-2026-102662 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.30.5 - 'cfg80211' Remote Denial of Service
by Jon Oberheide
CVE-2009-2767 EXPLOITDB c VERIFIED
Linux kernel <2.6.31-rc6 - DoS
The init_posix_timers function in kernel/posix-timers.c in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (OOPS) or possibly gain privileges via a CLOCK_MONOTONIC_RAW clock_nanosleep call that triggers a NULL pointer dereference.
by Hiroshi Shimamoto
EIP-2026-100953 EXPLOITDB c VERIFIED
FreeBSD 7.2-RELEASE - SCTP Local Kernel Denial of Service
by Shaun Colley
CVE-2005-4605 EXPLOITDB c VERIFIED
Linux <2.6.15 - Info Disclosure
The procfs code (proc_misc.c) in Linux 2.6.14.3 and other versions before 2.6.15 allows attackers to read sensitive kernel memory via unspecified vectors in which a signed value is added to an unsigned value.
by Jon Oberheide
CVE-2009-2847 EXPLOITDB c VERIFIED
Linux kernel <2.6.31-rc5 - Info Disclosure
The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack function.
by Jon Oberheide
EIP-2026-102948 EXPLOITDB c VERIFIED
PHP Fuzzer Framework - Default Location Insecure Temporary File Creation
by Melissa Elliott
EIP-2026-115357 EXPLOITDB c VERIFIED
Google SketchUp Pro 7.0 - '.skp' Remote Stack Overflow (PoC)
by LiquidWorm
EIP-2026-119253 EXPLOITDB c VERIFIED
VideoLAN VLC Media Player 0.8.6f - 'smb://' URI Handling Remote Buffer Overflow
by Pankaj Kohli
CVE-2009-0696 EXPLOITDB c VERIFIED
ISC BIND <9.4.3-P3, 9.5, 9.6 - DoS
The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message.
by kingcope
CVE-2009-0692 EXPLOITDB c VERIFIED
ISC DHCP <4.1.0p1-2.0 - Buffer Overflow
Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet-mask option.
by Jon Oberheide
EIP-2026-100952 EXPLOITDB c VERIFIED
FreeBSD 7.2 - 'pecoff' Local Denial of Service
by Shaun Colley
By Source
All 3,149 Exploitdb 50,121 Writeup 46,628 Nomisec 21,129 Metasploit 3,189 Github 2,234 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,729 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 260 c++ 246 shell 68 go 41 postscript 25 xml 24