Exploitdb Exploits

3,138 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-1028 EXPLOITDB c VERIFIED
ediSys eZip Wizard 3.0 - Stack-Based Buffer Overflow via Crafted ZIP File
Stack-based buffer overflow in ediSys eZip Wizard 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file.
by fl0 fl0w
CVE-2009-1059 EXPLOITDB c VERIFIED
PowerZip 7.2 - Stack-based Buffer Overflow via Crafted ZIP File
Stack-based buffer overflow in Trident PowerZip 7.2 might allow remote attackers to execute arbitrary code via a crafted .zip file. NOTE: CVE has not investigated whether the specified file.zip file can be used for exploitation of this product.
by fl0 fl0w
EIP-2026-110686 EXPLOITDB c VERIFIED
PHP Director 0.21 - SQL Into Outfile 'eval()' Injection
by StAkeR
EIP-2026-118077 EXPLOITDB c VERIFIED
VUplayer 2.49 - '.cue' Local Buffer Overflow
by Assed Edin
CVE-2009-0835 EXPLOITDB c VERIFIED
Linux kernel <2.6.28.7 - Privilege Escalation
The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod, a related issue to CVE-2009-0342 and CVE-2009-0343.
by Chris Evans
EIP-2026-104592 EXPLOITDB c VERIFIED
Apple Mac OSX xnu 1228.x - Local Kernel Memory Disclosure
by mu-b
CVE-2009-0028 EXPLOITDB c VERIFIED
Linux kernel <2.6.28 - Privilege Escalation
The clone system call in the Linux kernel 2.6.28 and earlier allows local users to send arbitrary signals to a parent process from an unprivileged child process by launching an additional child process with the CLONE_PARENT flag, and then letting this new process exit.
by Chris Evans
CVE-2009-0676 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.28.6 - Information Disclosure via SO_BSDCOMPAT getsockopt Request
The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request.
by Clément Lecigne
EIP-2026-117021 EXPLOITDB c VERIFIED
dBpowerAMP Audio Player 2 - '.pls' Local Buffer Overflow
by SimO-s0fT
CVE-2009-0476 EXPLOITDB c VERIFIED
MultiMedia Soft AdjMmsEng.dll <7.11.2.7 - Buffer Overflow
Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0 and 7.11.2.7, as distributed in multiple MultiMedia Soft audio components for .NET, allows remote attackers to execute arbitrary code via a long string in a playlist (.pls) file, as originally reported for Euphonics Audio Player 1.0. NOTE: some of these details are obtained from third party information.
by Single Eye
CVE-2009-1808 EXPLOITDB c VERIFIED
Windows XP SP3 - Denial of Service via SPI_SETDESKWALLPAPER SystemParametersInfo Call
Microsoft Windows XP SP3 allows local users to cause a denial of service (system crash) by making an SPI_SETDESKWALLPAPER SystemParametersInfo call with an improperly terminated pvParam argument, followed by an SPI_GETDESKWALLPAPER SystemParametersInfo call.
by Arkon
EIP-2026-117248 EXPLOITDB c VERIFIED
GOM Player 2.0.12 - '.pls' Universal Buffer Overflow
by Stack
EIP-2026-118023 EXPLOITDB c VERIFIED
Total Video Player 1.3.7 - '.m3u' Local Buffer Overflow
by SimO-s0fT
EIP-2026-116531 EXPLOITDB c VERIFIED
WFTPD Pro 3.30 - Multiple Command Remote Denial of Service Vulnerabilities
by LiquidWorm
CVE-2009-0304 EXPLOITDB c VERIFIED
Sun Solaris 10-11 & OpenSolaris - DoS
The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attackers to cause a denial of service (system crash) via a crafted IPv6 packet, related to an "insufficient validation security vulnerability," as demonstrated by SunOSipv6.c.
by kingcope
CVE-2009-0343 EXPLOITDB c VERIFIED
Niels Provos Systrace <1.6f - Privilege Escalation
Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a policy-compliant 64-bit syscall, related to race conditions that occur in monitoring 64-bit processes.
by Chris Evans
EIP-2026-116927 EXPLOITDB c VERIFIED
Browser3D 3.5 - '.sfs' Local Stack Overflow
by SimO-s0fT
CVE-2008-3834 EXPLOITDB c VERIFIED
D-bus <1.2.4 - DoS
The dbus_signature_validate function in the D-bus library (libdbus) before 1.2.4 allows remote attackers to cause a denial of service (application abort) via a message containing a malformed signature, which triggers a failed assertion error.
by Jon Oberheide
CVE-2009-1436 EXPLOITDB c VERIFIED
FreeBSD 6.3-7.2-PRERELEASE - Information Disclosure via Uninitialized Memory in db Interface
The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file.
by Jaakko Heinonen
EIP-2026-100999 EXPLOITDB c VERIFIED
Cisco - VLAN Trunking Protocol Denial of Service
by showrun
EIP-2026-117249 EXPLOITDB c VERIFIED
GOM Player 2.0.12.3375 - '.asx' Local Stack Overflow
by DATA_SNIPER
CVE-2008-5745 EXPLOITDB c VERIFIED
Microsoft Windows Media Player <11.0.5721.5260 - DoS
Integer overflow in quartz.dll in the DirectShow framework in Microsoft Windows Media Player (WMP) 9, 10, and 11, including 11.0.5721.5260, allows remote attackers to cause a denial of service (application crash) via a crafted (1) WAV, (2) SND, or (3) MID file. NOTE: this has been incorrectly reported as a code-execution vulnerability. NOTE: it is not clear whether this issue is related to CVE-2008-4927.
by anonymous
CVE-2008-4113 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.26.4 - Sensitive Information Exposure via SCTP_HMAC_IDENT IOCTL
The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying of data from kernel memory, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function.
by Jon Oberheide
CVE-2008-5736 EXPLOITDB c VERIFIED
FreeBSD 6-7 - Privilege Escalation via Uninitialized Function Pointers
Multiple unspecified vulnerabilities in FreeBSD 6 before 6.4-STABLE, 6.3 before 6.3-RELEASE-p7, 6.4 before 6.4-RELEASE-p1, 7.0 before 7.0-RELEASE-p7, 7.1 before 7.1-RC2, and 7 before 7.1-PRERELEASE allow local users to gain privileges via unknown attack vectors related to function pointers that are "not properly initialized" for (1) netgraph sockets and (2) bluetooth sockets.
by Don Bailey
CVE-2008-5713 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.25 - Denial of Service via Network Traffic Flood
The __qdisc_run function in net/sched/sch_generic.c in the Linux kernel before 2.6.25 on SMP machines allows local users to cause a denial of service (soft lockup) by sending a large amount of network traffic, as demonstrated by multiple simultaneous invocations of the Netperf benchmark application in UDP_STREAM mode.
by Herbert Xu
By Source
All 3,138 Writeup 62,043 Exploitdb 50,076 Nomisec 22,336 Github 3,517 Metasploit 3,299 Vulncheck_xdb 927 Inthewild 514 Gitlab 470 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,515 ruby 5,989 c 3,622 perl 2,849 html 2,072 php 1,332 bash 462 java 370 c++ 257 javascript 228 shell 130 go 72 postscript 25 typescript 25