Exploitdb Exploits
3,138 exploits tracked across all sources.
PunBB <= 1.2.10 - Unauthenticated Denial of Service via Rapid User Registration
PunBB 1.2.10 and earlier allows remote attackers to cause a denial of service (resource consumption) by registering many user accounts quickly.
OpenSSL 1.0.1-1.0.1f - Out-of-bounds Read via Heartbeat Extension
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
CVSS 7.5
OpenSSL 1.0.1-1.0.1f - Out-of-bounds Read via Heartbeat Extension
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
CVSS 7.5
McAfee Anti-Virus Engine DATS <4398-4397 - Auth Bypass
McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th 2004 and DATS Driver before 4397 October 6th 2004 allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
Computer Associates (CA) - Auth Bypass
Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 through r7.1, eTrust Antivirus for the Gateway r7.0 and r7.1, eTrust Secure Content Manager, eTrust Intrusion Detection, EZ-Armor 2.0 through 2.4, and EZ-Antivirus 6.1 through 6.3 allow remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
archive_zip - Antivirus Bypass via Zeroed Local and Global Headers
Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
Eset Anti-Virus <1.020 - Auth Bypass
Eset Anti-Virus before 1.020 (16th September 2004) allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
RAV Antivirus - Auth Bypass
RAV antivirus allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
Sophos Anti-Virus <3.87.0-3.88.0 - Auth Bypass
Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, 98, and Me before 3.88.0, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
Archive::Zip <1.14 - Open Redirect
Archive::Zip Perl module before 1.14, when used by antivirus programs such as amavisd-new, allows remote attackers to bypass antivirus protection via a compressed file with both local and global headers set to zero, which does not prevent the compressed file from being opened on a target system.
NCSA WebServer 1.4.1 and below - Buffer Overflow
Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access.
NCSA WebServer 1.4.1 and below - Buffer Overflow
Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access.
Linux Kernel 4.7.7-4.9.239 - Unauthenticated Privilege Escalation via BlueZ Input Validation
Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access.
CVSS 8.8
Linux Kernel - TCP Connection Spoofing
In Linux before version 2.0.36, remote attackers can spoof a TCP connection and pass data to the application layer before fully establishing the connection.
GazTek ghttpd 1.4 - Remote Code Execution via Long Arguments
Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to execute arbitrary code via long arguments that are passed to (1) the Log function in util.c, or (2) serveconnection in protocol.c.
X.Org xserver <1.11.2 - Info Disclosure
The LockServer function in os/utils.c in X.Org xserver before 1.11.2 allows local users to change the permissions of arbitrary files to 444, read those files, and possibly cause a denial of service (removed execution permission) via a symlink attack on a temporary lock file.
wireless_tools - Buffer Overflow via Long OUT Environment Variable
Buffer overflow in iwconfig, when installed setuid, allows local users to execute arbitrary code via a long OUT environment variable.
Linux Kernel < 2.6.36.2 - Local Privilege Escalation via Econet iovec Structures
Stack-based buffer overflow in the econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to gain privileges by providing a large number of iovec structures.
Linux kernel <2.6.36.2 - Privilege Escalation
The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call.
Linux Kernel < 2.6.36.2 - Denial of Service via NULL Pointer Dereference in econet_sendmsg
The econet_sendmsg function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2, when an econet address is configured, allows local users to cause a denial of service (NULL pointer dereference and OOPS) via a sendmsg call that specifies a NULL value for the remote address field.
Linux kernel <2.6.36.2 - Privilege Escalation
The ec_dev_ioctl function in net/econet/af_econet.c in the Linux kernel before 2.6.36.2 does not require the CAP_NET_ADMIN capability, which allows local users to bypass intended access restrictions and configure econet addresses via an SIOCSIFADDR ioctl call.
Linux kernel <2.6.25 - Memory Corruption
The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.
Linux Kernel 2.6.20 and later - Denial of Service via Negative optlen in DCCP getsockopt
Integer signedness error in the DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service (oops) via a negative optlen value.
Linux Kernel 2.6.20 and later - Denial of Service via Negative optlen in DCCP getsockopt
Integer signedness error in the DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service (oops) via a negative optlen value.
Linux kernel <2.6.25 - Memory Corruption
The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.
By Source