Exploitdb Exploits

3,138 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-3727 EXPLOITDB c VERIFIED
MicroWorld Technologies MailScan <5.6.a - Path Traversal
Directory traversal vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
by SlaYeR
CVE-2008-6976 EXPLOITDB c VERIFIED
MikroTik RouterOS 2.x-2.9.51 & 3.x-3.13 - Unauthenticated SNMP Set Request Modifies NMS Settings
MikroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request.
by ShadOS
CVE-2008-0964 EXPLOITDB c VERIFIED
OpenSolaris and Solaris 8-10 - Remote Code Execution via Crafted SMB Packet
Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet.
by Andi
CVE-2008-3360 EXPLOITDB c VERIFIED
IntelliTamper 2.0.7 - Remote Code Execution via Long HREF Attribute in HTML Parser
Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 allows remote attackers to execute arbitrary code via a long URL in the HREF attribute of an A element, a different vulnerability than CVE-2006-2494.
by kralor
CVE-2008-3361 EXPLOITDB c VERIFIED
IntelliTamper 2.07 - Buffer Overflow
Stack-based buffer overflow in IntelliTamper 2.07 allows remote web sites to execute arbitrary code via a long HTTP Server header.
by Wojciech Pawlikowski
CVE-2008-3583 EXPLOITDB c VERIFIED
IntelliTamper - Buffer Overflow via Long URL in IMG SRC Attribute
Buffer overflow in the HTML parser in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a long URL in the SRC attribute of an IMG element. NOTE: this might be related to CVE-2008-3360. NOTE: it was later reported that 2.08 Beta 4 is also affected.
by r0ut3r
CVE-2007-2363 EXPLOITDB c VERIFIED
IrfanView < 4.00 - Buffer Overflow via Crafted IFF File
Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file.
by fl0 fl0w
CVE-2010-0437 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.27 - Denial of Service via IPv6 TUN Network Interface
The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux kernel before 2.6.27 does not properly handle certain circumstances involving an IPv6 TUN network interface and a large number of neighbors, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via unknown vectors.
by Rémi Denis-Courmont
CVE-2007-2586 EXPLOITDB c VERIFIED
Cisco IOS 11.3-12.4 - Unauthenticated Remote Code Execution via FTP MKD Command
The FTP Server in Cisco IOS 11.3 through 12.4 does not properly check user authorization, which allows remote attackers to execute arbitrary code, and have other impact including reading startup-config, as demonstrated by a crafted MKD command that involves access to a VTY device and overflows a buffer, aka bug ID CSCek55259.
by Andy Davis
CVE-2008-1447 EXPLOITDB MEDIUM c VERIFIED
BIND < 9.5.0-P1, 9.4.2-P1, 9.3.5-P1 - DNS Cache Poisoning via Insufficient Transaction ID and Source Port Entropy
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
by Marc Bevand
CVSS 6.8
CVE-2008-4194 EXPLOITDB c VERIFIED
pdnsd < 1.2.7-par - Denial of Service via Long DNS Reply
The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par allows remote attackers to cause a denial of service (daemon crash) via a long DNS reply with many entries in the answer section, related to a "dangling pointer bug."
by Marc Bevand
CVE-2008-2463 EXPLOITDB c VERIFIED
Microsoft Office Snapshot Viewer ActiveX snapview.ocx 10.0.5529.0 - RCE via SnapshotPath/CompressedPath
The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
by callAX
CVE-2008-3360 EXPLOITDB c VERIFIED
IntelliTamper 2.0.7 - Remote Code Execution via Long HREF Attribute in HTML Parser
Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 allows remote attackers to execute arbitrary code via a long URL in the HREF attribute of an A element, a different vulnerability than CVE-2006-2494.
by r0ut3r
CVE-2008-3286 EXPLOITDB c VERIFIED
SWAT 4 < 1.1 - Denial of Service via VERIFYCONTENT or GAMECONFIG Command
SWAT 4 1.1 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) VERIFYCONTENT or (2) GAMECONFIG command sent to the server before user session initialization, which triggers a NULL pointer dereference; or (3) a GAMESPYRESPONSE command followed by a long RS string.
by Luigi Auriemma
CVE-2008-3269 EXPLOITDB c VERIFIED
WinSoftMagic WinRemotePC Lite 2008 and Full 2008 - Denial of Service via Crafted TCP Packet
WRPCServer.exe in WinSoftMagic WinRemotePC (WRPC) Lite 2008 and Full 2008 allows remote attackers to cause a denial of service (CPU consumption) via a crafted packet to TCP port 4321.
by Shinnok
CVE-2008-3182 EXPLOITDB c VERIFIED
Download Accelerator Plus <8.6.6.3 - Buffer Overflow
Stack-based buffer overflow in DAP.exe in Download Accelerator Plus (DAP) 7.0.1.3, 8.6.6.3, and other 8.x versions allows user-assisted remote attackers to execute arbitrary code via an M3U (.m3u) file containing a long MP3 URL.
by Shinnok
EIP-2026-104547 EXPLOITDB c VERIFIED
OpenBSD 4.0 - 'vga' Local Privilege Escalation
by lul-disclosure inc.
CVE-2008-2427 EXPLOITDB c VERIFIED
GFL SDK 2.82 - Stack-based Buffer Overflow via Sun TAAC File Format Keyword
Stack-based buffer overflow in NConvert 4.92, GFL SDK 2.82, and XnView 1.93.6 on Windows and 1.70 on Linux and FreeBSD allows user-assisted remote attackers to execute arbitrary code via a crafted format keyword in a Sun TAAC file.
by Shinnok
CVE-2008-2365 EXPLOITDB c VERIFIED
Linux kernel 2.6.9-2.6.25 - Denial of Service via PTRACE_ATTACH Race Condition
Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x.
by Alexei Dobryanov
CVE-2008-2365 EXPLOITDB c VERIFIED
Linux kernel 2.6.9-2.6.25 - Denial of Service via PTRACE_ATTACH Race Condition
Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x.
by Alexei Dobryanov
CVE-2008-5121 EXPLOITDB c VERIFIED
Citrix Deterministic Network Enhancer 2.21.7.233-3.21.7.17464 Privilege Escalation via DNE_IOCTL
dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface.
by mu-b
CVE-2008-6702 EXPLOITDB c VERIFIED
Stalker-game S.t.a.l.k.e.r. < 1.0006 - Improper Input Validation
S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to cause a denial of service (crash) via a long nickname, which triggers an exception.
by Luigi Auriemma
EIP-2026-117979 EXPLOITDB c VERIFIED
Symantec Altiris Client Service 6.8.378 - Local Privilege Escalation
by Alex Hernandez
EIP-2026-117719 EXPLOITDB c VERIFIED
Open Office.org 2.31 - swriter Local Code Execution
by Marsu
CVE-2007-6682 EXPLOITDB c VERIFIED
VLC < 0.8.6d - Remote Code Execution via Format String in HTTP Connection Parameter
Format string vulnerability in the httpd_FileCallBack function (network/httpd.c) in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via format string specifiers in the Connection parameter.
by EpiBite
By Source
All 3,138 Writeup 62,046 Exploitdb 50,076 Nomisec 22,338 Github 3,520 Metasploit 3,299 Vulncheck_xdb 927 Inthewild 514 Gitlab 470 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,515 ruby 5,989 c 3,622 perl 2,849 html 2,072 php 1,332 bash 462 java 370 c++ 257 javascript 228 shell 130 go 72 postscript 25 typescript 25