Exploitdb Exploits

3,149 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-0108 EXPLOITDB c VERIFIED
Microsoft Office - Memory Corruption
Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
by chujwamwdupe
EIP-2026-102847 EXPLOITDB c VERIFIED
GKrellM GKrellWeather 0.2.7 Plugin - Local Stack Buffer Overflow
by forensec
CVE-2008-0010 EXPLOITDB c VERIFIED
Linux kernel <2.6.25 - Info Disclosure
The copy_from_user_mmap_sem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations.
by qaaz
CVE-2008-0600 EXPLOITDB c VERIFIED
Linux Kernel - Code Injection
The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010.
by qaaz
CVE-2008-0600 EXPLOITDB c VERIFIED
Linux Kernel - Code Injection
The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010.
by qaaz
CVE-2008-0621 EXPLOITDB c VERIFIED
Sapgui < 6.28 - Memory Corruption
Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands.
by BackBone
CVE-2008-0108 EXPLOITDB c VERIFIED
Microsoft Office - Memory Corruption
Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
by Luigi Auriemma
EIP-2026-101043 EXPLOITDB c VERIFIED
MikroTik RouterOS 3.0 - SNMP SET Denial of Service
by ShadOS
CVE-2008-0680 EXPLOITDB c VERIFIED
Microtik Routeros < 3.2 - Denial of Service
SNMPd in MikroTik RouterOS 3.2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP SET request.
by ShadOS
CVE-2007-0949 EXPLOITDB c VERIFIED
iTinySoft Studio Total Video Player <1.03 - Buffer Overflow
Stack-based buffer overflow in iTinySoft Studio Total Video Player 1.03, and possibly earlier, allows remote attackers to execute arbitrary code via a M3U playlist file that contains a long file name. NOTE: it was later reported that 1.20 and 1.30 are also affected.
by fl0 fl0w
CVE-2008-0573 EXPLOITDB c VERIFIED
Safenet Ipsecdrv.sys - Access Control
IPSecDrv.sys 10.4.0.12 in SafeNET HighAssurance Remote and SoftRemote allows local users to gain privileges via a crafted IPSECDRV_IOCTL IOCTL request.
by mu-b
CVE-2008-0493 EXPLOITDB c VERIFIED
Irfanview - Memory Corruption
fpx.dll 3.9.8.0 in the FlashPix plugin for IrfanView 4.10 allows remote attackers to execute arbitrary code via a crafted FlashPix (.FPX) file, which triggers heap corruption. NOTE: some of these details are obtained from third party information.
by Marsu
CVE-2008-0434 EXPLOITDB c VERIFIED
Gecad Technologies Axigen Mail Server - Numeric Error
Format string vulnerability in the AXIMilter module in AXIGEN Mail Server 5.0.2 allows remote attackers to execute arbitrary code via format string specifiers in the CNHO command.
by hempel
CVE-2007-3039 EXPLOITDB c VERIFIED
Microsoft Message Queuing - Memory Corruption
Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
by Marcin Kozlowski
CVE-2008-0384 EXPLOITDB c VERIFIED
Openbsd - Denial of Service
OpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereference when the return value from the rtlabel_id2name function is not checked.
by Hunger
CVE-2008-0324 EXPLOITDB c VERIFIED
Cisco VPN Client - Resource Management Error
Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption.
by mu-b
CVE-2008-0352 EXPLOITDB c VERIFIED
Linux Kernel - Memory Corruption
The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to cause a denial of service (panic) via a certain IPv6 packet, possibly involving the Jumbo Payload hop-by-hop option (jumbogram).
by Clemens Kurtenbach
CVE-2007-0634 EXPLOITDB c VERIFIED
SUN Solaris - Denial of Service
Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.
by kingcope
CVE-2007-6731 EXPLOITDB c VERIFIED
XMP 2.5.1 - RCE
Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via an OXM file with a negative value, which bypasses a check in (1) test_oxm and (2) decrunch_oxm functions in misc/oxm.c, leading to a buffer overflow.
by Luigi Auriemma
CVE-2007-6537 EXPLOITDB c VERIFIED
WinUAE 1.4.4 - Buffer Overflow
Stack-based buffer overflow in the zfile_gunzip function in zfile.c in WinUAE 1.4.4 and earlier allows user-assisted remote attackers to execute arbitrary code via a long filename in a gzipped archive, such as a (1) gz, (2) adz, (3) roz, or (4) hdz archive in a compressed floppy disk image.
by Luigi Auriemma
CVE-2007-3876 EXPLOITDB c VERIFIED
Apple Mac OS X - Memory Corruption
Stack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows local users to execute arbitrary code via (1) a long workgroup (-W) option to mount_smbfs or (2) an unspecified manipulation of the command line to smbutil.
by Subreption LLC.
CVE-2007-6510 EXPLOITDB c VERIFIED
ProWizard 4 PC <1.62 - RCE
Multiple stack-based buffer overflows in ProWizard 4 PC (prowiz) 1.62 and earlier allow remote attackers to execute arbitrary code via a crafted file to the (1) AMOS-MusicBank, (2) FuzzacPacker, and (3) QuadraComposer rippers; and (4) have an unknown impact via a crafted file to the SkytPacker ripper.
by Luigi Auriemma
EIP-2026-103516 EXPLOITDB c VERIFIED
id3lib ID3 Tags - Buffer Overflow
by Luigi Auriemma
CVE-2007-4567 EXPLOITDB c VERIFIED
Linux kernel <2.6.22 - DoS
The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet.
by Clemens Kurtenbach
CVE-2007-6478 EXPLOITDB c VERIFIED
Rosoft Media Player <4.1.8 - Buffer Overflow
Stack-based buffer overflow in Rosoft Media Player 4.1.7, 4.1.8, and possibly earlier versions allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a .M3U file. NOTE: some of these details are obtained from third party information.
by devcode
By Source
All 3,149 Exploitdb 50,121 Writeup 46,662 Nomisec 21,135 Metasploit 3,189 Github 2,237 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,731 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 260 c++ 246 shell 68 go 41 postscript 25 xml 24