Exploitdb Exploits
3,138 exploits tracked across all sources.
SAPLPD < 6.28 - Remote Code Execution via Long LPD Command Arguments
Buffer overflow in SAPLPD 6.28 and earlier included in SAP GUI 7.10 and SAPSprint before 1018 allows remote attackers to execute arbitrary code via long arguments to the (1) 0x01, (2) 0x02, (3) 0x03, (4) 0x04, and (5) 0x05 LPD commands.
by BackBone
Microsoft Works File Converter - Stack-based Buffer Overflow via Crafted .wps File Field Lengths
Stack-based buffer overflow in wkcvqd01.dll in Microsoft Works 6 File Converter, as used in Office 2003 SP2 and SP3, Works 8.0, and Works Suite 2005, allows remote attackers to execute arbitrary code via a .wps file with crafted field lengths, aka "Microsoft Works File Converter Field Length Vulnerability."
by Luigi Auriemma
MikroTik RouterOS < 3.2 - Denial of Service via SNMP SET Request
SNMPd in MikroTik RouterOS 3.2 and earlier allows remote attackers to cause a denial of service (daemon crash) via a crafted SNMP SET request.
by ShadOS
iTinySoft Studio Total Video Player <1.03 - Buffer Overflow
Stack-based buffer overflow in iTinySoft Studio Total Video Player 1.03, and possibly earlier, allows remote attackers to execute arbitrary code via a M3U playlist file that contains a long file name. NOTE: it was later reported that 1.20 and 1.30 are also affected.
by fl0 fl0w
SafeNET IPSecDrv.sys 10.4.0.12 - Privilege Escalation via Crafted IOCTL Request
IPSecDrv.sys 10.4.0.12 in SafeNET HighAssurance Remote and SoftRemote allows local users to gain privileges via a crafted IPSECDRV_IOCTL IOCTL request.
by mu-b
IrfanView - Remote Code Execution via Crafted FlashPix File
fpx.dll 3.9.8.0 in the FlashPix plugin for IrfanView 4.10 allows remote attackers to execute arbitrary code via a crafted FlashPix (.FPX) file, which triggers heap corruption. NOTE: some of these details are obtained from third party information.
by Marsu
AXIGEN Mail Server 5.0.2 - Remote Code Execution via AXIMilter CNHO Command Format String
Format string vulnerability in the AXIMilter module in AXIGEN Mail Server 5.0.2 allows remote attackers to execute arbitrary code via format string specifiers in the CNHO command.
by hempel
Microsoft Message Queuing - Stack-based Buffer Overflow via RPC Opnum 0x06
Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
by Marcin Kozlowski
OpenBSD 4.2 - Denial of Service via SIOCGIFRTLABEL IOCTL
OpenBSD 4.2 allows local users to cause a denial of service (kernel panic) by calling the SIOCGIFRTLABEL IOCTL on an interface that does not have a route label, which triggers a NULL pointer dereference when the return value from the rtlabel_id2name function is not checked.
by Hunger
Cisco VPN Client 5.0.02.0090 - Denial of Service via IOCTL 0x80002038
Cisco Systems VPN Client IPSec Driver (CVPNDRVA.sys) 5.0.02.0090 allows local users to cause a denial of service (crash) by calling the 0x80002038 IOCTL with a small size value, which triggers memory corruption.
by mu-b
Linux Kernel 2.6.20-2.6.21.1 - Denial of Service via IPv6 Jumbo Payload Hop-by-Hop Option
The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to cause a denial of service (panic) via a certain IPv6 packet, possibly involving the Jumbo Payload hop-by-hop option (jumbogram).
by Clemens Kurtenbach
Solaris 10 - Denial of Service via ICMP Packets
Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.
by kingcope
Extended Module Player < 2.5.1 - Remote Code Execution via OXM File Negative Value Bypass
Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via an OXM file with a negative value, which bypasses a check in (1) test_oxm and (2) decrunch_oxm functions in misc/oxm.c, leading to a buffer overflow.
by Luigi Auriemma
WinUAE <= 1.4.4 - Stack-based Buffer Overflow via Long Filename in Gzipped Archive
Stack-based buffer overflow in the zfile_gunzip function in zfile.c in WinUAE 1.4.4 and earlier allows user-assisted remote attackers to execute arbitrary code via a long filename in a gzipped archive, such as a (1) gz, (2) adz, (3) roz, or (4) hdz archive in a compressed floppy disk image.
by Luigi Auriemma
Mac OS X 10.4.11 - Stack-Based Buffer Overflow via SMB Workgroup Option
Stack-based buffer overflow in SMB in Apple Mac OS X 10.4.11 allows local users to execute arbitrary code via (1) a long workgroup (-W) option to mount_smbfs or (2) an unspecified manipulation of the command line to smbutil.
by Subreption LLC.
ProWizard 4 PC < 1.62 - Remote Code Execution via Crafted File in Multiple Rippers
Multiple stack-based buffer overflows in ProWizard 4 PC (prowiz) 1.62 and earlier allow remote attackers to execute arbitrary code via a crafted file to the (1) AMOS-MusicBank, (2) FuzzacPacker, and (3) QuadraComposer rippers; and (4) have an unknown impact via a crafted file to the SkytPacker ripper.
by Luigi Auriemma
Linux Kernel < 2.6.22 - Denial of Service via IPv6 Hop-by-Hop Extended Header
The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic) via a crafted IPv6 packet.
by Clemens Kurtenbach
Rosoft Media Player <4.1.8 - Buffer Overflow
Stack-based buffer overflow in Rosoft Media Player 4.1.7, 4.1.8, and possibly earlier versions allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a .M3U file. NOTE: some of these details are obtained from third party information.
by devcode
Linux Kernel < 2.6.11.5 - BlueTooth Stack Privilege Escalation
by Backdoored
Samba 3.0.0-3.0.27a - Stack-based Buffer Overflow via Long GETDC String in SAMLOGON Request
Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.
by x86
macOS X 10.5.1 - Denial of Service via Crafted Signed Mach-O Binary
The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL.
by mu-b
Debian GNU/Linux - Privilege Escalation
Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L (output log file) option. NOTE: this issue is only a vulnerability in limited environments, since sing is not installed setuid, and the administrator would need to override a non-setuid default during installation.
by bannedit
Mac OS X 10.4-10.5.1 - Denial of Service via Mach-O Binary Integer Overflow
Integer overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary.
by mu-b
By Source