Exploitdb Exploits

3,149 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-102910 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.11.5 - BlueTooth Stack Privilege Escalation
by Backdoored
CVE-2007-6015 EXPLOITDB c VERIFIED
Samba <3.0.27a - Buffer Overflow
Stack-based buffer overflow in the send_mailslot function in nmbd in Samba 3.0.0 through 3.0.27a, when the "domain logons" option is enabled, allows remote attackers to execute arbitrary code via a GETDC mailslot request composed of a long GETDC string following an offset username in a SAMLOGON logon request.
by x86
CVE-2007-6359 EXPLOITDB c VERIFIED
Apple Mac OS X 10.5.1 - DoS
The cs_validate_page function in bsd/kern/ubc_subr.c in the xnu kernel 1228.0 and earlier in Apple Mac OS X 10.5.1 allows local users to cause a denial of service (failed assertion and system crash) via a crafted signed Mach-O binary that causes the hashes function to return NULL.
by mu-b
CVE-2007-6211 EXPLOITDB c VERIFIED
Debian GNU/Linux - Privilege Escalation
Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L (output log file) option. NOTE: this issue is only a vulnerability in limited environments, since sing is not installed setuid, and the administrator would need to override a non-setuid default during installation.
by bannedit
CVE-2007-6261 EXPLOITDB c VERIFIED
Apple Mac OS X <10.5.1 - DoS
Integer overflow in the load_threadstack function in the Mach-O loader (mach_loader.c) in the xnu kernel in Apple Mac OS X 10.4 through 10.5.1 allows local users to cause a denial of service (infinite loop) via a crafted Mach-O binary.
by mu-b
CVE-2007-6276 EXPLOITDB c VERIFIED
Apple Mac OS X <10.5.4 - DoS
The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted load balancing packet to UDP port 4112.
by mu-b
CVE-2007-6210 EXPLOITDB c VERIFIED
Zabbix <1.4.3 - Privilege Escalation
zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" scripts with gid 0, which might allow local users to gain privileges.
by Bas van Schaik
CVE-2007-6236 EXPLOITDB c VERIFIED
Microsoft Windows Media Player - DoS
Microsoft Windows Media Player (WMP) allows remote attackers to cause a denial of service (application crash) via a certain AIFF file that triggers a divide-by-zero error, as demonstrated by kr.aiff.
by Gil-Dong / Woo-Chi
EIP-2026-119212 EXPLOITDB c VERIFIED
Tencent QQ 2006 LaunchP2PShare - Multiple Stack Buffer Overflow Vulnerabilities
by axis
EIP-2026-118072 EXPLOITDB c VERIFIED
VMware Tools 3.1 - 'HGFS.Sys' Local Privilege Escalation
by SoBeIt
CVE-2007-4684 EXPLOITDB c VERIFIED
Apple Mac OS X <10.4.11 - RCE
Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a large num_sels argument to the i386_set_ldt system call.
by RISE Security
CVE-2007-4476 EXPLOITDB c VERIFIED
GNU tar - Buffer Overflow
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
by Dmitry V. Levin
CVE-2007-2217 EXPLOITDB c VERIFIED
Kodak Image Viewer - Code Injection
Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
by Gil-Dong / Woo-Chi
CVE-2007-5466 EXPLOITDB c VERIFIED
Extremail < 2.1.1 - Memory Corruption
Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote attackers to (1) have an unknown impact by sending multiple long strings to the IMAP port (143/tcp); (2) execute arbitrary code via a long string in an IMAP AUTHENTICATE PLAIN action, involving the ifParseAuthPlain function; (3) execute arbitrary code via a long LOGIN command to the admin interface port (4501/tcp); or (4) execute arbitrary code via a long string in an IMAP AUTHENTICATE LOGIN (aka CRAM-MD5 authentication) action, involving the ifProcImapAuth1 function.
by mu-b
CVE-2007-5466 EXPLOITDB c VERIFIED
Extremail < 2.1.1 - Memory Corruption
Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote attackers to (1) have an unknown impact by sending multiple long strings to the IMAP port (143/tcp); (2) execute arbitrary code via a long string in an IMAP AUTHENTICATE PLAIN action, involving the ifParseAuthPlain function; (3) execute arbitrary code via a long LOGIN command to the admin interface port (4501/tcp); or (4) execute arbitrary code via a long string in an IMAP AUTHENTICATE LOGIN (aka CRAM-MD5 authentication) action, involving the ifProcImapAuth1 function.
by mu-b
CVE-2007-5467 EXPLOITDB c VERIFIED
Extremail < 2.1.1 - Numeric Error
Integer overflow in eXtremail 2.1.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long USER command containing "%s" sequences to the pop3 port (110/tcp), which are expanded to "%%s" before being used in the memmove function, possibly due to an incomplete fix for CVE-2001-1078.
by mu-b
CVE-2007-5467 EXPLOITDB c VERIFIED
Extremail < 2.1.1 - Numeric Error
Integer overflow in eXtremail 2.1.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long USER command containing "%s" sequences to the pop3 port (110/tcp), which are expanded to "%%s" before being used in the memmove function, possibly due to an incomplete fix for CVE-2001-1078.
by mu-b
CVE-2007-5225 EXPLOITDB c VERIFIED
Sunos - Numeric Error
Integer signedness error in FIFO filesystems (named pipes) on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative maximum length value to the I_PEEK ioctl.
by qaaz
CVE-2007-2807 EXPLOITDB c VERIFIED
Eggdrop <1.6.18 - Buffer Overflow
Stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, remote IRC servers to execute arbitrary code via a long private message.
by bangus/magnum
CVE-2007-5248 EXPLOITDB c VERIFIED
ID Software Doom 3 < 1.3.1 - Format String Vulnerability
Multiple format string vulnerabilities in the ID Software Doom 3 engine, as used by Doom 3 1.3.1 and earlier, Quake 4 1.4.2 and earlier, and Prey 1.3 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server or (2) a PB_U packet to UCON. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain.
by Luigi Auriemma
EIP-2026-103597 EXPLOITDB c VERIFIED
NovaSTOR NovaNET/NovaBACKUP 13.0 - Remote Denial of Service
by mu-b
CVE-2007-5184 EXPLOITDB c VERIFIED
Smbftpd - Format String Vulnerability
Format string vulnerability in the SMBDirList function in dirlist.c in SmbFTPD 0.96 allows remote attackers to execute arbitrary code via format string specifiers in a directory name.
by Jerry Illikainen
CVE-2007-4573 EXPLOITDB c VERIFIED
Linux kernel <2.6.22.7 - Privilege Escalation
The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.
by Robert Swiecki
EIP-2026-104011 EXPLOITDB c VERIFIED
NovaSTOR NovaNET 12.0 - Remote SYSTEM
by mu-b
EIP-2026-104010 EXPLOITDB c VERIFIED
NovaSTOR NovaNET 12.0 - Remote Command Execution
by mu-b
By Source
All 3,149 Exploitdb 50,121 Writeup 46,692 Nomisec 21,135 Metasploit 3,189 Github 2,237 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,731 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 260 c++ 246 shell 68 go 41 postscript 25 xml 24