Exploitdb Exploits
3,138 exploits tracked across all sources.
Mac OS X 10.5 - Denial of Service via Crafted Load Balancing Packet
The accept_connections function in the virtual private network daemon (vpnd) in Apple Mac OS X 10.5 before 10.5.4 allows remote attackers to cause a denial of service (divide-by-zero error and daemon crash) via a crafted load balancing packet to UDP port 4112.
by mu-b
Zabbix <1.4.3 - Privilege Escalation
zabbix_agentd 1.1.4 in ZABBIX before 1.4.3 runs "UserParameter" scripts with gid 0, which might allow local users to gain privileges.
by Bas van Schaik
Microsoft Windows Media Player - DoS
Microsoft Windows Media Player (WMP) allows remote attackers to cause a denial of service (application crash) via a certain AIFF file that triggers a divide-by-zero error, as demonstrated by kr.aiff.
by Gil-Dong / Woo-Chi
Tencent QQ 2006 LaunchP2PShare - Multiple Stack Buffer Overflow Vulnerabilities
by axis
VMware Tools 3.1 - 'HGFS.Sys' Local Privilege Escalation
by SoBeIt
macOS 10.4-10.4.10 - Local Arbitrary Code Execution via i386_set_ldt System Call
Integer overflow in the kernel in Apple Mac OS X 10.4 through 10.4.10 allows local users to execute arbitrary code via a large num_sels argument to the i386_set_ldt system call.
by RISE Security
GNU tar < 1.19 - Buffer Overflow in safer_name_suffix
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
by Dmitry V. Levin
Kodak Image Viewer - Remote Code Execution via Crafted TIFF File
Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
by Gil-Dong / Woo-Chi
eXtremail <= 2.1.1 - Remote Code Execution via IMAP Buffer Overflow
Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote attackers to (1) have an unknown impact by sending multiple long strings to the IMAP port (143/tcp); (2) execute arbitrary code via a long string in an IMAP AUTHENTICATE PLAIN action, involving the ifParseAuthPlain function; (3) execute arbitrary code via a long LOGIN command to the admin interface port (4501/tcp); or (4) execute arbitrary code via a long string in an IMAP AUTHENTICATE LOGIN (aka CRAM-MD5 authentication) action, involving the ifProcImapAuth1 function.
by mu-b
eXtremail <= 2.1.1 - Remote Code Execution via IMAP Buffer Overflow
Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote attackers to (1) have an unknown impact by sending multiple long strings to the IMAP port (143/tcp); (2) execute arbitrary code via a long string in an IMAP AUTHENTICATE PLAIN action, involving the ifParseAuthPlain function; (3) execute arbitrary code via a long LOGIN command to the admin interface port (4501/tcp); or (4) execute arbitrary code via a long string in an IMAP AUTHENTICATE LOGIN (aka CRAM-MD5 authentication) action, involving the ifProcImapAuth1 function.
by mu-b
eXtremail < 2.1.1 - Remote Code Execution via POP3 USER Command Integer Overflow
Integer overflow in eXtremail 2.1.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long USER command containing "%s" sequences to the pop3 port (110/tcp), which are expanded to "%%s" before being used in the memmove function, possibly due to an incomplete fix for CVE-2001-1078.
by mu-b
eXtremail < 2.1.1 - Remote Code Execution via POP3 USER Command Integer Overflow
Integer overflow in eXtremail 2.1.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long USER command containing "%s" sequences to the pop3 port (110/tcp), which are expanded to "%%s" before being used in the memmove function, possibly due to an incomplete fix for CVE-2001-1078.
by mu-b
SunOS 8-10 - Unauthenticated Memory Read via FIFO I_PEEK ioctl
Integer signedness error in FIFO filesystems (named pipes) on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative maximum length value to the I_PEEK ioctl.
by qaaz
Eggdrop IRC Bot < 1.6.18 - Stack-Based Buffer Overflow via Long Private Message
Stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, remote IRC servers to execute arbitrary code via a long private message.
by bangus/magnum
Doom 3 < 1.3.1, Quake 4 < 1.4.2, Prey < 1.3 - Remote Code Execution via Format String in PB_Y/PB_U Packets
Multiple format string vulnerabilities in the ID Software Doom 3 engine, as used by Doom 3 1.3.1 and earlier, Quake 4 1.4.2 and earlier, and Prey 1.3 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server or (2) a PB_U packet to UCON. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain.
by Luigi Auriemma
NovaSTOR NovaNET/NovaBACKUP 13.0 - Remote Denial of Service
by mu-b
smbftpd 0.96 - Remote Code Execution via Format String in Directory Name
Format string vulnerability in the SMBDirList function in dirlist.c in SmbFTPD 0.96 allows remote attackers to execute arbitrary code via format string specifiers in a directory name.
by Jerry Illikainen
Linux kernel <2.6.22.7 - Privilege Escalation
The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.
by Robert Swiecki
Linux kernel <2.6.22.7 - Privilege Escalation
The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.
by Wojciech Purczynski
Linux Kernel < 2.6.22.8 - Information Disclosure via ALSA snd_mem_proc_read
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.
by Karimo_DM
Lighttpd 1.4.17 - FastCGI Header Overflow Arbitrary Code Execution
by Andi
NovaSTOR NovaNET 11.0 - Remote Denial of Service / Arbitrary Memory Read
by mu-b
Lighttpd 1.4.16 - FastCGI Header Overflow Remote Command Execution
by Mattias Bengtsson
By Source