Exploitdb Exploits
3,149 exploits tracked across all sources.
Linux kernel <2.6.22.7 - Privilege Escalation
The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users to gain privileges by triggering an out-of-bounds access to the system call table using the %RAX register.
by Wojciech Purczynski
ALSA <2.6.22.8 - Info Disclosure
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memory contents) via a small count argument, as demonstrated by multiple reads of /proc/driver/snd-page-alloc.
by Karimo_DM
Lighttpd 1.4.17 - FastCGI Header Overflow Arbitrary Code Execution
by Andi
NovaSTOR NovaNET 11.0 - Remote Denial of Service / Arbitrary Memory Read
by mu-b
Lighttpd 1.4.16 - FastCGI Header Overflow Remote Command Execution
by Mattias Bengtsson
Trend Micro ServerProtect for Windows & EMC 5.58-5.62 - RCE
Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll.
by devcode
Solaris 10 (SPARC/x86) - sysinfo Kernel Memory Disclosure
by qaaz
Ppstream - Memory Corruption
Buffer overflow in the PowerPlayer.dll ActiveX control in PPStream 2.0.1.3829 allows remote attackers to execute arbitrary code via a long Logo parameter.
by dummy
Norman Virus Control <5.82 - Privilege Escalation
The nvcoaft51 driver in Norman Virus Control (NVC) 5.82 uses weak permissions (unrestricted write access) for the NvcOa device, which allows local users to gain privileges by (1) triggering a buffer overflow in a kernel pool via a string argument to ioctl 0xBF67201C; or by (2) sending a crafted KEVENT structure through ioctl 0xBF672028 to overwrite arbitrary memory locations.
by inocraM
Microsoft Windows 2000 - Numeric Error
Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.
by Gil-Dong / Woo-Chi
Zoidcom <0.6.7 - DoS
Zoidcom 0.6.7 and earlier allows remote attackers to cause a denial of service (application crash) via a JOIN packet (aka connection packet) containing 0x69 in the ninth byte, which triggers a "double-delete" of trace data, a different vulnerability than CVE-2005-1643.
by Luigi Auriemma
WengoPhone 2.1 - DoS
WengoPhone 2.1 allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header.
by ZwelL
CounterPath X-Lite <3.0 - DoS
CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header.
by ZwelL
Cisco IOS <12.5 - Buffer Overflow
Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (restart) and execute arbitrary code via a crafted NHRP packet.
by Martin Kluge
Generic Software Wrappers Toolkit - Privilege Escalation
Multiple race conditions in certain system call wrappers in Generic Software Wrappers Toolkit (GSWTK) allow local users to defeat system call interposition and possibly gain privileges or bypass auditing.
by Robert N. M. Watson
Panda Antivirus 2008 - Privilege Escalation
Panda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying PAVSRV51.EXE or other unspecified files, a related issue to CVE-2006-4657.
by tarkus
Live for Speed (LFS) S2 ALPHA PATCH 0.5x - Buffer Overflow
Buffer overflow in Live for Speed (LFS) S2 ALPHA PATCH 0.5x allows user-assisted remote attackers to execute arbitrary code via a .mpr file (replay file) that contains a long car name.
by n00b
Borland Interbase 2007 SP1 - Create-Request Remote Overflow
by BackBone
Frank Yaul corehttp <0.5.3alpha - RCE
Multiple buffer overflows in the HttpSprockMake function in http.c in Frank Yaul corehttp 0.5.3alpha allow remote attackers to execute arbitrary code via a long string in the (1) method name or (2) URI in an HTTP request.
by vade79
IBM AIX <5.3 SP6 & 5.2.0 - Buffer Overflow
Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows local users to execute arbitrary code via unspecified vectors that trigger the overflow in a gets function call. NOTE: the client is setuid root on AIX, so this issue crosses privilege boundaries.
by qaaz
IBM Aix - Memory Corruption
Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 allows remote attackers to execute arbitrary code via a large number of terminal control sequences.
by qaaz
IBM Aix - Memory Corruption
Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 allows remote attackers to execute arbitrary code via a large number of terminal control sequences.
by qaaz
Mike Dubman Windows RSH daemon 1.7 - Buffer Overflow
Stack-based buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 allows remote attackers to execute arbitrary code via a long string to the shell port (514/tcp). NOTE: this might overlap CVE-2007-4006.
by Joey Mengele
By Source