Exploitdb Exploits
3,138 exploits tracked across all sources.
Trend Micro ServerProtect for Windows & EMC 5.58-5.62 - RCE
Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll.
by devcode
Solaris 10 (SPARC/x86) - sysinfo Kernel Memory Disclosure
by qaaz
PPStream 2.0.1.3829 - Buffer Overflow via Logo Parameter
Buffer overflow in the PowerPlayer.dll ActiveX control in PPStream 2.0.1.3829 allows remote attackers to execute arbitrary code via a long Logo parameter.
by dummy
Norman Virus Control <5.82 - Privilege Escalation
The nvcoaft51 driver in Norman Virus Control (NVC) 5.82 uses weak permissions (unrestricted write access) for the NvcOa device, which allows local users to gain privileges by (1) triggering a buffer overflow in a kernel pool via a string argument to ioctl 0xBF67201C; or by (2) sending a crafted KEVENT structure through ioctl 0xBF672028 to overwrite arbitrary memory locations.
by inocraM
Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 - Remote Code Execution via Crafted Metafile
Integer overflow in the AttemptWrite function in Graphics Rendering Engine (GDI) on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted metafile (image) with a large record length value, which triggers a heap-based buffer overflow.
by Gil-Dong / Woo-Chi
Zoidcom 0.6.7 - Denial of Service via Malformed JOIN Packet
Zoidcom 0.6.7 and earlier allows remote attackers to cause a denial of service (application crash) via a JOIN packet (aka connection packet) containing 0x69 in the ninth byte, which triggers a "double-delete" of trace data, a different vulnerability than CVE-2005-1643.
by Luigi Auriemma
WengoPhone 2.1 - Denial of Service via SIP INVITE Message Without Content-Type Header
WengoPhone 2.1 allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header.
by ZwelL
CounterPath X-Lite 3.0 34025 - Denial of Service via SIP INVITE Message
CounterPath X-Lite 3.0 34025, and possibly eyeBeam, allows remote attackers to cause a denial of service (device crash) via a SIP INVITE message without a Content-Type header.
by ZwelL
Cisco IOS 12.0-12.4 - Remote Code Execution and Denial of Service via NHRP Packet
Buffer overflow in the Next Hop Resolution Protocol (NHRP) functionality in Cisco IOS 12.0 through 12.4 allows remote attackers to cause a denial of service (restart) and execute arbitrary code via a crafted NHRP packet.
by Martin Kluge
Generic Software Wrappers Toolkit - Privilege Escalation
Multiple race conditions in certain system call wrappers in Generic Software Wrappers Toolkit (GSWTK) allow local users to defeat system call interposition and possibly gain privileges or bypass auditing.
by Robert N. M. Watson
Panda Antivirus 2008 - Privilege Escalation
Panda Antivirus 2008 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying PAVSRV51.EXE or other unspecified files, a related issue to CVE-2006-4657.
by tarkus
Live for Speed (LFS) S2 ALPHA PATCH 0.5x - Buffer Overflow
Buffer overflow in Live for Speed (LFS) S2 ALPHA PATCH 0.5x allows user-assisted remote attackers to execute arbitrary code via a .mpr file (replay file) that contains a long car name.
by n00b
Borland Interbase 2007 SP1 - Create-Request Remote Overflow
by BackBone
Frank Yaul corehttp <0.5.3alpha - RCE
Multiple buffer overflows in the HttpSprockMake function in http.c in Frank Yaul corehttp 0.5.3alpha allow remote attackers to execute arbitrary code via a long string in the (1) method name or (2) URI in an HTTP request.
by vade79
IBM AIX <5.3 SP6 & 5.2.0 - Buffer Overflow
Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows local users to execute arbitrary code via unspecified vectors that trigger the overflow in a gets function call. NOTE: the client is setuid root on AIX, so this issue crosses privilege boundaries.
by qaaz
IBM AIX 5.2.0 and 5.3 SP6 - Remote Code Execution via Terminal Control Sequence Overflow
Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 allows remote attackers to execute arbitrary code via a large number of terminal control sequences.
by qaaz
IBM AIX 5.2.0 and 5.3 SP6 - Remote Code Execution via Terminal Control Sequence Overflow
Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 allows remote attackers to execute arbitrary code via a large number of terminal control sequences.
by qaaz
Mike Dubman Windows RSH daemon 1.7 - Buffer Overflow
Stack-based buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 allows remote attackers to execute arbitrary code via a long string to the shell port (514/tcp). NOTE: this might overlap CVE-2007-4006.
by Joey Mengele
Mike Dubman Windows RSH daemon (rshd) 1.7 - Buffer Overflow
Buffer overflow in Mike Dubman Windows RSH daemon (rshd) 1.7 has unknown impact and remote attack vectors, aka ZD-00000034. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
by Joey Mengele
Asterisk < 1.2.22 and 1.4.x < 1.4.8 - Denial of Service via Crafted Skinny Channel Packet
The Skinny channel driver (chan_skinny) in Asterisk before 1.2.22 and 1.4.x before 1.4.8, Business Edition before B.2.2.1, AsteriskNOW before beta7, Appliance Developer Kit before 0.5.0, and s800i before 1.0.2 allows remote attackers to cause a denial of service (crash) via a certain data length value in a crafted packet, which results in an "overly large memcpy."
by fbffff
WinPcap - Memory Corruption via IOCTL 9031 BIOCGSTATS Handler
The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters.
by Mario Ballano Bárcena
Linux kernel <2.6.20.2 - Info Disclosure
The ipv6_getsockopt_sticky function in net/ipv6/ipv6_sockglue.c in the Linux kernel before 2.6.20.2 allows local users to read arbitrary kernel memory via certain getsockopt calls that trigger a NULL dereference.
by dreyer
Apache Tomcat JK Web Server Connector <1.2.21 - RCE
Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
by Xpl017Elz
By Source