Exploitdb Exploits
3,138 exploits tracked across all sources.
0irc 1345 build 20060823 - Denial of Service via Long IRC Server String
0irc 1345 build 20060823 allows remote attackers to cause a denial of service (application crash) by operating an IRC server that sends a long string to a client, which triggers a NULL pointer dereference.
by DiGitalX
file < 4.19 - Remote Code Execution via Integer Underflow in file_printf
Integer underflow in the file_printf function in the "file" program before 4.20 allows user-assisted attackers to execute arbitrary code via a file that triggers a heap-based buffer overflow.
by Jean-Sebastien Guay-Leroux
Oracle 10g (Windows x86) - 'PROCESS_DUP_HANDLE' Local Privilege Escalation
by Cesar Cerrudo
Linux kernel < 2.6.21-rc3 - Buffer Overflow in Omnikey CardMan 4040 Driver
Multiple buffer overflows in the (1) read and (2) write handlers in the Omnikey CardMan 4040 driver in the Linux kernel before 2.6.21-rc3 allow local users to gain privileges.
by Daniel Roethlisberger
Snort 2.6.1.1 2.6.1.2 2.7.0 beta - Denial of Service via UDP Packet Handling in frag3 Preprocessor
The frag3 preprocessor in Snort 2.6.1.1, 2.6.1.2, and 2.7.0 beta, when configured for inline use on Linux without the ip_conntrack module loaded, allows remote attackers to cause a denial of service (segmentation fault and application crash) via certain UDP packets produced by send_morefrag_packet and send_overlap_packet.
by Antimatt3r
Asterisk 1.2-1.4 - Denial of Service via SIP Packet Without URI and SIP-Version Header
Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.
by fbffff
WebMod 0.48 - Stack-Based Buffer Overflow via Content-Length HTTP Header
Stack-based buffer overflow in the connectHandle function in server.cpp in WebMod 0.48 allows remote attackers to execute arbitrary code via a long string in the Content-Length HTTP header.
by cybermind
tcpdump <3.9.6 - RCE
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
by mu-b
CVSS 9.8
MadWifi - Stack-Based Buffer Overflow in IEEE80211 Wireless Component
Stack-based buffer overflow in net80211/ieee80211_wireless.c in MadWifi before 0.9.2.1 allows remote attackers to execute arbitrary code via unspecified vectors, related to the encode_ie and giwscan_cb functions.
by Massimiliano Oldani
Alcatel-Lucent Bell Labs Plan 9 - Memory Corruption
Integer overflow in the envwrite function in the Alcatel-Lucent Bell Labs Plan 9 kernel allows local users to overwrite certain memory addresses with kernel memory via a large n argument, as demonstrated by (1) modifying the iseve function to gain privileges and (2) making the devpermcheck function grant unrestricted device permissions.
by Don Bailey
Debian apache - Local Privilege Escalation via TIOCSTI ioctl in CGI Program
The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
by Kristian Hermansen
Microsoft Windows 2000-XP-Vista - Info Disclosure
The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
by 3APA3A
NewsBin Pro 5.33-4.x - Buffer Overflow
Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file.
by Marsu
S&H Computer Systems News Rover 12.1 Rev 1 - Buffer Overflow
Multiple stack-based buffer overflows in S&H Computer Systems News Rover 12.1 Rev 1 allow remote attackers to execute arbitrary code via a .nzb file with a long (1) group or (2) subject string.
by Marsu
News File Grabber <4.1.0.1 - Buffer Overflow
Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier allows remote attackers to execute arbitrary code via a .nzb file with a long subject field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Marsu
VicFTPS - Stack-Based Buffer Overflow via CWD Command
Stack-based buffer overflow in VicFTPS before 5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long CWD command.
by r0ut3r
Axigen eMail Server 2.0.0b2 - 'pop3' Remote Format String
by fuGich
uTorrent 1.6 - Remote Code Execution via Crafted Torrent Announce Header
Heap-based buffer overflow in uTorrent 1.6 allows remote attackers to execute arbitrary code via a torrent file with a crafted announce header.
by defsec
Axigen Mail Server 1.2.6-2.0.0b1 - Denial of Service via Malformed IMAP Login Credentials
axigen 1.2.6 through 2.0.0b1 does not properly parse login credentials, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a base64-encoded "*\x00" sequence on the imap port (143/tcp).
by mu-b
Axigen Mail Server 1.2.6-2.0.0b1 - Heap-Based Buffer Underflow via Base64-Encoded POP3 Data
Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via certain base64-encoded data on the pop3 port (110/tcp), which triggers an integer overflow.
by mu-b
Comodo Firewall Pro <2.4.16.174 - DoS
cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) before 2.4.16.174 does not validate arguments that originate in user mode for the (1) NtConnectPort and (2) NtCreatePort hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments.
by Matousec Transparent security
Solaris 10 - Denial of Service via ICMP Packets
Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.
by kcope
Shaffer Solutions Corp dapcnfsd.dll 0.6.4.0 - Buffer Overflow in EnumPrintersA Function
Buffer overflow in the EnumPrintersA function in dapcnfsd.dll 0.6.4.0 in Shaffer Solutions (SSC) DiskAccess NFS Client allows remote attackers to execute arbitrary code via a long argument, an issue similar to CVE-2006-5854 and CVE-2007-0444.
by Andres Tarasco Acuna
Novell Netware Client 4.91-4.91 SP2 - Remote Code Execution via Spooler Service Buffer Overflow
Multiple buffer overflows in the Spooler service (nwspool.dll) in Novell Netware Client 4.91 through 4.91 SP2 allow remote attackers to execute arbitrary code via a long argument to the (1) EnumPrinters and (2) OpenPrinter functions.
by Andres Tarasco
Intel 2200BG PROSet Wireless 9.0.3.9 - Denial of Service via Crafted Disassociation Packets
The Intel 2200BG 802.11 Wireless Mini-PCI driver 9.0.3.9 (w29n51.sys) allows remote attackers to cause a denial of service (system crash) via crafted disassociation packets, which triggers memory corruption of "internal kernel structures," a different vulnerability than CVE-2006-6651. NOTE: this issue might overlap CVE-2006-3992.
by Breno Silva Pinto
By Source