Exploitdb Exploits
3,138 exploits tracked across all sources.
Trend Micro VirusWall 3.81 - Local Privilege Escalation via Long Command Line Argument
Buffer overflow in libvsapi.so in the VSAPI library in Trend Micro VirusWall 3.81 for Linux, as used by IScan.BASE/vscan, allows local users to gain privileges via a long command line argument, a different vulnerability than CVE-2005-0533.
by Sebastian Wolfgarten
Citrix MetaFrame - Stack-based Buffer Overflow in Print Provider Library via Long Arguments
Stack-based buffer overflow in the print provider library (cpprov.dll) in Citrix Presentation Server 4.0, MetaFrame Presentation Server 3.0, and MetaFrame XP 1.0 allows local users and remote attackers to execute arbitrary code via long arguments to the (1) EnumPrintersW and (2) OpenPrinter functions.
by Andres Tarasco
Apple Mac OS X < 10.4.8 - Denial of Service via Large mappingCount Value
The shared_region_map_file_np function in Apple Mac OS X 10.4.8 and earlier kernel allows local users to cause a denial of service (memory corruption) via a large mappingCount value.
by Adriano Lima
Intel Centrino ipw2200BG - Wireless Driver Remote Overflow
by oveRet
mbse-bbs <= 0.70 - Local Stack-Based Buffer Overflow via MBSE_ROOT Environment Variable
Stack-based buffer overflow in mbse-bbs 0.70 and earlier allows local users to execute arbitrary code via a long string in the MBSE_ROOT environment variable.
by prdelka
Kaspersky Anti-Virus <6.0.2.614 - Privilege Escalation
Unspecified vulnerability in KLIF (klif.sys) in Kaspersky Anti-Virus, Anti-Virus for Workstations, and Anti-Virus for File Servers 6.0, and Internet Security 6.0 before Maintenance Pack 2 build 6.0.2.614 allows local users to gain Ring-0 privileges via unspecified vectors.
by MaD
Ipswitch WS_FTP 2007 Professional - 'WSFTPURL.exe' Local Memory Corruption
by LMH
Rixstep Undercover - Local Privilege Escalation
by Rixstep Pwned
Texas Imperial Software WFTPD and WFTPD Pro Server < 3.25 - Denial of Service via Long SITE ADMIN Command
Texas Imperial Software WFTPD and WFTPD Pro Server 3.25 and earlier allow remote attackers to cause a denial of service (application crash) via a long SITE ADMIN command.
by Marsu
Sami FTP Server 2.0.1 - Stack-Based Buffer Overflow via Long USER Command
Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed.
by Marsu
Dream FTP Server - Remote Code Execution via USER Command Format String Overflow
Heap-based buffer overflow in Dream FTP Server allows remote attackers to execute arbitrary code via a USER command with a large number of format string specifiers, which triggers the overflow during processing of the Server Log.
by Marsu
JV2 Folder Gallery - Unauthenticated Arbitrary File Read via download.php file Parameter
download.php in Joonas Viljanen JV2 Folder Gallery allows remote attackers to read sensitive files via a relative pathname in the file parameter, as demonstrated by config/gallerysetup.php. NOTE: this issue might be resultant from a directory traversal vulnerability.
by PeTrO
Apple Mac OS X 10.4.8 - Remote Code Execution via Crafted AppleTalk Request
Double free vulnerability in the _ATPsndrsp function in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (kernel panic) and possibly execute arbitrary code via a crafted AppleTalk request that triggers a heap-based buffer overflow.
by MoAB
Solaris 8 and 9 - Denial of Service via Malformed RPC Requests
Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.
by Federico L. Bossi Bonin
OpenBSD 3.9-4.0 - Local Privilege Escalation via VGA PCI Driver NULL Pointer Dereference
Unspecified vulnerability in sys/dev/pci/vga_pci.c in the VGA graphics driver for wscons in OpenBSD 3.9 and 4.0, when the kernel is compiled with the PCIAGP option and a non-AGP device is being used, allows local users to gain privileges via unspecified vectors, possibly related to agp_ioctl NULL pointer reference.
by Critical Security
Microsoft Vista - 'NtRaiseHardError' Local Privilege Escalation
by erasmus
Microsoft Windows XP - Denial of Service or Memory Disclosure via NtRaiseHardError
The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696.
by Ruben Santamarta
Microsoft Windows < Vista - Privilege Escalation
Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL.
by Ruben Santamarta
KsIRC 1.3.12 - Denial of Service via Long PRIVMSG String
KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow.
by Federico L. Bossi Bonin
CVSS 6.5
BolinTech Dream FTP Server 1.02 - DoS
BolinTech Dream FTP Server 1.02 allows remote authenticated users, including anonymous users, to cause a denial of service (application crash) via a certain invalid PORT command.
by InTeL
Astonsoft DeepBurner Pro & Free <1.8.0 - RCE
Buffer overflow in Astonsoft DeepBurner Pro and Free 1.8.0 and earlier allows user-assisted remote attackers to execute arbitrary code via a long file name tag in a dbr file.
by Expanders
Intel 2200BG wireless driver 9.0.3.9 - RCE
Race condition in W29N51.SYS in the Intel 2200BG wireless driver 9.0.3.9 allows remote attackers to cause memory corruption and execute arbitrary code via a series of crafted beacon frames. NOTE: some details are obtained solely from third party information.
by Breno Silva Pinto
grsecurity PaX - Privilege Escalation
Unspecified vulnerability in the expand_stack function in grsecurity PaX allows local users to gain privileges via unspecified vectors. NOTE: the grsecurity developer has disputed this issue, stating that "the function they claim the vulnerability to be in is a trivial function, which can, and has been, easily checked for any supposed vulnerabilities." The developer also cites a past disclosure that was not proven. As of 20070120, the original researcher has released demonstration code
by anonymous
CVSS 7.8
OpenLDAP < 2.4.3 - Buffer Overflow via LDAP Bind Request with Long Credential Data
Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and earlier, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote attackers to execute arbitrary code via an LDAP bind request using the LDAP_AUTH_KRBV41 authentication method and long credential data.
by Solar Eclipse
D-LINK DWL-2000AP+ firmware 2.11 - DoS
D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and (2) a denial of service (device crash) via a flood of ARP requests on the wireless link.
by poplix
By Source