Exploitdb Exploits

3,149 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-100951 EXPLOITDB c VERIFIED
FreeBSD 6.0/6.1 - Ftrucante Local Denial of Service
by Kirk Russell
EIP-2026-100950 EXPLOITDB c VERIFIED
FreeBSD 5.5/6.x - Scheduler Policy Local Denial of Service
by Diane Bruce
CVE-2006-5483 EXPLOITDB c VERIFIED
Freebsd - Denial of Service
p1003_1b.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by setting a scheduler policy, which should only be settable by root.
by kokanin
CVE-2006-5482 EXPLOITDB c VERIFIED
Freebsd - Denial of Service
ufs_vnops.c in FreeBSD 6.1 allows local users to cause an unspecified denial of service by calling the ftruncate function on a file type that is not VREG, VLNK or VDIR, which is not defined in POSIX.
by kokanin
EIP-2026-107906 EXPLOITDB c VERIFIED
Invision Gallery 2.0.7 (Linux) - 'readfile()' / SQL Injection
by ShadOS
CVE-2006-4516 EXPLOITDB c VERIFIED
Freebsd - Denial of Service
Integer signedness error in FreeBSD 6.0-RELEASE allows local users to cause a denial of service (memory corruption and kernel panic) via a PT_LWPINFO ptrace command with a large negative data value that satisfies a signed maximum value check but is used in an unsigned copyout function call.
by kokanin
CVE-2006-5143 EXPLOITDB c VERIFIED
CA BrightStor ARCserve Backup <r11.5 SP1 - RCE
Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.
by LSsec.com
CVE-2006-5205 EXPLOITDB c VERIFIED
Invision Gallery 2.0.7 - Path Traversal
Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the dir parameter in (1) index.php and (2) forum/index.php, when the viewimage command in the gallery module is used.
by 1nf3ct0r
CVE-2006-5206 EXPLOITDB c VERIFIED
Invision Gallery 2.0.7 - SQL Injection
SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in (1) index.php and (2) forum/index.php, when the rate command in the gallery automodule is used.
by 1nf3ct0r
CVE-2006-4392 EXPLOITDB c VERIFIED
Mach kernel - Privilege Escalation
The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task address space in a way that causes the child to call a parent-controlled function.
by xmath
CVE-2006-3730 EXPLOITDB HIGH c VERIFIED
Microsoft IE - Code Injection
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.
by LukeHack
CVSS 8.8
CVE-2006-5112 EXPLOITDB c VERIFIED
InterVations NaviCOPA Web Server 2.01 - RCE
Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote attackers to execute arbitrary code via a long HTTP GET request.
by h07
CVE-2006-4178 EXPLOITDB c VERIFIED
Freebsd < 5.5 - Denial of Service
Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) via unspecified arguments that use negative signed integers to cause the bzero function to be called with a large length parameter, a different vulnerability than CVE-2006-4172.
by Adriano Lima
CVE-2006-3444 EXPLOITDB c VERIFIED
Microsoft Windows 2000 SP4 - Privilege Escalation
Unspecified vulnerability in the kernel in Microsoft Windows 2000 SP4, probably a buffer overflow, allows local users to obtain privileges via unspecified vectors involving an "unchecked buffer."
by SoBeIt
EIP-2026-118802 EXPLOITDB c VERIFIED
Microsoft Internet Explorer - 'VML' Remote Buffer Overflow
by nop
CVE-2006-4974 EXPLOITDB c VERIFIED
Ipswitch WS_FTP LE <5.08 - RCE
Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.
by h07
CVE-2006-4438 EXPLOITDB c VERIFIED
Doctor WEB LTD Dr.web < 4.33_for_linux - Buffer Overflow
Heap-based buffer overflow in SpIDer for Dr.Web Scanner for Linux 4.33, and possibly earlier versions, allows remote attackers to execute arbitrary code via an LHA archive with an extended header that contains a long directory name.
by Guay-Leroux
CVE-2006-7157 EXPLOITDB c VERIFIED
Google Earth - Memory Corruption
Buffer overflow in Google Earth v4.0.2091 (beta) allows remote user-assisted attackers to cause a denial of service (crash) via a KML or KMZ file with a long href element.
by JAAScois
CVE-2006-4777 EXPLOITDB c VERIFIED
Internet Explorer 6.0 SP1 - Buffer Overflow
Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446.
by nop
CVE-2006-4655 EXPLOITDB c VERIFIED
X Window System X11R6.4- - Buffer Overflow
Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.
by Marco Ivaldi
CVE-2006-4789 EXPLOITDB c VERIFIED
Open Movie Editor <0.0.20060901 - Buffer Overflow
Buffer overflow in Open Movie Editor 0.0.20060901 allows local users to cause a denial of service (system crash) or execute arbitrary code via a long project name in an open_movie_editor_project XML tag.
by Qnix
CVE-2006-4655 EXPLOITDB c VERIFIED
X Window System X11R6.4- - Buffer Overflow
Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.
by RISE Security
CVE-2006-4655 EXPLOITDB c VERIFIED
X Window System X11R6.4- - Buffer Overflow
Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.
by RISE Security
CVE-2006-4655 EXPLOITDB c VERIFIED
X Window System X11R6.4- - Buffer Overflow
Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value.
by RISE Security
EIP-2026-119217 EXPLOITDB c VERIFIED
TIBCO Rendezvous 7.4.11 - add router Remote Buffer Overflow
by Andres Tarasco
By Source
All 3,149 Exploitdb 50,121 Writeup 46,733 Nomisec 21,197 Metasploit 3,189 Github 2,248 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,738 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 260 c++ 247 shell 68 go 41 postscript 25 xml 24