Exploitdb Exploits
3,138 exploits tracked across all sources.
Medal of Honor - 'getinfo' Remote Buffer Overflow
by RunningBon
Intel PROset/Wireless < 10.1.0.33 - Unprotected Shared Memory Access
S24EvMon.exe in the Intel PROset/Wireless software, possibly 10.1.0.33, uses a S24EventManagerSharedMemory shared memory section with weak permissions, which allows local users to read or modify passwords or other data, or cause a denial of service.
by Ruben Santamarta
acFTP 1.4 - Denial of Service via Long USER Command String
acFTP 1.4 allows remote attackers to cause a denial of service (application crash) via a long string with "{" (brace) characters to the USER command.
by Omni
Quake 3 Engine - Buffer Overflow via Long remapShader Command
Buffer overflow in the Quake 3 Engine, as used by (1) ET 2.60, (2) Return to Castle Wolfenstein 1.41, and (3) Quake III Arena 1.32b allows remote attackers to execute arbitrary commands via a long remapShader command.
by landser
MySQL <= 5.0.20 - Remote Code Execution via Crafted COM_TABLE_DUMP Packets
Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values.
by Stefano Di Paola
MySQL 4.0.x-4.0.26, 4.1.x-4.1.18, 5.0.x-5.0.20 - Unauthenticated Memory Disclosure via Username Buffer Over-Read
The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.
by Stefano Di Paola
Fenice < 1.10 - Remote Code Execution via RTSP URL Parsing Buffer Overflow
Buffer overflow in the parse_url function in the RTSP module (rtsp/parse_url.c) in Fenice 1.10 and earlier allows remote attackers to execute arbitrary code via a long URL.
by c0d3r
Neon Responder 5.4 - Clock Synchronization Denial of Service
by Stefan Lochbihler
Neon Responder 5.4 - Denial of Service via Crafted Clock Synchronisation Packet
Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a denial of service (application outage) via a crafted Clock Synchronisation packet that triggers an access violation.
by Stefan Lochbihler
UltraVNC and tabbed_viewer - Buffer Overflow via Long String on TCP Port 5900
Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and earlier and (b) tabbed_viewer 1.29 (1) allow user-assisted remote attackers to execute arbitrary code via a malicious server that sends a long string to a client that connects on TCP port 5900, which triggers an overflow in Log::ReallyPrint; and (2) allow remote attackers to cause a denial of service (server crash) via a long HTTP GET request to TCP port 5800, which triggers an overflow in VNCLog::ReallyPrint.
by Luigi Auriemma
UltraVNC and tabbed_viewer - Buffer Overflow via Long String on TCP Port 5900
Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and earlier and (b) tabbed_viewer 1.29 (1) allow user-assisted remote attackers to execute arbitrary code via a malicious server that sends a long string to a client that connects on TCP port 5900, which triggers an overflow in Log::ReallyPrint; and (2) allow remote attackers to cause a denial of service (server crash) via a long HTTP GET request to TCP port 5800, which triggers an overflow in VNCLog::ReallyPrint.
by Luigi Auriemma
WinACE UNACEV2.DLL <2.6.0.0 - Buffer Overflow
Stack-based buffer overflow in the WinACE UNACEV2.DLL third-party compression utility before 2.6.0.0, as used in multiple products including (1) ALZip 5.51 through 6.11, (2) Servant Salamander 2.0 and 2.5 Beta 1, (3) WinHKI 1.66 and 1.67, (4) ExtractNow 3.x, (5) Total Commander 6.53, (6) Anti-Trojan 5.5.421, (7) PowerArchiver before 9.61, (8) UltimateZip 2.7,1, 3.0.3, and 3.1b, (9) Where Is It (WhereIsIt) 3.73.501, (10) FilZip 3.04, (11) IZArc 3.5 beta3, (12) Eazel 1.0, (13) Rising Antivirus 18.27.21 and earlier, (14) AutoMate 6.1.0.0, (15) BitZipper 4.1 SR-1, (16) ZipTV, and other products, allows user-assisted attackers to execute arbitrary code via a long filename in an ACE archive.
by darkeagle
GreyMatter WebLog 1.21d - Remote Command Execution (1)
by No_Face_King
Vavoom 1.19.1 - Multiple Vulnerabilities/Denial of Service
by Luigi Auriemma
csDoom 0.7 - Multiple Vulnerabilities/Denial of Service
by Luigi Auriemma
Linux kernel <2.4 - Info Disclosure
net/ipv4/af_inet.c in Linux kernel 2.4 does not clear sockaddr_in.sin_zero before returning IPv4 socket names from the (1) getsockname, (2) getpeername, and (3) accept functions, which allows local users to obtain portions of potentially sensitive memory.
by Pavel Kankovsky
Windows XP SP1-SP2 and Server 2003 up to SP1 - Denial of Service via Invalid IGMP Packet
Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."
by Firestorm
ASP.NET < 1.1 - Denial of Service via COM Component Requests
Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path.
by Debasis Mohanty
CVSS 7.5
BomberClone - Remote Code Execution via Long Error Messages
Multiple buffer overflows in BomberClone before 0.11.6.2 allow remote attackers to execute arbitrary code via long error messages.
by esca zoo
Mercur Messaging 5.0 SP3 - Buffer Overflow
Stack-based buffer overflow in the IMAP service in Mercur Messaging 5.0 SP3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string to the (1) LOGIN or (2) SELECT command, a different set of attack vectors and possibly a different vulnerability than CVE-2003-1177.
by pLL
ENet library < jul_2005 - Denial of Service via Large Command Length Packet
Integer signedness error in the enet_protocol_handle_incoming_commands function in protocol.c for ENet library CVS version Jul 2005 and earlier, as used in products including (1) Cube, (2) Sauerbraten, and (3) Duke3d_w32, allows remote attackers to cause a denial of service (application crash) via a packet with a large command length value, which leads to an invalid memory access.
by Luigi Auriemma
CrossFire 1.9.0 - Buffer Overflow via Long Setup Sound Command
Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrary code via a long setup sound command, a different vulnerability than CVE-2006-1010.
by landser
PeerCast 0.1216 - 'nextCGIarg' Remote Buffer Overflow (2)
by darkeagle
By Source