Exploitdb Exploits
3,138 exploits tracked across all sources.
Eterm LibAST < 0.7 - '-X' Option Privilege Escalation
by Johnny Mast
BitComet 0.60 - '.Torrent' File Handling Remote Buffer Overflow
by Dejun Meng
MySQL <4.0.24 or 4.1.11 - Info Disclosure
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.
by Marco Ivaldi
Cerberus FTP Server 2.32 - Denial of Service via Long Invalid FTP Command String
Grant Averett Cerberus FTP Server 2.32, and possibly earlier versions, allows remote attackers to cause an unspecified denial of service via a long string that does not contain a valid FTP command.
by pi3ch
Microsoft Windows - Metafile '.WMF' Arbitrary File Download (Generator)
by darkeagle
CounterPath eyeBeam SIP Softphone - Denial of Service via Long SIP INVITE Header Field
Buffer overflow in CounterPath eyeBeam SIP Softphone allows remote attackers to (1) cause a denial of service (device crash) via SIP INVITE commands with a long header field name sent during startup and (2) cause a denial of service (device hang or crash) via SIP INVITE commands with a long header field name sent during a call.
by ZwelL
HomeFtp 1.1 - Denial of Service via Long USER and PASS Commands
Helmsman Research (aka CoolUtils) HomeFtp 1.1 allows remote attackers to cause an unspecified denial of service via a long USER command combined with a long PASS command and an NLST command.
by pi3ch
xmame - Buffer Overflow via Long Command Line Arguments
Buffer overflow in certain functions in src/fileio.c and src/unix/fileio.c in xmame before 11 January 2006 may allow local users to gain privileges via a long (1) -lang, (2) -ctrlr, (3) -pb, or (4) -rec argument on many operating systems, and via a long (5) -jdev argument on Ubuntu Linux.
by Qnix
eStara Softphone 3.0.1.14-3.0.1.46 - Remote Code Execution via Long SDP Attribute Field
Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows remote attackers to execute arbitrary code via a long attribute (aka "a") field in the SDP data of a SIP packet on UDP port 5060.
by ZwelL
CounterPath eyeBeam SIP Softphone - Denial of Service via Long SIP INVITE Header Field
Buffer overflow in CounterPath eyeBeam SIP Softphone allows remote attackers to (1) cause a denial of service (device crash) via SIP INVITE commands with a long header field name sent during startup and (2) cause a denial of service (device hang or crash) via SIP INVITE commands with a long header field name sent during a call.
by ZwelL
Windows NT 4.0-2000 - Memory Corruption
The thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local users to modify kernel memory and execution flow via steps in which a terminating thread causes Asynchronous Procedure Call (APC) entries to free the wrong data, aka the "Windows Kernel Vulnerability."
by SoBeIt
WinRAR 3.50 - Local Buffer Overflow via Long Command-Line Argument
Buffer overflow in WinRAR 3.50 and earlier allows local users to execute arbitrary code via a long command-line argument. NOTE: because this program executes with the privileges of the invoking user, and because remote programs do not normally have the ability to specify a command-line argument for this program, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability.
by c0d3r
WinRAR 3.50 - Local Buffer Overflow via Long Command-Line Argument
Buffer overflow in WinRAR 3.50 and earlier allows local users to execute arbitrary code via a long command-line argument. NOTE: because this program executes with the privileges of the invoking user, and because remote programs do not normally have the ability to specify a command-line argument for this program, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability.
by K4P0
Linux Kernel < 2.6.15 - Denial of Service via set_mempolicy Bitmask
Linux kernel before 2.6.15 allows local users to cause a denial of service (panic) via a set_mempolicy call with a 0 bitmask, which causes a panic when a page fault occurs.
by Doug Chapman
SCO OpenServer 5.0.7 - Remote Code Execution via Long -o Argument
Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attackers to execute arbitrary code via a long -o command line argument. NOTE: this is probably a different vulnerability than CVE-2005-0351 since it involves a distinct attack vector.
by prdelka
Linux kernel <2.6.12 - Memory Corruption
Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 to 2.6.11 allows local users to overwrite kernel memory via a large number of events.
by alert7
Linux Kernel 2.6.10-2.6.15 - Denial of Service via VFS File Lease Handling
Memory leak in the VFS file lease handling in locks.c in Linux kernels 2.6.10 to 2.6.15 allows local users to cause a denial of service (memory exhaustion) via certain Samba activities that cause an fasync entry to be re-allocated by the fcntl_setlease function after the fasync queue has already been cleaned by the locks_delete_lock function.
by J. Bruce Fields
bzflag_server < 2.0.4 - Denial of Service via Malformed Callsign
BZFlag server 2.0.4 and earlier allows remote attackers to cause a denial of service (application crash) via a callsign that is not followed by a NULL (\0) character.
by Luigi Auriemma
McAfee VirusScan Enterprise 8.0i-CMA 3.5 - Privilege Escalation
Unquoted Windows search path vulnerability in McAfee VirusScan Enterprise 8.0i (patch 11) and CMA 3.5 (patch 5) might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run by naPrdMgr.exe when it attempts to execute EntVUtil.EXE under an unquoted "Program Files" path.
by Reed Arvin
Microsoft Internet Information Services 5.1 - Remote Code Execution via DLL URL Parser
The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).
by Kozan
UnZip <= 5.50 - Buffer Overflow via Long Filename Command Line Argument
Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.
by DVDMAN
Macromedia Flash Media Server 2.0 r1145 - Denial of Service via Malformed Request to Port 1111
The Administration Service (FMSAdmin.exe) in Macromedia Flash Media Server 2.0 r1145 allows remote attackers to cause a denial of service (application crash) via a malformed request with a single character to port 1111.
by Kozan
Linux Kernel 2.6.11-2.6.14 - Denial of Service via 64-bit mmap Calls
Integer overflow in the invalidate_inode_pages2_range function in mm/truncate.c in Linux kernel 2.6.11 to 2.6.14 allows local users to cause a denial of service (hang) via 64-bit mmap calls that are not properly handled on a 32-bit system.
by Oleg Drokin
Sugar Suite < 4.0 beta - Directory Traversal via acceptDecline.php beanFiles Parameter
Directory traversal vulnerability in acceptDecline.php in Sugar Suite Open Source Customer Relationship Management (SugarCRM) 4.0 beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the beanFiles array parameter.
by pointslash
By Source