Exploitdb Exploits
3,138 exploits tracked across all sources.
Appfluent Technology Database IDS 2.0 - Local Buffer Overflow via APPFLUENT_HOME Environment Variable
Buffer overflow in Appfluent Technology Database IDS 2.0 allows local users to execute arbitrary code via a long APPFLUENT_HOME environment variable.
by c0ntex
SimpleBBS <= 1.1 - Remote Code Execution via Host Header Injection
Direct static code injection vulnerability in includes/newtopic.php in SimpleBBS 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the Host header (possibly the name parameter or variable), which is then written to data/topics.php.
by unitedasia
AWARD Bios Modular 4.50pg - Info Disclosure
AWARD Bios Modular 4.50pg does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory.
by Endrazine
Microsoft Windows XP-2003 - Local Privilege Escalation
NOTE: this issue has been disputed by third parties. Microsoft Windows XP, 2000, and 2003 allows local users to kill a writable process by using the CreateRemoteThread function with certain arguments on a process that has been opened using the OpenProcess function, possibly involving an invalid address for the start routine. NOTE: followup posts have disputed this issue, saying that if a user already has privileges to write to a process, then other functions could be called or the process could be terminated using PROCESS_TERMINATE
by Nima Salehi
Windows 2000 SP4, XP SP1-SP2, Server 2003 SP1 - Remote Code Execution via Crafted WMF Image
Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1, related to "An unchecked buffer" and possibly buffer overflows, allows remote attackers to execute arbitrary code via a crafted Windows Metafile (WMF) format image, aka "Windows Metafile Vulnerability."
by Winny Thomas
QNX RTOS 6.2.1 and 6.3.0 - Buffer Overflow in phgrafx via Long Command Line Argument
Buffer overflow in phgrafx in QNX 6.2.1 and 6.3.0 allows local users to execute arbitrary code via a long command line argument.
by p. minervini
Windows 2000 SP4, XP SP1-SP2, Server 2003 SP1 - Remote Code Execution via Crafted WMF Image
Unspecified vulnerability in the Graphics Rendering Engine (GDI32.DLL) in Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1, related to "An unchecked buffer" and possibly buffer overflows, allows remote attackers to execute arbitrary code via a crafted Windows Metafile (WMF) format image, aka "Windows Metafile Vulnerability."
by Winny Thomas
Linux Kernel < 2.6.15 - Denial of Service via Lease Time-Out Log Flooding
The time_out_leases function in locks.c for Linux kernel before 2.6.15-rc3 allows local users to cause a denial of service (kernel log message consumption) by causing a large number of broken leases, which is recorded to the log using the printk function.
by Avi Kivity
centericq 4.20.0-r3 - Denial of Service via Short Zero-Length Packets
centericq 4.20.0-r3 with "Enable peer-to-peer communications" set allows remote attackers to cause a denial of service (segmentation fault and crash) via short zero-length packets, and possibly packets of length 1 or 2, as demonstrated using Nessus.
by Wernfried Haas
Microsoft Distributed Transaction Coordinator - Memory Corruption
The MIDL_user_allocate function in the Microsoft Distributed Transaction Coordinator (MSDTC) proxy (MSDTCPRX.DLL) allocates a 4K page of memory regardless of the required size, which allows attackers to overwrite arbitrary memory locations using an incorrect size value that is provided to the NdrAllocate function, which writes management data to memory outside of the allocated buffer.
by darkeagle
freeFTPd 1.0.10 - Authenticated Denial of Service via PORT Command
freeFTPd 1.0.10 allows remote authenticated users to cause a denial of service (null dereference and crash) via a PORT command with missing arguments.
by Stefan Lochbihler
Macromedia Flash Player - Remote Code Execution via ActionDefineFunction ActionScript Call
Macromedia Flash plugin (1) Flash.ocx 7.0.19.0 (Windows) and earlier and (2) libflashplayer.so before 7.0.25.0 (Unix) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via parameters to the ActionDefineFunction ActionScript call in a SWF file, which causes an improper memory access condition, a different vulnerability than CVE-2005-2628.
by BassReFLeX
freeFTPd 1.0.8 - Authenticated Buffer Overflow via MKD or DELE Command
Multiple buffer overflows in freeFTPd 1.0.8, without logging enabled, allow remote authenticated attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via long (1) MKD and (2) DELE commands.
by Expanders
Windows 2000 SP4 and earlier - Denial of Service via UPnP DCE RPC Request
PNP_GetDeviceList (upnp_getdevicelist) in UPnP for Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via a DCE RPC request that specifies a large output buffer size, a variant of CVE-2006-6296, and a different vulnerability than CVE-2005-2120.
by Winny Thomas
Snort - Stack-based Buffer Overflow via Back Orifice Preprocessor
Stack-based buffer overflow in the Back Orifice (BO) preprocessor for Snort before 2.4.3 allows remote attackers to execute arbitrary code via a crafted UDP packet.
by xort
RealNetworks RealPlayer <10.5 - RCE
Integer overflow in RealNetworks RealPlayer 8, 10, and 10.5, RealOne Player 1 and 2, and Helix Player 10.0.0 allows remote attackers to execute arbitrary code via an .rm movie file with a large value in the length field of the first data packet, which leads to a stack-based buffer overflow, a different vulnerability than CVE-2004-1481.
by nolimit
Linux Kernel < 2.6.14 - Denial of Service via sysctl Interface File Handling
The sysctl functionality (sysctl.c) in Linux kernel before 2.6.14.1 allows local users to cause a denial of service (kernel oops) and possibly execute code by opening an interface file in /proc/sys/net/ipv4/conf/, waiting until the interface is unregistered, then obtaining and modifying function pointers in memory that was used for the ctl_table.
by Rémi Denis-Courmont
linux-ftpd-ssl 0.17 - Remote Code Execution via Long Directory Name XPWD Command
Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0.17 allows remote attackers to execute arbitrary code by creating a long directory name, then executing the XPWD command.
by kingcope
Asus Video Security Online < 3.5.0.0 - Buffer Overflow via Long Username/Password
Buffer overflow in Asus Video Security 3.5.0.0 and earlier, when using authorization, allows remote attackers to execute arbitrary code via a long username/password string.
by Luigi Auriemma
Scorched 3D 39.1 (bf) and earlier - Denial of Service via Negative numplayers Value
Scorched 3D 39.1 (bf) and earlier allows remote attackers to cause a denial of service (long loop and server hang) via a negative numplayers value that bypasses a signed check in ServerConnectHandler.cpp.
by Luigi Auriemma
GO-Global Windows Server 3.1.0.3270 - Buffer Overflow (PoC)
by Luigi Auriemma
GO-Global for Windows <= 3.1.0.3270 - Remote Code Execution via Oversized Data Block
Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows remote attackers to execute arbitrary code via a data block that is longer than the specified data block size.
by Luigi Auriemma
Glider Collect'n kill 1.0.0.0 - Remote Code Execution via Long Player Name in gl_playerEnter Command
Buffer overflow in Glider Collect'n kill 1.0.0.0 allows remote attackers to execute arbitrary code via a gl_playerEnter command with a long player name.
by Luigi Auriemma
FlatFrag <= 0.3 - Denial of Service via NT_CONN_OK Command
FlatFrag 0.3 and earlier allows remote attackers to cause a denial of service (crash) by sending an NT_CONN_OK command from a client that is not connected, which triggers a null dereference.
by Luigi Auriemma
By Source