Exploitdb Exploits
3,138 exploits tracked across all sources.
Blitzkrieg 2 < 1.21 - 'Server/Client' Denial of Service
by Luigi Auriemma
Battle Carry <= .005 - Denial of Service via Large UDP Packet
Battle Carry .005 and earlier allows remote attackers to cause a denial of service (inaccessible port) via a large packet, which triggers a socket error and terminates the socket that is listening on the server's UDP port.
by Luigi Auriemma
Mirabilis ICQ 2003a - Remote Buffer Overflow Download Shellcode
by ATmaCA
Hasbani Web Server 2.0 - Denial of Service via Crafted HTTP GET Request
Hasbani Web Server (WindWeb) 2.0 allows remote attackers to cause a denial of service (infinite loop) via HTTP crafted GET requests.
by Expanders
Affix Bluetooth Protocol Stack - Privilege Escalation
The affix_sock_register in the Affix Bluetooth Protocol Stack for Linux might allow local users to gain privileges via a socket call with a negative protocol value, which is used as an array index.
by qobaiashi
Snort - Stack-based Buffer Overflow via Back Orifice Preprocessor
Stack-based buffer overflow in the Back Orifice (BO) preprocessor for Snort before 2.4.3 allows remote attackers to execute arbitrary code via a crafted UDP packet.
by rd
Microsoft Windows 2000 SP4 and XP SP1-SP2 - Stack-Based Buffer Overflow in Plug and Play Service via Registry Key Name
Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
by Winny Thomas
Microsoft Windows 2000 SP4 and XP SP1-SP2 - Stack-Based Buffer Overflow in Plug and Play Service via Registry Key Name
Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters in a registry key name, which triggers the overflow in a wsprintfW function call.
by anonymous
XMail - Stack-based Buffer Overflow via Long -t Command Line Option
Stack-based buffer overflow in sendmail in XMail before 1.22 allows remote attackers to execute arbitrary code via a long -t command line option.
by qaaz
Linux Kernel < 2.6.14-rc5 - Denial of Service via UDPv6 Port Handling
The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, when running IPv6, allows local users to cause a denial of service (infinite loop and crash).
by Rémi Denis-Courmont
Linux Kernel <2.6.11.5 - Privilege Escalation
The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.
by backdoored.net
Computer Associates iGateway <4.0.050623 - RCE
Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 before 4.0.050623, when running in debug mode, allows remote attackers to execute arbitrary code via HTTP GET requests.
by egm
up-imapproxy 1.2.3-1.2.4 - Remote Code Execution via Format String in Banner or Capability Line
Format string vulnerability in the ParseBannerAndCapability function in main.c for up-imapproxy 1.2.3 and 1.2.4 allows remote IMAP servers to execute arbitrary code via format string specifiers in a banner or capability line.
by Steve Kemp
GNOME libzvt2/libvte4 - Info Disclosure
gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed.
by Paul Szabo
Virtools Web Player <3.0.0.100 - RCE
Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows remote attackers to execute arbitrary code via a long filename.
by Luigi Auriemma
ProZilla Download Accelerator 1.3.7.4 - Buffer Overflow via FTP Search HREF Field
Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 and possibly earlier, with the -ftpsearch option enabled, allows remote servers to execute arbitrary code via a search response with a crafted string in the HREF field of an <A> tag.
by taviso
MultiTheftAuto 0.5 - Multiple Vulnerabilities
by Luigi Auriemma
MultiTheftAuto <0.5 - Command Injection
MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client privileges when running command 40, which allows remote attackers to change or delete the message of the day (motd.txt).
by Luigi Auriemma
Real HelixPlayer & RealPlayer 10 - RCE
Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the (1) image handle or (2) timeformat attribute in a RealPix (.rp) or RealText (.rt) file.
by c0ntex
GNU Mailutils 0.6 - Authenticated Remote Code Execution via IMAP SEARCH Command Format String
Format string vulnerability in search.c in the imap4d server in GNU Mailutils 0.6 allows remote authenticated users to execute arbitrary code via format string specifiers in the SEARCH command.
by Angelo Rosiello
Nokia Series 60 - Denial of Service via Bluetooth Nickname
Nokia Symbian 60 allows remote attackers to cause a denial of service (phone restart) via a Bluetooth nickname.
by Qnix
Mercury Mail Transport System < 4.01b - Remote Code Execution via Long LOGIN Command
Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961.
by c0d3r
By Source