Exploitdb Exploits
3,138 exploits tracked across all sources.
Sudo 1.3.1 < 1.6.8p (OpenBSD) - Pathname Validation Privilege Escalation
by RusH
Nokia Affix 2.1.2 and 3.2.0 - Buffer Overflow via Long Filename in OBEX File Share
Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows remote attackers to execute arbitrary code via a long filename in an OBEX file share.
by Kevin Finisterre
Microsoft Windows 2000 and XP SP1 - Remote Code Execution via Message Queuing Buffer Overflow
Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
by houseofdabus
Solaris 8-10 - Privilege Escalation via LD_AUDIT Environment Variable
The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT.
by Przemyslaw Frasunek
Solaris 8-10 - Privilege Escalation via LD_AUDIT Environment Variable
The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT.
by Przemyslaw Frasunek
K-COLLECT CSV_DB.CGI 1.0/i_DB.CGI 1.0 - Remote Command Execution
by blahplok
Windows NT 4.0, 2000, XP, and Server 2003 - Remote Code Execution via Malicious SMB Transaction Responses
The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields.
by cybertronic
phpBB 2.0.15 - Register Multiple Users (Denial of Service)
by HaCkZaTaN
PeerCast < 0.1211 - Remote Code Execution via Format String in URL
Format string vulnerability in PeerCast 0.1211 and earlier allows remote attackers to execute arbitrary code via format strings in the URL.
by darkeagle
launchd 106 - Local Privilege Escalation
launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users to overwrite arbitrary files via a symlink attack on the socket file in an insecure temporary directory.
by intropy
IBM AIX 5.3 - Format String Vulnerability in paginit Command
Format string vulnerability in the paginit command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via format strings in command line arguments.
by intropy
IBM AIX 5.1-5.3 - Local Buffer Overflow via netpmon -O Argument
Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -O argument.
by intropy
IBM AIX 5.1-5.3 - Local Buffer Overflow via ipl_varyon -d Argument
Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -d argument.
by intropy
Webhints 1.03 - Remote Command Execution via Shell Metacharacters
hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.
by Alpha_Programmer
GNU Mailutils imap4d 0.5 < 0.6.90 - Remote Format String
by qobaiashi
tcpdump 3.x - Denial of Service via BGP Packet Handling
The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.
by simon
Ipswitch IMail < 8.2 Hotfix 2 - Remote Code Execution via IMAP LOGIN Command
Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character.
by nolimit
FUSE 2.x < 2.3.0 - Information Disclosure via Unfilled Memory Pages
FUSE 2.x before 2.3.0 does not properly clear previously used memory from unfilled pages when the filesystem returns a short byte count to a read request, which may allow local users to obtain sensitive information.
by Miklos Szeredi
Crob FTP 3.6.1 - Remote Code Execution via Long FTP Command or Globbing Character
Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier versions, allow remote attackers to execute arbitrary code via (1) an FTP command with a large string followed by the RMD command with a long string or (2) a globbing ("*") character followed by a long string.
by Leon Juranic
FutureSoft TFTP Server Evaluation Version 1.0.0.1 - Remote Code Execution via Long Filename or Transfer Mode String
Multiple stack-based buffer overflows in FutureSoft TFTP Server Evaluation Version 1.0.0.1 allow remote attackers to execute arbitrary code via a long (1) filename or (2) transfer mode string in a Read Request (RRQ) or Write Request (WRQ) packet.
by ATmaCA
By Source