Exploitdb Exploits

3,138 exploits tracked across all sources.

Sort: Activity Stars
CVE-2005-0047 EXPLOITDB c VERIFIED
Windows 2000, XP, and Server 2003 - Remote Code Execution via COM Structured Storage
Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."
by Cesar Cerrudo
CVE-2005-1820 EXPLOITDB c VERIFIED
Zeroboard 4.1pl2-4.1pl5 - Remote Code Execution via preg_replace Function
zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote attackers to execute arbitrary PHP code via improper quoting when using the preg_replace function.
by n0gada
CVE-2005-1461 EXPLOITDB c VERIFIED
Ethereal < 0.10.11 - Multiple Buffer Overflows in Dissectors
Multiple buffer overflows in the (1) SIP, (2) CMIP, (3) CMP, (4) CMS, (5) CRMF, (6) ESS, (7) OCSP, (8) X.509, (9) ISIS, (10) DISTCC, (11) FCELS, (12) Q.931, (13) NCP, (14) TCAP, (15) ISUP, (16) MEGACO, (17) PKIX1Explitit, (18) PKIX_Qualified, (19) Presentation dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.
by Team W00dp3ck3r
CVE-2005-0021 EXPLOITDB c VERIFIED
Exim < 4.43 - Buffer Overflow via IPv6 Address or DNS PTR Lookup
Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
by Plugger
CVE-2005-0356 EXPLOITDB c VERIFIED
Cisco Agent Desktop - Denial of Service via Spoofed TCP Timestamp Packet
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.
by Daniel Hartmeier
EIP-2026-107314 EXPLOITDB c VERIFIED
Fusion SBX 1.2 - Remote Command Execution
by Silentium
CVE-2005-1679 EXPLOITDB c VERIFIED
picasm < 1.12b - Stack-Based Buffer Overflow via Long Error Message
Stack-based buffer overflow in the error directive in picasm 1.12b and earlier allows attackers to execute arbitrary code via a long error message.
by Shaun Colley
CVE-2005-1547 EXPLOITDB c VERIFIED
Bakbone Netvault - Remote Code Execution via Large Packet to Port 20031
Heap-based buffer overflow in the demo version of Bakbone Netvault, and possibly other versions, allows remote attackers to execute arbitrary commands via a large packet to port 20031.
by nolimit
CVE-2005-1589 EXPLOITDB c VERIFIED
Linux Kernel < 2.6.12 - Denial of Service and Arbitrary Code Execution via pkt_ioctl Function
The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space and allows local users to cause a denial of service and possibly execute arbitrary code, a similar vulnerability to CVE-2005-1264.
by alert7
CVE-2005-1261 EXPLOITDB c VERIFIED
Gaim - Stack-Based Buffer Overflow via URL Parsing in Instant Message
Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message (IM) with a large URL.
by Ron
CVE-2005-1344 EXPLOITDB c VERIFIED
Apache HTTP Server 2.0.52 - Buffer Overflow via Long Realm Argument
Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
by K-sPecial
CVE-2005-1654 EXPLOITDB c VERIFIED
Hosting Controller < 6.1 Hotfix 1.9 - Unauthenticated Arbitrary User Registration via Direct Request
Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers to register arbitrary users via a direct request to addsubsite.asp with the loginname and password parameters set.
by Silentium
CVE-2005-1470 EXPLOITDB c VERIFIED
Ethereal - Denial of Service in TZSP MGCP ISUP SMB or Bittorrent Dissectors
Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, (4) SMB, or (5) Bittorrent dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors.
by Nicob
CVE-2005-1344 EXPLOITDB c VERIFIED
Apache HTTP Server 2.0.52 - Buffer Overflow via Long Realm Argument
Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
by Luca Ercoli
EIP-2026-114618 EXPLOITDB c VERIFIED
ZeroBoard - Worm Source Code
by anonymous
CVE-2005-1507 EXPLOITDB c VERIFIED
4D WebSTAR 5.33 and 5.4 - Buffer Overflow via Long URL
Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL.
by Braden Thomas
EIP-2026-103101 EXPLOITDB c VERIFIED
dSMTP Mail Server 3.1b (Linux) - Format String
by cybertronic
EIP-2026-103228 EXPLOITDB c VERIFIED
Subversion 0.3.7/1.0.0 - Remote Buffer Overflow
by greuff
EIP-2026-102153 EXPLOITDB c VERIFIED
HP-UX FTPD 1.1.214.4 - 'REST' Remote Brute Force
by phased
CVE-2005-1396 EXPLOITDB c VERIFIED
Ce/Ceterm <2.5.4 - Local Privilege Escalation
Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows local users to write to arbitrary files via a symlink attack on the ce_edit_log temporary file.
by Kevin Finisterre
CVE-2005-1394 EXPLOITDB c VERIFIED
ArcGIS for ESRI ArcInfo Workstation 9.0 - Privilege Escalation
Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to (1) wservice or (2) lockmgr.
by Kevin Finisterre
CVE-2005-0634 EXPLOITDB c VERIFIED
Golden FTP Server 1.92 - Remote Code Execution via Long USER Command
Buffer overflow in Golden FTP Server 1.92 allows remote attackers to execute arbitrary code via a long USER command.
by darkeagle
CVE-2005-0634 EXPLOITDB c VERIFIED
Golden FTP Server 1.92 - Remote Code Execution via Long USER Command
Buffer overflow in Golden FTP Server 1.92 allows remote attackers to execute arbitrary code via a long USER command.
by c0d3r
CVE-2005-1246 EXPLOITDB c VERIFIED
snmppd 0.4.5 - Remote Code Execution via Format String in snmppd_log
Format string vulnerability in the snmppd_log function in snmppd_util.c for snmppd 0.4.5 and earlier may allow remote attackers to cause a denial of service or execute arbitrary code via format string specifiers that are not properly handled in a syslog call.
by cybertronic
CVE-2005-1418 EXPLOITDB c VERIFIED
NetLeaf Limited NotJustBrowsing <1.0.3 - Info Disclosure
NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in plaintext in the notjustbrowsing.prf file, which allows local users to gain privileges.
by Kozan
By Source
All 3,138 Writeup 62,260 Exploitdb 50,076 Nomisec 22,408 Github 3,623 Metasploit 3,312 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,570 ruby 6,003 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 131 go 73 postscript 25 typescript 25