Exploitdb Exploits

3,138 exploits tracked across all sources.

Sort: Activity Stars
CVE-2004-0597 EXPLOITDB c VERIFIED
libpng < 1.2.5 - Remote Code Execution via Malformed PNG Image
Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary code via malformed PNG images in which (1) the png_handle_tRNS function does not properly validate the length of transparency chunk (tRNS) data, or the (2) png_handle_sBIT or (3) png_handle_hIST functions do not perform sufficient bounds checking.
by ATmaCA
CVE-2005-0422 EXPLOITDB c VERIFIED
DelphiTurk CodeBank <3.1 - Privilege Escalation
DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and passwords in the Codebank registry key, which allows local users to gain privileges.
by Kozan
CVE-2005-0340 EXPLOITDB c VERIFIED
Apple AFP Server - Denial of Service via Negative UAM String Length in FPLoginExt Packet
Integer signedness error in Apple File Service (AFP Server) allows remote attackers to cause a denial of service (application crash) via a negative UAM string length in a FPLoginExt packet.
by nemo
CVE-2005-0419 EXPLOITDB c VERIFIED
3Com 3CServer - Authenticated Remote Code Execution via Long FTP Command
Multiple heap-based buffer overflows in 3Com 3CServer allow remote authenticated users to execute arbitrary code via long FTP commands, as demonstrated using the STAT command.
by mandragore
CVE-2005-0155 EXPLOITDB c VERIFIED
Perl 5.8.0 - Arbitrary File Creation via PERLIO_DEBUG Variable
The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.
by Kevin Finisterre
CVE-2005-0156 EXPLOITDB c VERIFIED
Perl 5.8.0 - Local Buffer Overflow via PERLIO_DEBUG Environment Variable
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
by Kevin Finisterre
EIP-2026-102704 EXPLOITDB c VERIFIED
ngIRCd 0.8.1 - Remote Denial of Service (2)
by CorryL
CVE-2005-0226 EXPLOITDB c VERIFIED
ngIRCd 0.8.2 - Remote Code Execution via Format String in Log_Resolver
Format string vulnerability in the Log_Resolver function in log.c for ngIRCd 0.8.2 and earlier, when compiled with IDENT, logging to SYSLOG, and with DEBUG enabled, allows remote attackers to execute arbitrary code.
by CoKi
CVE-2005-0101 EXPLOITDB c VERIFIED
Newspost < 2.1.1 - Remote Code Execution via Long NNTP Response String
Buffer overflow in the socket_getline function in Newspost 2.1.1 and earlier allows remote malicious NNTP servers to execute arbitrary code via a long string without a newline character.
by cybertronic
CVE-2001-0241 EXPLOITDB c VERIFIED
Windows 2000 - Buffer Overflow in Internet Printing ISAPI Extension
Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.
by styx
CVE-2005-0330 EXPLOITDB c VERIFIED
Painkiller <= 1.35 - Authenticated Buffer Overflow via Long CD-Key Hash
Buffer overflow in Painkiller 1.35 and earlier, and possibly other versions before 1.61, allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a long cd-key hash.
by Luigi Auriemma
CVE-2005-0245 EXPLOITDB c VERIFIED
PostgreSQL < 7.3.10 - Heap-Based Buffer Overflow via Refcursor Function Arguments
Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attackers to execute arbitrary code via a large number of arguments to a refcursor function (gram.y), which leads to a heap-based buffer overflow, a different vulnerability than CVE-2005-0247.
by ChoiX
CVE-2005-0325 EXPLOITDB c VERIFIED
Xpand Rally 1.0.0.0 - Denial of Service via Malformed Packet
Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game servers to cause a denial of service (application crash) via a packet with large values that are not properly handled in certain malloc or memcpy operations.
by Luigi Auriemma
CVE-2005-0199 EXPLOITDB CRITICAL c VERIFIED
ngIRCd < 0.8.2 - Remote Denial of Service and Possible Code Execution via MODE Line Integer Underflow
Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length calculation, which leads to a buffer overflow.
by Florian Westphal
CVSS 9.8
CVE-2004-1235 EXPLOITDB c VERIFIED
Linux kernel <2.6.11 - RCE
Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.
by Tim Hsu
CVE-2004-1388 EXPLOITDB c VERIFIED
BerliOS GPD daemon 1.9.0-2.7 - Remote Code Execution via Format String in GPS Request
Format string vulnerability in the gpsd_report function for BerliOS GPD daemon (gpsd, formerly pygps) 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls.
by JohnH
EIP-2026-102921 EXPLOITDB c VERIFIED
Mandrake / Slackware /usr/bin/trn - Local Privilege Escalation (Not SUID)
by ZzagorR
CVE-2005-0116 EXPLOITDB c VERIFIED
awstats < 6.3 - Remote Code Execution via configdir Parameter
AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.
by THUNDER
EIP-2026-117223 EXPLOITDB c VERIFIED
Funduc Search and Replace - Compressed File Local Buffer Overflow
by ATmaCA
CVE-2005-0416 EXPLOITDB c VERIFIED
Windows NT/2000/XP/2003 - Remote Code Execution via Animated Cursor Length Field
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allows remote attackers to execute arbitrary code via the AnimationHeaderBlock length field, which leads to a stack-based buffer overflow.
by houseofdabus
CVE-2005-0193 EXPLOITDB c VERIFIED
iSync mRouter - Buffer Overflow via Command Line Switches
Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync 1.5 in Mac OS X 10.3.7 and earlier allows local users to execute arbitrary code.
by nemo
EIP-2026-102839 EXPLOITDB c VERIFIED
fkey 0.0.2 - Local File Accessibility
by vade79
EIP-2026-104594 EXPLOITDB c VERIFIED
Darwin Kernel 7.1 - Mach File Parsing Local Integer Overflow
CVE-2005-0043 EXPLOITDB c VERIFIED
Apple iTunes 4.7 - Remote Code Execution via Long URL in Playlist Files
Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files.
by nemo
CVE-2005-0021 EXPLOITDB c VERIFIED
Exim < 4.43 - Buffer Overflow via IPv6 Address or DNS PTR Lookup
Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.
by Rafael Carrasco
By Source
All 3,138 Writeup 62,282 Exploitdb 50,076 Nomisec 22,409 Github 3,626 Metasploit 3,312 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,570 ruby 6,003 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 131 go 73 postscript 25 typescript 25