Exploitdb Exploits
3,138 exploits tracked across all sources.
SlimFTPd 3.15 - Buffer Overflow via Long Command
Buffer overflow in SlimFTPd 3.15 and earlier allows local users to execute arbitrary code via a long command, such as (1) CWD, (2) STOR, (3) MKD, and (4) STAT.
by class101
XFree86 4.1.0-4.3.0 - Buffer Overflow in ReadFontAlias via Long Token
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file (font.alias) with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106.
Linux kernel <2.6.8 - Code Injection
The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.
by Paul Starzetz
CCProxy - Buffer Overflow via Long HTTP GET Request
Buffer overflow in the logging component of CCProxy allows remote attackers to execute arbitrary code via a long HTTP GET request.
by Ruder
qwikmail_smtp <= 0.3 - Remote Code Execution via Format String in SMTP Client Input
Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smtpd) 0.3 and earlier allows remote attackers to execute arbitrary code via format specifiers in the (1) clientRcptTo array, and the (2) Received and (3) messageID variables, possibly involving HELO and hostname arguments.
by Carlos Barros
MiniShare < 1.4.1 - Remote Code Execution via Long HTTP GET Request
Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
by class101
Ability Server 2.34 - Remote Code Execution via Long STOR Command
Buffer overflow in Ability Server 2.34, and possibly other versions, allows remote attackers to execute arbitrary code via a long STOR command.
by NoPh0BiA
Freeform Interactive Purge Jihad - Denial of Service
Format string vulnerability in the Lithtech engine, as used in multiple games, allows remote authenticated users to cause a denial of service (application crash) via format string specifiers in (1) a nickname or (2) a message.
by Luigi Auriemma
Chesapeake TFTP Server 1.0 - Directory Traversal / Denial of Service (PoC)
by Luigi Auriemma
WvTftp 0.9 - Remote Code Execution via Long TFTP Option String
Heap-based buffer overflow in the WvTFTPServer::new_connection function in wvtftpserver.cc for WvTftp 0.9 allows remote attackers to execute arbitrary code via a long option string in a TFTP packet.
by infamous41md
Master of Orion III <= 1.2.5 - Denial of Service via Long Nickname
Master of Orion III 1.2.5 and earlier allows remote attackers to cause a denial of service (server crash) via multiple connections with long nicknames, possibly triggering a buffer overflow.
by Luigi Auriemma
SCO OpenServer 5.0.6-5.0.7 - Buffer Overflow via execmail
Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to execute arbitrary code, as demonstrated via the execmail program.
by Ramon de C Valle
libXML 2.6.12-2.6.13 - Buffer Overflow
Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.
by Sean
SGI Propack - Buffer Overflow
Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.
by infamous41md
GD Graphics Library libgd 2.0.28 - RCE/DoS
Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.
by anonymous
socat 1.4.0.3 - Remote Code Execution via Format String in Syslog Message
Format string vulnerability in the _msg function in error.c in socat 1.4.0.3 and earlier, when used as an HTTP proxy client and run with the -ly option, allows remote attackers or local users to execute arbitrary code via format string specifiers in a syslog message.
by CoKi
ShixxNote 6.net build 117 - Buffer Overflow via Long Font Field
Buffer overflow in ShixxNote 6.net build 117 allows remote attackers to execute arbitrary code via a long font field.
by class101
HP-UX - Buffer Overflow in mod_include get_tag Function
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
by xCrZx
CVSS 7.8
Microsoft Windows 2000, Windows XP, and Windows Server 2003 - Remote Code Execution via WMF/EMF Image Processing
Unknown vulnerability in the Graphics Rendering Engine processes of Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code via (1) Windows Metafile (WMF) or (2) Enhanced Metafile (EMF) image formats that involve "an unchecked buffer."
by houseofdabus
YPOPs! 0.4-0.6 - Stack-Based Buffer Overflow via Long POP3 USER Command or SMTP Request
Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 through 0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) POP3 USER command or (2) SMTP request.
by Diabolic Crab
HP-UX - Buffer Overflow in mod_include get_tag Function
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
by xCrZx
CVSS 7.8
ProFTPD 1.2.0-1.2.10 - Username Enumeration via Timing Discrepancy
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.
by Leon Juranic
Monit 1.4-4.2 - Stack-Based Buffer Overflow via Long Username
Stack-based buffer overflow in the administration interface in Monit 1.4 through 4.2 allows remote attackers to execute arbitrary code via a long username.
by rtk
YPOPs! 0.4-0.6 - Stack-Based Buffer Overflow via Long POP3 USER Command or SMTP Request
Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 through 0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) POP3 USER command or (2) SMTP request.
by class101
By Source