Exploitdb Exploits
3,138 exploits tracked across all sources.
OpenFTPD < 0.30.2 - Authenticated Remote Code Execution via Format String in Message Argument
Format string vulnerability in the msg command (cat_message function in msg.c) in OpenFTPD 0.30.2 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in the message argument.
by Andi
Citadel/UX <= 6.23 - Denial of Service via Long Username
Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers to cause a denial of service via a long username.
by CoKi
Apache httpd 2.0.49 - DoS/Buffer Overflow
The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows remote attackers to cause a denial of service (memory exhaustion), and possibly an integer signedness error leading to a heap-based buffer overflow on 64 bit systems, via long header lines with large numbers of space or tab characters.
by anonymous
Avaya IP600 Media Servers - Stack-Based Buffer Overflow via Long Parameters in .job File
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
by houseofdabus
Citadel/UX 5.9/6.x - 'Username' Remote Buffer Overflow (2)
by Nebunu
Citadel/UX 5.9/6.x - 'Username' Remote Buffer Overflow (1)
by CoKi
Windows 2000 - Privilege Escalation via Utility Manager Shatter Attack
Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.
by kralor
CVSS 7.8
Medal of Honor Allied Assault - Buffer Overflow via LAN Query and Connect Packet
Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and earlier, (2) Breakthrough 2.40b and earlier, and (3) Spearhead 2.15 and earlier, when playing on a Local Area Network (LAN), allows remote attackers to execute arbitrary code via vectors such as (1) the getinfo query, (2) the connect packet, and other unknown vectors.
by Luigi Auriemma
SCO OpenServer 5.0.6-5.0.7 - Denial of Service via MMDF Null Dereference
Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7, and possibly other operating systems, may allow attackers to cause a denial of service by triggering a null dereference.
by Ramon de C Valle
Artmedic Webdesign Kleinanzeigen Script - Remote File Inclusion
by Adam Simuntis
Avaya IP600 Media Servers - Stack-Based Buffer Overflow via Long Parameters in .job File
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
by anonymous
Windows 2000 - Privilege Escalation via Utility Manager Shatter Attack
Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.
by kralor
CVSS 7.8
Windows 2000 - Privilege Escalation via Utility Manager Shatter Attack
Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.
by bkbll
CVSS 7.8
Microsoft Interix - Local Buffer Overflow via POSIX Component
The POSIX component of Microsoft Windows NT and Windows 2000 allows local users to execute arbitrary code via certain parameters, possibly by modifying message length values and causing a buffer overflow.
by bkbll
CVSS 7.8
Windows 2000 - Privilege Escalation via Utility Manager Shatter Attack
Utility Manager in Windows 2000 launches winhlp32.exe while Utility Manager is running with raised privileges, which allows local users to gain system privileges via a "Shatter" style attack that sends a Windows message to cause Utility Manager to launch winhlp32 by directly accessing the context sensitive help and bypassing the GUI, then sending another message to winhlp32 in order to open a user-selected file, a different vulnerability than CVE-2003-0908.
by Cesar Cerrudo
CVSS 7.8
phpMyAdmin <2.5.8 - Command Injection
Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name.
by Nasir Simbolon
MPlayer 1.0pre4 - Buffer Overflow in TranslateFilename
Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 allows remote attackers to execute arbitrary code via a long file name.
by c0ntex
UNIX 7th Edition /bin/mkdir - Local Buffer Overflow
by anonymous
CVS <1.11.16-1.12.8 - Buffer Overflow
Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.
by anonymous
CVS <1.11.16-1.12.8 - Buffer Overflow
Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up to 1.12.7, when using the pserver mechanism allows remote attackers to execute arbitrary code via Entry lines.
by Ac1dB1tCh3z
Subversion <= 1.0.2 - Remote Code Execution via DAV2 REPORT Query or get-dated-rev Command
Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command.
by Gyan Chawdhary
Linux kernel 2.4.x-2.6.x - DoS
Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a denial of service (system crash), possibly via an infinite loop that triggers a signal handler with a certain sequence of fsave and frstor instructions, as originally demonstrated using a "crash.c" program.
by lorenzo
FreeBSD 5.1 - Denial of Service via Unaligned Memory Address in execve System Call
FreeBSD 5.1 for the Alpha processor allows local users to cause a denial of service (crash) via an execve system call with an unaligned memory address as an argument.
by Marceta Milos
By Source