Exploitdb Exploits
3,138 exploits tracked across all sources.
KPopup 0.9.1 - Privilege Escalation
misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program.
by b0f
Solaris 2.6-9 - Local Privilege Escalation via LD_PRELOAD Environment Variable
Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable.
by osker178
thttpd 2.21-2.23b1 - Remote Code Execution via Defang Buffer Overflow
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences.
by d3ck4
CVSS 9.8
wireless_tools - Buffer Overflow via Long OUT Environment Variable
Buffer overflow in iwconfig, when installed setuid, allows local users to execute arbitrary code via a long OUT environment variable.
by NrAziz
wireless_tools - Buffer Overflow via Long OUT Environment Variable
Buffer overflow in iwconfig, when installed setuid, allows local users to execute arbitrary code via a long OUT environment variable.
by axis
musicqueue 1.2.0 - Arbitrary File Overwrite via Symlink Attack on Crash File
Musicqueue 1.2.0 allows local users to overwrite arbitrary files by triggering a segmentation fault and using a symlink attack on the resulting musicqueue.crash file.
by dong-h0un U
Musicqueue 1.2.0 - Buffer Overflow via Long Language Variable in Configuration File
Buffer overflow in Musicqueue 1.2.0 allows local users to execute arbitrary code via a long language variable in the configuration file.
by dong-h0un U
thttpd 2.21-2.23b1 - Remote Code Execution via Defang Buffer Overflow
Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allows remote attackers to execute arbitrary code via requests that contain '<' or '>' characters, which trigger the overflow when the characters are expanded to "<" and ">" sequences.
by Joel Soderberg
CVSS 9.8
Messenger Service - Buffer Overflow
The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
by Adik
mIRC < 6.11 - Remote Code Execution via Long irc:// URL
Buffer overflow in mIRC before 6.11 allows remote attackers to execute arbitrary code via a long irc:// URL.
by blasty
Messenger Service - Buffer Overflow
The Messenger Service for Windows NT through Server 2003 does not properly verify the length of the message, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
by LSD-PLaNET
Oracle Database Server 9.0.x - Oracle Binary Local Buffer Overflow
by c0ntex
ProFTPD <1.2.9rc2 - Buffer Overflow
ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.
by Haggis
IRCnet IRCD 2.10.x-2.10.3p3 - Denial of Service via m_join Buffer Overflow
Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to 2.10.3p3 allows remote attackers to cause a denial of service.
by millhouse
Windows 2000 SP3-SP4 - Denial of Service and Privilege Escalation via RPC DCOM Interface
The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function.
by anonymous
OpenSSL 0.9.6d and earlier, 0.9.7-beta2 and earlier - Denial of Service via Invalid ASN1 Encodings
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.
by Syzop
OpenSSL 0.9.6 and 0.9.7 - Denial of Service via ASN.1 Tag Integer Overflow
Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.
by Bram Matthys
Centrinity FirstClass HTTP Server 5.50/5.77/7.0/7.1 - Long Version Field Denial of Service
by I2S-LaB
SuSE Linux 8.2Pro - Local Privilege Escalation
SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows local users to overwrite arbitrary files via a symlink attack on the susewm.$$ temporary file.
by Nash Leon
slocate 2.6 - Heap-Based Buffer Overflow via Modified Database
Heap-based buffer overflow in main.c of slocate 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative "pathlen" value to be used.
by Patrik Hornik
ProFTPD <1.2.9rc2 - Buffer Overflow
ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline characters when transferring files in ASCII mode, which allows remote attackers to execute arbitrary code via a buffer overflow using certain files.
by bkbll
Microsoft Windows XP/2000 - PostThreadMessage() Arbitrary Process Killing
by Brett Moore
Silly Poker 0.25.5 - Local HOME Environment Variable Buffer Overrun
by demz
webfs - Stack-based Buffer Overflow via Long Directory Pathname
Stack-based buffer overflow in webfs before 1.20 allows attackers to execute arbitrary code by creating directories that result in a long pathname.
by jsk
Mah-Jong 1.4 - MJ-Player Server Flag Local Buffer Overflow
by jsk
By Source