Exploitdb Exploits
3,138 exploits tracked across all sources.
BZFlag 1.7 g0 - Reconnect Denial of Service
by russian code molester
Maelstrom Player 3.0.x - Argument Buffer Overflow (2)
by knight420
Maelstrom <= 3.0.6 - Buffer Overflow via Long Server Command Line Argument
Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local users to execute arbitrary code via a long -server command line argument.
by CMN
PalmOS - Denial of Service via ICMP Echo Request Flood
PalmOS allows remote attackers to cause a denial of service (CPU consumption) via a flood of ICMP echo request (ping) packets.
by Shaun Colley
cdrecord <2.0 - Privilege Escalation
Format string vulnerability in scsiopen.c of the cdrecord program in cdrtools 2.0 allows local users to gain privileges via format string specifiers in the dev parameter.
by CMN
Samba < 2.2.8a and 2.0.10 - Remote Code Execution via call_trans2open Buffer Overflow
Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code.
by eDSee
Firebird < 1.5 - Buffer Overflow via Long INTERBASE Environment Variable
Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_inet_server, (2) gds_lock_mgr, or (3) gds_drop.
by bob
eServ 2.9x - Denial of Service via Memory Leak
Memory leak in eServ 2.9x allows remote attackers to cause a denial of service (memory exhaustion) via a large number of connections, whose memory is not freed when the connection is terminated.
by rash
Borland InterBase 6.0 - Local Buffer Overflow via INTERBASE Environment Variable
Buffer overflow in Borland InterBase 6.0 allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_drop, (2) gds_lock_mgr, or (3) gds_inet_server.
by bob
Kerio Personal Firewall <2.1.4 - RCE
Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet.
by Burebista
leksbot 1.2.3 - Privilege Escalation
leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, which allows local users to gain root privileges by exploiting unknown vulnerabilities related to the escalated privileges, which KATAXWR is not designed to have.
by gunzip
MySQL 3.20-4.1.0 - Weak Password Hashing
MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, which makes it easier for attackers to decrypt the password via brute force methods.
by Secret Squirrel
RealNetworks Helix Universal Server 9.0.2.768 - Remote Code Execution via RTSP/HTTP Request Buffer Overflow
Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 (9.0.2.768) allow remote attackers to execute arbitrary code via (1) a long Transport field in a SETUP RTSP request, (2) a DESCRIBE RTSP request with a long URL argument, or (3) two simultaneous HTTP GET requests with long arguments.
by Johnny Cyberpunk
Kerio Personal Firewall <2.1.4 - RCE
Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet.
by ThreaT
Sendmail - Buffer Overflow in prescan Address Parser
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.
by bysin
OpenSSH < 3.6.1 - Username Enumeration via PAM Timing Attack
OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
by Maurizio Agazzini
MDG Web Server 4D 3.6 - HTTP Command Buffer Overflow
by badpack3t
Pi3Web 2.0.1 - Buffer Overflow via GET Request with Excessive Slashes
Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GET request with a large number of / characters.
by aT4r
Qualcomm qpopper <4.05 - Code Injection
Untrusted search path vulnerability in Qualcomm qpopper 4.0 through 4.05 allows local users to execute arbitrary code by modifying the PATH environment variable to reference a malicious smbpasswd program.
by Xpl017Elz
Pi3Web 2.0.1 - Buffer Overflow via GET Request with Excessive Slashes
Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a GET request with a large number of / characters.
by Angelo Rosiello
PoPToP PPTP Server - Denial of Service via Invalid Control Packet Length
ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attackers to cause a denial of service via a length field of 0 or 1, which causes a negative value to be fed into a read operation, leading to a buffer overflow.
by blightninjas
Options Parsing Tool <3.18 - Buffer Overflow
Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as opt_warn_2, as used in functions such as opt_atoi.
by kf
Xeneo Web Server 2.2.10 - Undisclosed Buffer Overflow (PoC)
by badpack3t
By Source