Exploitdb Exploits
3,138 exploits tracked across all sources.
AnalogX SimpleServer:WWW < 1.16 - Remote Code Execution via Long HTTP Request Method
Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier allows remote attackers to cause a denial of service (crash) and execute code via a long HTTP request method name.
by Auriemma Luigi
Mozilla and Netscape Communicator - Denial of Service via POP3 Mail Message Newline Handling
The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communicator 4.7 and earlier, allows remote attackers to cause a denial of service (no new mail) via a mail message containing a dot (.) at a newline, which is interpreted as the end of the message.
by eldre8
simpleinit - Privilege Escalation via FIFO Descriptor Handling
simpleinit on Linux systems does not close a read/write FIFO file descriptor before creating a child process, which allows the child process to cause simpleinit to execute arbitrary programs with root privileges.
by Patrick Smith
IRCIT 0.3.1 - Buffer Overflow via Long Invite Request
Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to execute arbitrary code via a long invite request.
by gobbles
Telindus 1100 - Privilege Escalation
Telindus 1100 series ADSL router allows remote attackers to gain privileges to the device via a certain packet to UDP port 9833, which generates a reply that includes the router's password and other sensitive information in cleartext.
by rubik
SHOUTcast < 1.8.12 - Authenticated Buffer Overflow via Long icy- Header
Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 allows a remote authenticated DJ to execute arbitrary code on the server via a long value in a header whose name begins with "icy-".
by eSDee
QNX RTOS 6.1.0 - Local Buffer Overflow via ABLANG Environment Variable or pkg-installer -u Option
Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 allows local users to execute arbitrary code via (1) a long ABLANG environment variable in phlocale or (2) a long -u option to pkg-installer.
by badc0ded
QNX RTOS 6.1.0 - Local Buffer Overflow via ABLANG Environment Variable or pkg-installer -u Option
Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 allows local users to execute arbitrary code via (1) a long ABLANG environment variable in phlocale or (2) a long -u option to pkg-installer.
by badc0ded
Shambala Server 4.5 - Denial of Service via Malformed HTTP Request
Web server for Shambala 4.5 allows remote attackers to cause a denial of service (crash) via a malformed HTTP request.
by Shambala
IBM Informix SE-7.25 - Local Buffer Overflow via INFORMIXDIR Environment Variable
Buffer overflow in sqlexec for Informix SE-7.25 allows local users to gain root privileges via a long INFORMIXDIR environment variable.
by smurf
Yahoo! Messenger 5.0.0.1064 - Remote Code Execution via Long YMSGR URI Arguments
Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary code via a ymsgr URI with long arguments to (1) call, (2) sendim, (3) getimv, (4) chat, (5) addview, or (6) addfriend.
by bob
Sendmail 8.9.0-8.12.3 - Denial of Service via File Locking
Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of service by obtaining an exclusive lock on the (1) alias, (2) map, (3) statistics, and (4) pid files.
by zillion
Sendmail 8.9.0-8.12.3 - Denial of Service via File Locking
Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of service by obtaining an exclusive lock on the (1) alias, (2) map, (3) statistics, and (4) pid files.
by zillion
NewAtlanta ServletExec ISAPI 4.1 - Denial of Service via Long JSP File Request
NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a denial of service (crash) via (1) a request for a long .jsp file, or (2) a long URL sent directly to com.newatlanta.servletexec.JSP10Servlet.
by Matt Moore
YoungZSoft CMailServer 3.30 - Remote Code Execution via Long USER Argument
Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via a long USER argument.
by Over_G
YoungZSoft CMailServer 3.30 - Remote Code Execution via Long USER Argument
Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via a long USER argument.
by anonymous
psyBNC 2.3 - Denial of Service via Long PASS Command
psyBNC 2.3 allows remote attackers to cause a denial of service (CPU consumption and resource exhaustion) by sending a PASS command with a long password argument and quickly killing the connection, which is not properly terminated by psyBNC.
by Lunar Fault
wu-ftpd 2.6.1 - Remote Command Execution via Glob Function
wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).
by Teso
Squid < 2.4_9 - Heap-Based Buffer Overflow via Compressed DNS Responses
Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses.
by Teso
University of Washington uw-imap - Authenticated Buffer Overflow via Long BODY Request
Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
by 0x3a0x29 crew
University of Washington uw-imap - Authenticated Buffer Overflow via Long BODY Request
Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
by korty
ISC DHCPd 3-3.0.1rc8 - Remote Code Execution via Format String in DNS Response
Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers to execute arbitrary code via format strings in a DNS server response.
by Andi
Internet Information Server 4.0 and 5.0 - Buffer Overflow in Chunked Encoding Transfer Mechanism
Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.
by yuange
GNU screen 3.9.11 - Buffer Overflow in Braille Module
Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE_BRAILLE is defined, allows local users to execute arbitrary code.
by Gobbles Security
FreeBSD <4.5 - Local Privilege Escalation
FreeBSD 4.5 and earlier, and possibly other BSD-based operating systems, allows local users to write to or read from restricted files by closing the file descriptors 0 (standard input), 1 (standard output), or 2 (standard error), which may then be reused by a called setuid process that intended to perform I/O on normal files.
by phased
By Source