Exploitdb Exploits
2,814 exploits tracked across all sources.
Image Display System 0.81 - Info Disclosure
The getAlbumToDisplay function in idsShared.pm for Image Display System (IDS) 0.81 allows remote attackers to determine the existence of arbitrary directories via ".." sequences in the album parameter, which generates different error messages depending on whether the directory exists or not.
by isox
Cisco Cbos - Denial of Service
Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote attackers to cause a denial of service (hang or memory consumption) via (1) a large packet to the DHCP port, (2) a large packet to the Telnet port, or (3) a flood of large packets to the CPE, which causes the TCP/IP stack to consume large amounts of memory.
by blackangels
Matu FTP - Buffer Overflow
Buffer overflow in MatuFtpServer 1.1.3.0 (1.1.3) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PASS (password) command.
by Kanatoko
Matu FTP - Buffer Overflow
Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to execute arbitrary code via a long "220" banner.
by Kanatoko
Slrn - Buffer Overflow
Buffer overflow in slrnpull for the SLRN package, when installed setuid or setgid, allows local users to gain privileges via a long -d (SPOOLDIR) argument.
by zillion
Psychoid Psybnc - Denial of Service
psyBNC 2.3 allows remote attackers to cause a denial of service (CPU consumption and resource exhaustion) by sending a PASS command with a long password argument and quickly killing the connection, which is not properly terminated by psyBNC.
by DVDMAN
Melange Chat System - Buffer Overflow
Multiple buffer overflows in Melange Chat server 2.02 allow remote or local attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long argument in the /yell command, (2) long lines in the /etc/melange.conf configuration file, (3) long file names, or possibly other attacks.
by DVDMAN
Intellisol Xpede 4.1 - Info Disclosure
Intellisol Xpede 4.1 uses weak encryption to store authentication information in cookies, which could allow local users with access to the cookies to gain privileges.
by c3rb3r
Apache HTTP Server < 1.3.24 - OS Command Injection
Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
by SPAX
sscdd_suncourier.pl - RCE
sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remote attackers to execute arbitrary commands via shell metacharacters in the email address parameter.
by Fyodor
Dave Lawrence Xtux - Denial of Service
XTux allows remote attackers to cause a denial of service (CPU consumption) via random inputs in the initial connection.
by b0iler
Sun Cobalt RaQ XTR - Auth Bypass
MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a request to MultiFileUpload.php.
by Wouter ter Maat
Tower Toppler 0.99.1 - 'Display' Local Buffer Overflow
by Knud Erik Hojgaard
Bbshareware.com Phusion Webserver - Path Traversal
Directory traversal vulnerability in Phusion web server 1.0 allows remote attackers to read arbitrary files via a ... (triple dot dot) in the HTTP request.
by Alex Hernandez
Bbshareware.com Phusion Webserver - Path Traversal
Directory traversal vulnerability in Phusion web server 1.0 allows remote attackers to read arbitrary files via a ... (triple dot dot) in the HTTP request.
by Alex Hernandez
Bbshareware.com Phusion Webserver - Buffer Overflow
Buffer overflow in Phusion web server 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long HTTP request.
by Alex Hernandez
Ezne.net Ezboard 2000 - Buffer Overflow
Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote attackers to execute arbitrary code via a long boundary value in a multipart Content-Type header to (1) ezboard.cgi, (2) ezman.cgi, or (3) ezadmin.cgi.
by Jin Ho You
Tarantella Enterprise <3.20 - Code Injection
Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed.
by Larry Cashdollar
Citrix NFuse 1.6 - Info Disclosure
Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page.
by Ian Vitek
Cyberstop Web Server - Buffer Overflow
Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request, possibly triggering a buffer overflow.
by Alex Hernandez
Browseftp Client - Buffer Overflow
Buffer overflow in BrowseFTP 1.62 client allows remote FTP servers to execute arbitrary code via a long FTP "220" message reply.
by Kanatoko
Nortel Alteon ACEdirector WebOS 9.0 - Info Disclosure
Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (SLB) and Cookie-Based Persistence features enabled, allows remote attackers to determine the real IP address of a web server with a half-closed session, which causes ACEdirector to send packets from the server without changing the address to the virtual IP address.
by Dave Plonka
Pathways Homecare 6.5 - Info Disclosure
Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file.
by shoeboy
CVSS 7.8
By Source