Exploitdb Exploits
2,809 exploits tracked across all sources.
Mountain Network Systems WebCart 8.4 - Command Injection
webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the NEXTPAGE parameter.
Oracle9iAS Web Cache 2.0.0.1 - Remote Code Execution via Long HTTP GET Request
Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request.
by andreas
AmTote International - Info Disclosure
AmTote International homebet program stores the homebet.log file in the homebet/ virtual directory, which allows remote attackers to steal account and PIN numbers.
by Gary O'Leary-Steele
AmTote International - Info Disclosure
AmTote International homebet program returns different error messages when invalid account numbers and PIN codes are provided, which allows remote attackers to determine the existence of valid account numbers via a brute force attack.
by Gary O'Leary-Steele
EFTP 2.0.7.337 - Authenticated Directory Traversal via LIST QUOTE SIZE and QUOTE MDTM Commands
Directory traversal vulnerability in EFTP 2.0.7.337 allows remote authenticated users to reveal directory contents via a .. (dot dot) in the (1) LIST, (2) QUOTE SIZE, and (3) QUOTE MDTM commands.
by byterage
Hassan Consulting Shopping Cart 1.23 - RCE
shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attackers to execute arbitrary commands via shell metacharacters in the "page" parameter.
by Alexey Sintsov
Cisco Catalyst 6000 IDS Module and Secure IDS - HTTP Attack Evasion via Unicode Encoding
Various Intrusion Detection Systems (IDS) including (1) Cisco Secure Intrusion Detection System, (2) Cisco Catalyst 6000 Intrusion Detection System Module, (3) Dragon Sensor 4.x, (4) Snort before 1.8.1, (5) ISS RealSecure Network Sensor 5.x and 6.x before XPU 3.2, and (6) ISS RealSecure Server Sensor 5.5 and 6.0 for Windows, allow remote attackers to evade detection of HTTP attacks via non-standard "%u" Unicode encoding of ASCII characters in the requested URL.
by blackangels
AOLserver 3.0 - Buffer Overflow via HTTP Authorization Header
Buffer overflow in AOLserver 3.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via an HTTP request with a long Authorization header.
by Nate Haggard
glFTPD 1.23 - Denial of Service via LIST Command with Excessive Wildcards
glFTPD 1.23 allows remote attackers to cause a denial of service (CPU consumption) via a LIST command with an argument that contains a large number of * (asterisk) characters.
by ASGUARD LABS
OmniHTTPd 2.07 - Arbitrary File Write via statsconfig.pl cgidir Parameter
statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite arbitrary files via the cgidir parameter.
by Joe Testa
phpbb < 1.4.0 - Authenticated Remote Code Execution via Invalid Language Value
prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables (1) $l_statsblock in prefs.php or (2) $l_privnotify in auth.php from being properly initialized, which can be modified by the user and later used in an eval statement.
by UnderSpell
CVSS 8.8
SimpleServer:WWW <1.13 - Path Traversal
Directory traversal vulnerability in SimpleServer:WWW 1.13 and earlier allows remote attackers to execute arbitrary programs via encoded ../ ("%2E%2E%2F%") sequences in a request to the cgi-bin/ directory, a different vulnerability than CVE-2000-0664.
by THRAN
WS_FTP Server 2.02 - Remote Code Execution via Long Arguments to Multiple FTP Commands
Buffer overflows in WS_FTP 2.02 allow remote attackers to execute arbitrary code via long arguments to (1) DELE, (2) MDTM, (3) MLST, (4) MKD, (5) RMD, (6) RNFR, (7) RNTO, (8) SIZE, (9) STAT, (10) XMKD, or (11) XRMD.
by andreas
Softek MailMarshal 4 / Trend Micro ScanMail 1.0 - SMTP Attachment Protection Bypass
by Aidan O'Kelly
Cisco IOS 12.0-12.2.1 - Denial of Service via UDP Packet Flood
Cisco routers and switches running IOS 12.0 through 12.2.1 allows a remote attacker to cause a denial of service via a flood of UDP packets.
by blackangels
SSH Secure Shell 3.0.0 - Privilege Escalation
SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field.
by hypoclear
Check Point Firewall-1 - Unauthenticated Sensitive Information Exposure
The default configuration of SecuRemote for Check Point Firewall-1 allows remote attackers to obtain sensitive configuration information for the protected network without authentication.
by Haroon Meer & Roelof Temmingh
3Com PS40 SuperStack II - Info Disclosure
The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing.
by Siberian
CVSS 9.8
Active Classifieds Free Edition 1.0 - RCE
admin.cgi in Active Classifieds Free Edition 1.0, and possibly commercial versions, allows remote attackers to modify the configuration, gain privileges, and execute arbitrary Perl code via the table_width parameter.
by Igor Dobrovitski
Cisco IOS 11.3-12.2 - Unauthenticated Command Execution via High Access Level URL
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
by blackangels
Cisco IOS 11.3-12.2 - Unauthenticated Command Execution via High Access Level URL
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
by cronos
Raptor Firewall 4.0/5.0/6.0.x - Zero Length UDP Packet Resource Consumption
by Max Moser
cfingerd <= 1.4.3 - Buffer Overflow via Long Line in .nofinger File
Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option enabled allows local users to execute arbitrary code via a long line in the .nofinger file.
by teleh0r
w3m < 0.2.1 - Remote Code Execution via Long Base64 Encoded MIME Header
Buffer overflow in w3m 0.2.1 and earlier allows a remote attacker to execute arbitrary code via a long base64 encoded MIME header.
by White_E
Index Server and Indexing Service - Remote Code Execution via Long Argument to ISAPI Extension
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.
by blackangels
By Source