Exploitdb Exploits
2,809 exploits tracked across all sources.
PHP-Nuke Advertising Module 0.9 - 'modules.php' SQL Injection
by 0x90
Kodak Image Viewer - Remote Code Execution via Crafted TIFF File
Kodak Image Viewer in Microsoft Windows 2000 SP4, and in some cases XP SP2 and Server 2003 SP1 and SP2, allows remote attackers to execute arbitrary code via crafted image files that trigger memory corruption, as demonstrated by a certain .tif (TIFF) file.
by grabarz
CUPS <1.3.4 - Remote Code Execution
Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow.
by wei_wang
IBM Lotus Domino 7.0.2FP1 - IMAP4 Server LSUB Command
by FistFuXXer
BrightStor Hierarchical Storage Manager - Remote Code Execution via CsAgent Service Command
Multiple stack-based buffer overflows in Computer Associates (CA) BrightStor Hierarchical Storage Manager (HSM) before r11.6 allow remote attackers to execute arbitrary code via unspecified CsAgent service commands with certain opcodes, related to missing validation of a length parameter.
by Nice Name Crew
IBM Lotus Domino 7.0.2 - IMAP4 LSUB Buffer Overflow
by Manuel Santamarina Suarez
Oracle Database Server - SQL Injection via Workspace Manager FINDRICSET Procedure
SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. NOTE: this is probably covered by CVE-2007-5510, but there are insufficient details to be certain.
by bunker
Oracle Database Server - SQL Injection via Workspace Manager FINDRICSET Procedure
SQL injection vulnerability in Workspace Manager for Oracle Database before OWM 10.2.0.4.1, OWM 10.1.0.8.0, and OWM 9.2.0.8.0 allows attackers to execute arbitrary SQL commands via the FINDRICSET procedure in the LT package. NOTE: this is probably covered by CVE-2007-5510, but there are insufficient details to be certain.
by bunker
Apache Jakarta Slide <= 2.1 - Authenticated Path Traversal via WebDAV Write Request
Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
by kingcope
DNS Recursion Bandwidth Amplification - Denial of Service (PoC)
by ShadowHatesYou
BBPortalS 1.5.10-2.0 - SQL Injection via tnews.php id Parameter
SQL injection vulnerability in tnews.php in BBsProcesS BBPortalS 1.5.10 through 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a tnews action.
by Max007
Apache Tomcat 4.0.0-4.0.6, 4.1.0, 5.0.0, 5.5.0-5.5.25, 6.0.0-6.0.14 Path Traversal via WebDAV
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
by h3rcul3s
Simple Machines Forum 1.1.3 - SQL Injection via Userspec Parameter
SQL injection vulnerability in Sources/Search.php in Simple Machines Forum (SMF) 1.1.3, when MySQL 5 is used, allows remote attackers to execute arbitrary SQL commands via the userspec parameter in a search2 action to index.php.
by Michael Brooks
Nortel Business Communications Manager - Unauthenticated Eavesdropping via Open Audio Stream
The Nortel UNIStim IP Softphone 2050, IP Phone 1140E, and additional Nortel products from the IP Phone, Business Communications Manager (BCM), and other product lines allow remote attackers to eavesdrop on the physical environment via an Open Audio Stream message that enables "surveillance mode." NOTE: issues relating to a small ID number space can be leveraged to make this attack easier.
by Daniel Stirnimann
GCALDaemon 1.0-beta13 - Denial of Service via Large Content-Length Header
The readRequest method in org/gcaldaemon/core/http/HTTPListener.java in GCALDaemon 1.0-beta13 allows remote attackers to cause a denial of service via a large integer value in the Content-Length HTTP header, which triggers a fatal Java OutOfMemoryError.
by ikki
Asterisk-Addons < 1.2.7 - SQL Injection via Source/Destination Numbers or SIP URI
Multiple SQL injection vulnerabilities in cdr_addon_mysql in Asterisk-Addons before 1.2.8, and 1.4.x before 1.4.4, allow remote attackers to execute arbitrary SQL commands via the (1) source and (2) destination numbers, and probably (3) SIP URI, when inserting a record.
by Humberto J. Abdelnur
eXtremail <= 2.1.1 - Remote Code Execution via IMAP Buffer Overflow
Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote attackers to (1) have an unknown impact by sending multiple long strings to the IMAP port (143/tcp); (2) execute arbitrary code via a long string in an IMAP AUTHENTICATE PLAIN action, involving the ifParseAuthPlain function; (3) execute arbitrary code via a long LOGIN command to the admin interface port (4501/tcp); or (4) execute arbitrary code via a long string in an IMAP AUTHENTICATE LOGIN (aka CRAM-MD5 authentication) action, involving the ifProcImapAuth1 function.
by mu-b
eXtremail < 2.1.1 - Remote Code Execution via POP3 USER Command Integer Overflow
Integer overflow in eXtremail 2.1.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long USER command containing "%s" sequences to the pop3 port (110/tcp), which are expanded to "%%s" before being used in the memmove function, possibly due to an incomplete fix for CVE-2001-1078.
by mu-b
eXtremail < 2.1.1 - Remote Code Execution via POP3 USER Command Integer Overflow
Integer overflow in eXtremail 2.1.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long USER command containing "%s" sequences to the pop3 port (110/tcp), which are expanded to "%%s" before being used in the memmove function, possibly due to an incomplete fix for CVE-2001-1078.
by mu-b
Apache Tomcat 4.0.0-4.0.6, 4.1.0, 5.0.0, 5.5.0-5.5.25, 6.0.0-6.0.14 Path Traversal via WebDAV
Absolute path traversal vulnerability in Apache Tomcat 4.0.0 through 4.0.6, 4.1.0, 5.0.0, 5.5.0 through 5.5.25, and 6.0.0 through 6.0.14, under certain configurations, allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag.
by eliteboy
TikiWiki 1.9.8 - 'tiki-graph_formula.php' Command Execution
by str0ke
KwsPHP Newsletter Module 1.0 - SQL Injection via Newsletter Parameter
SQL injection vulnerability in index.php in the newsletter module 1.0 for KwsPHP, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsletter parameter.
by s4mi
cpDynaLinks 1.02 - SQL Injection via Category Parameter
SQL injection vulnerability in category.php in cpDynaLinks 1.02 allows remote attackers to execute arbitrary SQL commands via the category parameter.
by ka0x
wzdftpd 0.8.0 0.8.2 - Denial of Service via Long USER Command
Off-by-one error in the do_login_loop function in libwzd-core/wzd_login.c in wzdftpd 0.8.0, 0.8.2, and possibly other versions allows remote attackers to cause a denial of service (daemon crash) via a long USER command that triggers a stack-based buffer overflow. NOTE: some of these details are obtained from third party information.
by k1tk4t
FSD 2.052 d9 and earlier - Remote Code Execution via Long HELP Command
Multiple stack-based buffer overflows in FSD 2.052 d9 and earlier, and FSFDT FSD 3.000 d9 and earlier, allow (1) remote attackers to execute arbitrary code via a long HELP command on TCP port 3010 to the sysuser::exechelp function in sysuser.cc and (2) remote authenticated users to execute arbitrary code via long commands on TCP port 6809 to the servinterface::sendmulticast function in servinterface.cc, as demonstrated by a PIcallsign command.
by weak
By Source