Exploitdb Exploits
2,809 exploits tracked across all sources.
Tftpd32 2.81 - Denial of Service via Format String in GET or SEND Request
Format string vulnerability in Tftpd32 2.81 allows remote attackers to cause a denial of service via format string specifiers in a filename in a (1) GET or (2) SEND request.
by Critical Security
Symantec pcAnywhere 11.0.1 and 11.5.1 - Buffer Overflow
Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other 32-bit versions allows remote attackers to cause a denial of service (application crash) via unknown attack vectors.
by David Maciejak
farmers_wife 4.4 SP1 - Directory Traversal and Arbitrary File Write via FTP PUT/SIZE Commands
Directory traversal vulnerability in the FTP server (port 22003/tcp) in Farmers WIFE 4.4 SP1 allows remote attackers to create arbitrary files via ".." (dot dot) sequences in a (1) PUT, (2) SIZE, and possibly other commands.
by kokanin
Mini-Nuke CMS System < 1.8.2 - SQL Injection via news.asp hid Parameter
SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter.
by DetMyl
Microsoft Visual Studio .NET - Remote Code Execution via Malicious Project File
By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file.
by anonymous
eStara Softphone 3.0.1.14-3.0.1.46 - Remote Code Execution via Long SDP Attribute Field
Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows remote attackers to execute arbitrary code via a long attribute (aka "a") field in the SDP data of a SIP packet on UDP port 5060.
by kokanin
Cisco IP Phone 7940 - Denial of Service via TCP SYN Flood
The Cisco IP Phone 7940 allows remote attackers to cause a denial of service (reboot) via a large amount of TCP SYN packets (syn flood) to arbitrary ports, as demonstrated to port 80.
by kokanin
Reamday Enterprises Magic News Plus <1.0.3 - RCE
settings.php in Reamday Enterprises Magic News Plus 1.0.3 allows remote attackers to change the administrator password via a change action that specifies identical values for the passwd and admin_password parameters, then declares the new password string in the new_passwd and confirm_passwd parameters.
by cijfer
sudo < 1.6.8p12 - Local Perl Library Path Injection via Uncleared Environment Variables
Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included by the script.
by Breno Silva Pinto
BlueCoat WinProxy < 6.1a and ProxyAV < 2.4.2.3 - Remote Code Execution via Long Host Header
Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web console access functionality in ProxyAV before 2.4.2.3 allows remote attackers to execute arbitrary code via a long Host: header.
by FistFuXXer
Blue Coat Systems Inc. WinProxy <6.1a - DoS
The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) via a long HTTP request that causes an out-of-bounds read.
by FistFuXXer
FlatCMS 1.01 - 'file_editor.php' Remote Command Execution
by cijfer
Valdersoft Shopping Cart 3.0 - Remote File Inclusion via catalogDocumentRoot Parameter
PHP remote file include vulnerability in (1) include/templates/categories/default.php and (2) certain other include/templates/categories/ PHP scripts in Valdersoft Shopping Cart 3.0 allows remote attackers to execute arbitrary code via a URL in the catalogDocumentRoot parameter.
by cijfer
CuteNews 1.4.1 - 'categories.mdu' Remote Command Execution
by cijfer
aMSN - Denial of Service via Crafted File-Transfer Data
aMSN (aka Alvaro's Messenger) allows remote attackers to cause a denial of service (client hang and termination of client's instant-messaging session) by repeatedly sending crafted data to the default file-transfer port (TCP 6891).
by Braulio Miguel Suarez Urquijo
CubeCart - Remote Code Execution via glob[rootDir] Parameter
PHP remote file include vulnerability in includes/orderSuccess.inc.php in CubeCart allows remote attackers to execute arbitrary PHP code via a URL in the glob[rootDir] parameter.
by cijfer
PHP-Fusion <6.00.300 - SQL Injection
SQL injection vulnerability in PHP-Fusion 6.00.200 through 6.00.300 allows remote attackers to execute arbitrary SQL commands via the ratings parameter in multiple scripts, such as ratings_include.php.
by krasza
Interaction SIP Proxy <3.0.011 - Buffer Overflow
Heap-based buffer overflow in the SIPParser function in i3sipmsg.dll in Interaction SIP Proxy before 3.0.011 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a REGISTER request with a SPI version number that contains a large number of space or tab characters.
by Behrang Fouladi
Microsoft Internet Information Services 5.1 - Remote Code Execution via DLL URL Parser
The URL parser in Microsoft Internet Information Services (IIS) 5.1 on Windows XP Professional SP2 allows remote attackers to execute arbitrary code via multiple requests to ".dll" followed by arguments such as "~0" through "~9", which causes ntdll.dll to produce a return value that is not correctly handled by IIS, as demonstrated using "/_vti_bin/.dll/*/~0". NOTE: the consequence was originally believed to be only a denial of service (application crash and reboot).
by kokanin
Mercury Mail Transport System <4.01b - RCE
Buffer overflow in Mercury Mail Transport System 4.01b allows remote attackers to execute arbitrary code via a long request to TCP port 105.
by kingcope
Watchfire AppScan QA 5.0.609 and 5.0.134 - Remote Code Execution via Long Realm Field in WWW-Authenticate Header
Buffer overflow in Watchfire AppScan QA 5.0.609 and 5.0.134 allows remote web servers to execute arbitrary code via an HTTP 401 response with a WWW-Authenticate header containing a long Realm field.
by Mariano Nuñez
AppServ Open Project 2.5.3 - Denial of Service via Large HTTP Request
AppServ Open Project 2.5.3 allows remote attackers to cause a denial of service via a large HTTP request.
by Rozor
Horde IMP <= 4.0.4 - Cross-Site Scripting via UTF16 Null Character Handling
Horde IMP 4.0.4 and earlier does not sanitize strings containing UTF16 null characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF16 encoded attachments and strings that will be executed when viewed using Internet Explorer, which ignores the characters.
by SEC Consult
sobexsrv < 1.0.0_pre3 - Remote Code Execution via Format String in OBEX File Name
Format string vulnerability in the dosyslog function in the OBEX server (obexsrv.c) for Sobexsrv before 1.0.0-pre4, when the syslog (-S) function is enabled, allows remote attackers to execute arbitrary code via format string specifiers in file name arguments to OBEX commands.
by Kevin Finisterre
By Source