Exploitdb Exploits

4,762 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-6393 EXPLOITDB python VERIFIED
Psi < 0.12 - Numeric Error
PSI Jabber client before 0.12.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file transfer request with a negative value in a SOCKS5 option, which bypasses a signed integer check and triggers an integer overflow and a heap-based buffer overflow.
by Sha0
CVE-2008-5735 EXPLOITDB python VERIFIED
CoolPlayer <2.19 - Buffer Overflow
Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19 allows remote attackers to execute arbitrary code via a large PlaylistSkin value in a skin file.
by Encrypt3d.M!nd
CVE-2008-5739 EXPLOITDB python VERIFIED
Pligg CMS 9.9.5 Beta - SQL Injection
SQL injection vulnerability in evb/check_url.php in Pligg CMS 9.9.5 Beta allows remote attackers to execute arbitrary SQL commands via the url parameter.
by Ams
CVE-2008-2382 EXPLOITDB python VERIFIED
Kvm < 0.9.1 - Resource Management Error
The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message.
by Alfredo Ortega
CVE-2008-5664 EXPLOITDB python VERIFIED
Realtek Media Player <1.15.0.0 - Buffer Overflow
Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound Manager, RtlRack, or rtlrack.exe) 1.15.0.0 allows remote attackers to execute arbitrary code via a crafted playlist (PLA) file.
by shinnai
CVE-2008-5895 EXPLOITDB python VERIFIED
Mediatheka <4.2 - SQL Injection
SQL injection vulnerability in connection.php in Mediatheka 4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter.
by StAkeR
EIP-2026-113339 EXPLOITDB python VERIFIED
WebPhotoPro - Multiple SQL Injections
by baltazar
EIP-2026-115947 EXPLOITDB python VERIFIED
Nokia N70 and N73 - Malformed OBEX Name Header Remote Denial of Service
by NCNIPC
CVE-2008-6497 EXPLOITDB python VERIFIED
TP Neostrada Livebox Adsl Router - Improper Input Validation
The Neostrada Livebox ADSL Router allows remote attackers to cause a denial of service (network outage) via multiple HTTP requests for the /- URI.
by 0in
CVE-2008-6363 EXPLOITDB python VERIFIED
Capilano Designworks - Memory Corruption
Stack-based buffer overflow in DesignWorks Professional 4.3.1 and 5.0.7 allows remote attackers to execute arbitrary code via a crafted .cct file. NOTE: some of these details are obtained from third party information.
by Cnaph
CVE-2008-5405 EXPLOITDB python VERIFIED
Cain & Abel <4.9.24 - Buffer Overflow
Stack-based buffer overflow in the RDP protocol password decoder in Cain & Abel 4.9.23 and 4.9.24, and possibly earlier, allows remote attackers to execute arbitrary code via an RDP file containing a long string.
by Encrypt3d.M!nd
CVE-2008-5383 EXPLOITDB python VERIFIED
National Instruments Electronics Workbench - Buffer Overflow
Stack-based buffer overflow in National Instruments Electronics Workbench allows user-assisted attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .ewb file.
by Zigma
CVE-2008-5405 EXPLOITDB python VERIFIED
Cain & Abel <4.9.24 - Buffer Overflow
Stack-based buffer overflow in the RDP protocol password decoder in Cain & Abel 4.9.23 and 4.9.24, and possibly earlier, allows remote attackers to execute arbitrary code via an RDP file containing a long string.
by Encrypt3d.M!nd
CVE-2008-4250 EXPLOITDB python VERIFIED
Microsoft Windows 2000 - Code Injection
The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as exploited in the wild by Gimmiv.A in October 2008, aka "Server Service Vulnerability."
by Debasis Mohanty
CVE-2008-5112 EXPLOITDB python VERIFIED
Microsoft Windows - Information Disclosure
The LDAP server in Active Directory in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 responds differently to a failed bind attempt depending on whether the user account exists and is permitted to login, which allows remote attackers to enumerate valid usernames via a series of LDAP bind requests, as demonstrated by ldapuserenum.
by Bernardo Damele
CVE-2008-5132 EXPLOITDB python VERIFIED
Memht Portal - SQL Injection
SQL injection vulnerability in inc/ajax/ajax_rating.php in MemHT Portal 4.0.1 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header.
by Ams
CVE-2008-5177 EXPLOITDB python VERIFIED
Yosemite Backup 8.7 - Buffer Overflow
Stack-based buffer overflow in the DtbClsLogin function in Yosemite Backup 8.7 allows remote attackers to (1) execute arbitrary code on a Linux platform, related to libytlindtb.so; or (2) cause a denial of service (application crash) and possibly execute arbitrary code on a Windows platform, related to ytwindtb.dll; via a long username field during authentication.
by Abdul-Aziz Hariri
CVE-2008-4864 EXPLOITDB python VERIFIED
Python < 2.4.6 - Integer Overflow
Multiple integer overflows in imageop.c in the imageop module in Python 1.5.2 through 2.5.1 allow context-dependent attackers to break out of the Python VM and execute arbitrary code via large integer values in certain arguments to the crop function, leading to a buffer overflow, a different vulnerability than CVE-2007-4965 and CVE-2008-1679.
by Chris Evans
CVE-2008-4627 EXPLOITDB python VERIFIED
Rgallery Plugin - SQL Injection
SQL injection vulnerability in the rGallery plugin 1.09 for WoltLab Burning Board (WBB) allows remote attackers to execute arbitrary SQL commands via the itemID parameter in the RGalleryImageWrapper page in index.php.
by Five-Three-Nine
CVE-2008-6082 EXPLOITDB python VERIFIED
Titan FTP Server 6.26 - DoS
Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command.
by dmnt
CVE-2008-5626 EXPLOITDB python VERIFIED
XM Easy Personal FTP Server 5.6.0 - DoS
XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to cause a denial of service via a crafted argument to the NLST command, as demonstrated by a -1 argument.
by shinnai
CVE-2008-6186 EXPLOITDB python VERIFIED
Raidenftpd - Memory Corruption
Stack-based buffer overflow in RaidenFTPD 2.4 build 3620 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via long (1) CWD and (2) MLST commands.
by dmnt
CVE-2008-4572 EXPLOITDB python VERIFIED
Guildftpd - Memory Corruption
GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the CWD and LIST commands, which triggers heap corruption related to an improper free call, and possibly triggering a heap-based buffer overflow.
by dmnt
CVE-2008-6185 EXPLOITDB python VERIFIED
Noticeware Email Server NG - Improper Input Validation
NoticeWare Email Server NG 5.1.2.2 allows remote attackers to cause a denial of service (crash) via multiple POP3 requests with a long PASS command.
by rAWjAW
CVE-2008-5666 EXPLOITDB python VERIFIED
WinFTP FTP Server 2.3.0 - DoS
WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows remote authenticated users to cause a denial of service via a sequence of FTP sessions that include an invalid "NLST -1" command.
by dmnt
By Source
All 4,762 Writeup 54,084 Exploitdb 50,193 Nomisec 21,443 Metasploit 3,228 Github 2,587 Vulncheck_xdb 904 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,368 ruby 5,960 python 5,952 c 3,580 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 55 postscript 25 xml 24