Exploitdb Exploits

4,759 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101020 EXPLOITDB python VERIFIED
Hewlett-Packard (HP) FTP Print Server 2.4.5 - Buffer Overflow (PoC)
by Joxean Koret
CVE-2006-6643 EXPLOITDB python VERIFIED
Fightersoft Multimedia Star FTP <1.10 - DoS
Fightersoft Multimedia Star FTP server 1.10 allows remote attackers to cause a denial of service (crash) via multiple RETR commands with long arguments.
by Necro
EIP-2026-102627 EXPLOITDB python VERIFIED
Kerio MailServer 6.2.2 - Remote Denial of Service (PoC)
by Evgeny Legerov
CVE-2006-6558 EXPLOITDB python VERIFIED
Crob FTP Server 3.6.1 - DoS
Crob FTP Server 3.6.1 b.263 allows remote attackers to cause a denial of service via a long series of "?A" sequences in the (1) LIST and possibly (2) NLST command.
by shinnai
CVE-2006-6563 EXPLOITDB python VERIFIED
ProFTPD <1.3.1rc1 - Buffer Overflow
Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.
by Core Security
CVE-2006-3441 EXPLOITDB python VERIFIED
Microsoft Windows <2000 SP4 XP SP1-SP2 Server 2003 SP1 - RCE
Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.
by Winny Thomas
CVE-2006-6526 EXPLOITDB python VERIFIED
Gizzar <03162002 - RCE
PHP remote file inclusion vulnerability in index.php in Gizzar 03162002 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter.
by DeltahackingTEAM
CVE-2006-6551 EXPLOITDB python VERIFIED
Tucows CCS <1.2.1015 - RCE
PHP remote file inclusion vulnerability in libs/tucows/api/cartridges/crt_TUCOWS_domains/lib/domainutils.inc.php in Tucows Client Code Suite (CCS) 1.2.1015 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _ENV[TCA_HOME] parameter.
by 3l3ctric-Cracker
CVE-2006-6293 EXPLOITDB python VERIFIED
F-Prot Antivirus <4.6.7 - Buffer Overflow
Heap-based buffer overflow in FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remote attackers to execute arbitrary code via a crafted CHM file. NOTE: this issue has at least a partial overlap with CVE-2006-6294.
by Evgeny Legerov
CVE-2006-6352 EXPLOITDB python VERIFIED
FRISK Software F-Prot Antivirus <4.6.7 - DoS
FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remote attackers to cause a denial of service (infinite loop) via a crafted ACE file. NOTE: this issue has at least a partial overlap with CVE-2006-6294.
by Evgeny Legerov
CVE-2006-6368 EXPLOITDB python VERIFIED
awrate 1.0 - RCE
PHP remote file inclusion vulnerability in login.php.inc in awrate 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to search.php.
by DeltahackingTEAM
CVE-2006-6296 EXPLOITDB python VERIFIED
Microsoft Print Spooler - DoS
The RpcGetPrinterData function in the Print Spooler (spoolsv.exe) service in Microsoft Windows 2000 SP4 and earlier, and possibly Windows XP SP1 and earlier, allows remote attackers to cause a denial of service (memory consumption) via an RPC request that specifies a large 'offered' value (output buffer size), a variant of CVE-2005-3644.
by h07
EIP-2026-114941 EXPLOITDB python VERIFIED
AT-TFTP 1.9 - 'Filename' Remote Buffer Overflow (PoC)
by Liu Qixu
CVE-2006-6183 EXPLOITDB python VERIFIED
3com 3ctftpsvc < 2.0.1 - Memory Corruption
Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long mode field (aka transporting mode) in a (1) GET or (2) PUT command.
by Liu Qixu
CVE-2006-6086 EXPLOITDB python VERIFIED
E-ark - Code Injection
PHP remote file inclusion vulnerability in src/ark_inc.php in e-Ark 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_pear_path parameter.
by DeltahackingTEAM
CVE-2006-4691 EXPLOITDB python VERIFIED
Microsoft Windows <XP - Buffer Overflow
Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
by Winny Thomas
EIP-2026-115516 EXPLOITDB python VERIFIED
Kerio MailServer 5.x/6.x - Remote LDAP Denial of Service
by Evgeny Legerov
CVE-2006-5889 EXPLOITDB python VERIFIED
Brewblogger - SQL Injection
SQL injection vulnerability in printLog.php in BrewBlogger (BB) 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Craig Heffner
CVE-2006-5826 EXPLOITDB python VERIFIED
Texas Imperial Software Wftpd - Buffer Overflow
Buffer overflow in Texas Imperial Software WFTPD Pro Server 3.23.1.1 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via crafted APPE commands that contain "/" (slash) or "\" (backslash) characters.
by Joxean Koret
CVE-2006-5789 EXPLOITDB python VERIFIED
Jgaa Warftpd - Resource Management Error
War FTP Daemon (WarFTPd) 1.82.00-RC11 allows remote authenticated users to cause a denial of service via a large number of "%s" format strings in (1) CWD, (2) CDUP, (3) DELE, (4) NLST, (5) LIST, (6) SIZE, and possibly other commands. NOTE: it is possible that vector 1 is an off-by-one variant or incomplete fix of CVE-2005-0312.
by Joxean Koret
CVE-2006-5627 EXPLOITDB python VERIFIED
QnECMS <2.5.6 - RCE
Multiple PHP remote file inclusion vulnerabilities in QnECMS 2.5.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the adminfolderpath parameter to (1) headerscripts.php, (2) footerhome.php, and (3) footermain.php in admin/include/; (4) photogallery/headerscripts.php; and (5) footerhome.php, (6) footermain.php, (7) headermain.php, (8) sitemapfooter.php, and (9) sitemapheader.php in templates/.
by K-159
CVE-2006-5614 EXPLOITDB python VERIFIED
Microsoft Windows NT Helper Components - Denial of Service
Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference.
by h07
CVE-2006-5518 EXPLOITDB python VERIFIED
RSSonate - RCE
Multiple PHP remote file inclusion vulnerabilities in Christopher Fowler (Rhode Island) RSSonate allow remote attackers to execute arbitrary PHP code via a URL in the PROJECT_ROOT parameter to (1) xml2rss.php, (2) config_local.php, (3) rssonate.php, and (4) sql2xml.php in Src/getFeed/inc/.
by Kw3[R]Ln
CVE-2006-5480 EXPLOITDB python VERIFIED
Castor Php Web Builder - Code Injection
PHP remote file inclusion vulnerability in lib/rs.php in 2le.net Castor PHP Web Builder 1.1.1 allows remote attackers to execute arbitrary PHP code via the rootpath parameter.
by Kw3[R]Ln
EIP-2026-118336 EXPLOITDB python VERIFIED
BulletProof FTP Client 2.45 - Remote Buffer Overflow
by h07
By Source
All 4,759 Writeup 54,687 Exploitdb 50,186 Nomisec 21,443 Metasploit 3,228 Github 2,587 Vulncheck_xdb 904 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,364 ruby 5,960 python 5,949 c 3,580 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 55 postscript 25 xml 24