Exploitdb Exploits
2,689 exploits tracked across all sources.
libxml2 < 2.7.0 - Heap-Based Buffer Overflow via Long XML Entity Name
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
by Kevin Finisterre
ElectraSoft 32bit FTP 09.04.24 - Remote Code Execution via Long PASV Reply
Stack-based buffer overflow in ElectraSoft 32bit FTP 09.04.24 allows remote FTP servers to execute arbitrary code via a long 227 reply to a PASV command.
by His0k4
Chasys Media Player 1.1 - '.cue' Local Stack Overflow
by Stack
Mediacoder 0.6.2.4275 - Universal Buffer Overflow (SEH)
by Stack
Easy Web Password 1.2 - Local Heap Memory Consumption (PoC)
by Stack
ContentKeeper Web Appliance < 125.10 - Command Execution (Metasploit)
by patrick
Oracle Database 10.1.0.5 and 10.2.0.2 - Authenticated SQL Injection via MDSYS.SDO_TOPO_DROP_FTBL Trigger
Unspecified vulnerability in the Oracle Spatial component in Oracle Database 10.1.0.5 and 10.2.0.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. NOTE: the previous information was obtained from the January 2009 CPU. Oracle has not commented on reliable researcher claims that this issue is a SQL injection vulnerability that allows remote authenticated users to gain MDSYS privileges via the MDSYS.SDO_TOPO_DROP_FTBL trigger.
by sh2kerr
OpenHelpDesk 1.0.100 - 'eval()' Code Execution (Metasploit)
by LSO
Sun Java Calendar Deserialization Privilege Escalation
The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects".
by sf
GE Proficy Real Time Information Portal - Credentials Leak Sniffer (Metasploit)
by Kevin Finisterre
GE Fanuc Proficy Real-Time Information Portal < 2.6 - Remote Code Execution via Unrestricted File Upload
Unrestricted file upload vulnerability in GE Fanuc Proficy Real-Time Information Portal 2.6 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension to the main virtual directory.
by Kevin Finisterre
PumpKIN TFTP Server 2.7.2.0 - Denial of Service via Long Mode Field
PumpKIN TFTP Server 2.7.2.0 allows remote attackers to cause a denial of service via a write request with a long mode field.
by Saint Patrick
Opera - Stored Cross-Site Scripting via History Search Database
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat).
by egypt
Sun Solaris 8 and 9 - Stack-Based Buffer Overflow in adm_build_path Function
Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request.
by Adriano Lima
CUPS <1.3.9 - Remote Code Execution
The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.
by regenrecht
ICONICS OPC Enabled Gauge - Buffer Overflow
Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control (DlgWrapper.dll) before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long (1) FileName or (2) Filter argument.
by Kevin Finisterre
WonderWare SuiteLink <2.0 Patch 01 - DoS
The SuiteLink Service (aka slssvc.exe) in WonderWare SuiteLink before 2.0 Patch 01, as used in WonderWare InTouch 8.0, allows remote attackers to cause a denial of service (NULL pointer dereference and service shutdown) and possibly execute arbitrary code via a large length value in a Registration packet to TCP port 5413, which causes a memory allocation failure.
by belay tows
Microsoft Windows - Denial of Service via SMB WRITE_ANDX Packet Buffer Size Validation
srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of service (system crash) or possibly have unspecified other impact via an SMB WRITE_ANDX packet with an offset that is inconsistent with the packet size, related to "insufficiently validating the buffer size," as demonstrated by a request to the \PIPE\lsarpc named pipe, aka "SMB Validation Denial of Service Vulnerability."
by Javier Vicente Vallejo
Citect CitectSCADA 6-7 and CitectFacilities 7 - Remote Code Execution via ODBC Server Service
Stack-based buffer overflow in the ODBC server service in Citect CitectSCADA 6 and 7, and CitectFacilities 7, allows remote attackers to execute arbitrary code via a long string in the second application packet in a TCP session on port 20222.
by Kevin Finisterre
Ruby 1.8.6-1.8.6-p287, 1.8.7-1.8.7-p72, 1.9 - Denial of Service via XML Entity Expansion
The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an "XML entity explosion."
by Luka Treiber
Ruby < 1.8.5 and 1.8.6-1.8.6-p286 and 1.8.7-1.8.7-p71 and 1.9-r18423 - Safe Level Bypass via DL.dlopen
The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.
by Keita Yamaguchi
Ruby < 1.8.5 - Unauthenticated Access Restriction Bypass via Critical Variable and Method Access
Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.
by Keita Yamaguchi
Ruby 1.8.1 and 1.8.5 - Denial of Service via Crafted HTTP Request
httputils.rb in WEBrick in Ruby 1.8.1 and 1.8.5, as used in Red Hat Enterprise Linux 4 and 5, allows remote attackers to cause a denial of service (CPU consumption) via a crafted HTTP request. NOTE: this issue exists because of an incomplete fix for CVE-2008-3656.
by Keita Yamaguchi
By Source