Exploitdb Exploits

2,689 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-104586 EXPLOITDB ruby VERIFIED
Apple Mac OSX 10.4.8 - System Preferences Privilege Escalation
by MoAB
EIP-2026-104537 EXPLOITDB ruby VERIFIED
Novell NetWare 6.5 SP2-SP7 - LSASS CIFS.NLM Overflow (Metasploit)
by toto
CVE-2007-0019 EXPLOITDB ruby VERIFIED
Rumpus FTP Server < 5.1 - Authenticated Remote Code Execution via Long LIST Command
Multiple heap-based buffer overflows in rumpusd in Rumpus 5.1 and earlier (1) allow remote authenticated users to execute arbitrary code via a long LIST command and other unspecified requests to the FTP service, and (2) allow remote attackers to execute arbitrary code via unspecified requests to the HTTP service.
by MoAB
CVE-2007-0355 EXPLOITDB ruby VERIFIED
Apple Minimal SLP Service Agent - Buffer Overflow via Invalid Attr-List Field
Buffer overflow in the Apple Minimal SLP v2 Service Agent (slpd) in Mac OS X 10.4.11 and earlier, including 10.4.8, allows local users, and possibly remote attackers, to gain privileges and possibly execute arbitrary code via a registration request with an invalid attr-list field.
by MoAB
CVE-2007-0344 EXPLOITDB ruby VERIFIED
Colloquy < 2.1 - Remote Code Execution via Format String in INVITE Channel Name
Multiple format string vulnerabilities in (1) _invitedToRoom: and (2) _invitedToDirectChat: in Colloquy 2.1 and earlier allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the channel name of an INVITE request, related to the implementation of AlertSheet and AlertPanel in Apple AppKit.
by MoAB
CVE-2007-0197 EXPLOITDB ruby VERIFIED
Finder 10.4.6 on Mac OS X 10.4.8 - DoS and RCE via Long Volume Name in DMG
Finder 10.4.6 on Apple Mac OS X 10.4.8 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long volume name in a DMG disk image, which results in memory corruption.
by MoAB
CVE-2007-0162 EXPLOITDB ruby VERIFIED
Unsanity APE 2.0.2 - Privilege Escalation
Unsanity Application Enhancer (APE) 2.0.2 installs with insecure permissions for the (1) ApplicationEnhancer binary and the (2) /Library/Frameworks/ApplicationEnhancer.framework directory, which allows local users to gain privileges by modifying or replacing the binary or library files.
by MoAB
CVE-2007-0117 EXPLOITDB ruby VERIFIED
DiskManagementTool 92.29 - Privilege Escalation
DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.
by MoAB
CVE-2007-0117 EXPLOITDB ruby VERIFIED
DiskManagementTool 92.29 - Privilege Escalation
DiskManagementTool in the DiskManagement.framework 92.29 on Mac OS X 10.4.8 does not properly validate Bill of Materials (BOM) files, which allows attackers to gain privileges via a BOM file under /Library/Receipts/, which triggers arbitrary file permission changes upon execution of a diskutil permission repair operation.
by MoAB
CVE-2007-0051 EXPLOITDB ruby VERIFIED
Apple iPhoto < 6.0.6 - Remote Code Execution via Crafted Photocast RSS Feed Title
Format string vulnerability in Apple iPhoto 6.0.5 (316), and other versions before 6.0.6, allows remote user-assisted attackers to execute arbitrary code via a crafted photocast with format string specifiers in the title of an RSS iPhoto feed.
by MoAB
CVE-2007-0059 EXPLOITDB ruby VERIFIED
Apple QuickTime 3-7.1.3 - Remote Code Execution via HREFTrack Local URI
Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.
by MoAB
CVE-2007-0015 EXPLOITDB ruby VERIFIED
Apple QuickTime 7.1.3 - Remote Code Execution via Long RTSP URI
Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI.
by MoAB
CVE-2006-6332 EXPLOITDB ruby VERIFIED
MadWifi - Stack-Based Buffer Overflow in IEEE80211 Wireless Component
Stack-based buffer overflow in net80211/ieee80211_wireless.c in MadWifi before 0.9.2.1 allows remote attackers to execute arbitrary code via unspecified vectors, related to the encode_ie and giwscan_cb functions.
by Julien Tinnes
CVE-2006-6251 EXPLOITDB ruby VERIFIED
VUPlayer < 2.44 - Remote Code Execution via Long M3U File String
Stack-based buffer overflow in VUPlayer 2.44 and earlier allows remote attackers to execute arbitrary code via a long string in an M3U file, aka an "M3U UNC Name" attack.
by Greg Linares
CVE-2006-6183 EXPLOITDB ruby VERIFIED
3Com 3CTftpSvc < 2.0.1 - Stack-Based Buffer Overflow via Long Mode Field in GET or PUT Command
Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long mode field (aka transporting mode) in a (1) GET or (2) PUT command.
by cthulhu
CVE-2006-6125 EXPLOITDB ruby VERIFIED
NetGear WG311v1 - Heap-Based Buffer Overflow via 802.11 Management Frame with Long SSID
Heap-based buffer overflow in the wireless driver (WG311ND5.SYS) 2.3.1.10 for NetGear WG311v1 wireless adapter allows remote attackers to execute arbitrary code via an 802.11 management frame with a long SSID.
by Laurent Butti
CVE-2006-6059 EXPLOITDB ruby VERIFIED
NetGear MA521 Driver < 5.148.724.2003 - Buffer Overflow via Long Supported Rates Information Element
Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear MA521 PCMCIA adapter allows remote attackers to execute arbitrary code via (1) beacon or (2) probe 802.11 frame responses with an long supported rates information element. NOTE: this issue was reported as a "memory corruption" error, but the associated exploit code suggests that it is a buffer overflow.
by Laurent Butti
CVE-2006-6055 EXPLOITDB ruby VERIFIED
D-Link DWL-G132 A5AGU.SYS 1.0.1.41 - Stack-Based Buffer Overflow via 802.11 Beacon Rates IE
Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 wireless adapter allows remote attackers to execute arbitrary code via a 802.11 beacon request with a long Rates information element (IE).
by H D Moore
CVE-2006-5882 EXPLOITDB ruby VERIFIED
Linksys WPC300N Wireless-N Notebook Adapter Driver - Stack-Based Buffer Overflow via Long SSID in 802.11 Response Frame
Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver 3.50.21.10, as used in Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products, allows remote attackers to execute arbitrary code via an 802.11 response frame containing a long SSID field.
by H D Moore
CVE-2006-5650 EXPLOITDB ruby VERIFIED
ICQ 5.1 - Remote Code Execution via ICQPhone.SipxPhoneManager ActiveX DownloadAgent Function
The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar.
by Peter Vreugdenhil
CVE-2006-5710 EXPLOITDB ruby VERIFIED
macOS 10.4.8 - Remote Code Execution via Malformed 802.11 Probe Response Frame
The Airport driver for certain Orinoco based Airport cards in Darwin kernel 8.8.0 in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via an 802.11 probe response frame without any valid information element (IE) fields after the header, which triggers a heap-based buffer overflow.
by H D Moore
CVE-2006-5478 EXPLOITDB ruby VERIFIED
Novell eDirectory 8.x-8.8.x - Remote Code Execution via Long HTTP Host Header or Dot in Username
Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . (dot) character in the (2) SMTP, (3) POP, (4) IMAP, (5) HTTP, or (6) Networked Messaging Application Protocol (NMAP) Netmail services.
by MC
CVE-2006-3730 EXPLOITDB HIGH ruby VERIFIED
Microsoft IE - Code Injection
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.
by H D Moore
CVSS 8.8
CVE-2006-4965 EXPLOITDB ruby VERIFIED
Apple QuickTime 7.1.3 - Remote Code Execution via QuickTime Media Link File
Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer.
by LMH
CVE-2006-3677 EXPLOITDB ruby VERIFIED
Mozilla Firefox <1.5.0.5 & SeaMonkey <1.0.3 - RCE
Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.
by H D Moore
By Source
All 2,689 Writeup 62,482 Exploitdb 50,076 Nomisec 22,450 Github 3,674 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,597 ruby 6,006 c 3,631 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 133 go 73 postscript 25 typescript 25