Ruby Exploits
6,003 exploits tracked across all sources.
Microsoft Exchange Server - Remote Code Execution via Crafted vCal or iCal Calendar Properties
Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.
by pusscat
Microsoft Windows <2000 SP4 XP SP2-SP3 Server 2003 SP2 - RCE
win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType (EOT) font, aka "Win32k EOT Parsing Vulnerability."
Sysax Multi-Server 6.10 - Denial of Service via Malformed SSH Key Exchange Packet
A denial-of-service vulnerability exists in Sysax Multi-Server version 6.10 via its SSH daemon. A specially crafted SSH key exchange packet can trigger a crash in the service, resulting in loss of availability. The flaw is triggered during the handling of malformed key exchange data, including a non-standard byte (\x28) in place of the expected SSH protocol delimiter.
CVSS 7.5
XM Easy Personal FTP Server 5.6.0 - DoS
XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to cause a denial of service via a crafted argument to the NLST command, as demonstrated by a -1 argument.
FileZilla Server < 0.9.22 - Denial of Service via Wildcard LIST/NLST Command
FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to the (1) LIST or (2) NLST commands, which results in a NULL pointer dereference, a different set of vectors than CVE-2006-6564. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command.
by aushack
FileZilla Server Terminal 0.9.4d - Denial of Service via Long USER FTP Command
Buffer overflow in FileZilla Server Terminal 0.9.4d may allow remote attackers to cause a denial of service (terminal crash) via a long USER ftp command.
by aushack
Titan FTP Server 6.26 build 630 - Denial of Service via SITE WHO Command
Titan FTP Server 6.26 build 630 allows remote attackers to cause a denial of service (CPU consumption) via the SITE WHO command.
Microsoft Internet Information Services 5.0-7.0 - Authenticated Denial of Service via FTP List Command
Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability."
by Kingcope, Myo Soe
WinFTP FTP Server 2.3.0 - Authenticated Denial of Service via Invalid NLST Command
WinFTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows remote authenticated users to cause a denial of service via a sequence of FTP sessions that include an invalid "NLST -1" command.
VicFTPS 5.0 - Denial of Service via Malformed LIST Command
VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a LIST command that starts with a "/\/" (forward slash, backward slash, forward slash). NOTE: this might be the same issue as CVE-2008-2031.
XM Easy Personal FTP Server 5.6.0 - DoS
XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to cause a denial of service via a crafted argument to the NLST command, as demonstrated by a -1 argument.
Microsoft Internet Information Services FTP Service 7.0-7.5 - Remote Code Execution via Crafted FTP Command
Heap-based buffer overflow in the TELNET_STREAM_CONTEXT::OnSendData function in ftpsvc.dll in Microsoft FTP Service 7.0 and 7.5 for Internet Information Services (IIS) 7.0, and IIS 7.5, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted FTP command, aka "IIS FTP Service Heap Buffer Overrun Vulnerability." NOTE: some of these details are obtained from third party information.
by Matthew Bergin, jduck
Solar FTP Server < 2.1.1 - Denial of Service via USER Command Format String
Solar FTP Server fails to properly handle format strings passed to the USER command. When a specially crafted string containing format specifiers is sent, the server crashes due to a read access violation in the __output_1() function of sfsservice.exe. This results in a denial of service (DoS) condition.
GuildFTPd 0.999.14 - Denial of Service and Possible Remote Code Execution via Long CWD and LIST Arguments
GuildFTPd 0.999.14, and possibly other versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the CWD and LIST commands, which triggers heap corruption related to an improper free call, and possibly triggering a heap-based buffer overflow.
Solaris 7-10 - Unauthenticated Directory Traversal and Arbitrary File Deletion via LPD Unlink Command
Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".." sequences in an "Unlink data file" command.
by hdm
FreeBSD 6.0 - Denial of Service via NFS Mount Request
nfsd in FreeBSD 6.0 kernel allows remote attackers to cause a denial of service via a crafted NFS mount request, as demonstrated by the ProtoVer NFS test suite.
by MC
avahi < 0.6.24 - Denial of Service via mDNS Packet with Source Port 0
The originates_from_local_legacy_unicast_socket function (avahi-core/server.c) in avahi-daemon in Avahi before 0.6.24 allows remote attackers to cause a denial of service (crash) via a crafted mDNS packet with a source port of 0, which triggers an assertion failure.
Android 4.0.3 - Denial of Service via Crafted Market URI in IFRAME
The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element.
by Jean Pascal Pereira, Jonathan Waggoner
ntp < 4.2.4p8 and 4.2.5 - Denial of Service via MODE_PRIVATE Packet Spoofing
ntp_request.c in ntpd in NTP before 4.2.4p8, and 4.2.5, allows remote attackers to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons.
by todb
miniupnpd < 1.4 - Denial of Service via Crafted SSDP Request
The ProcessSSDPRequest function in minissdp.c in the SSDP handler in MiniUPnP MiniUPnPd before 1.4 allows remote attackers to cause a denial of service (service crash) via a crafted request that triggers a buffer over-read.
by hdm, Dejan Lukan
HP Data Protector Manager 6.11 - Denial of Service via Large Data Packet to RDS Service
The RDS service (rds.exe) in HP Data Protector Manager 6.11 allows remote attackers to cause a denial of service (crash) via a packet with a large data size to TCP port 1530.
IBM Tivoli Storage Manager FastBack < 6.1.12 - Stack-Based Buffer Overflow
Stack-based buffer overflow in the server in IBM Tivoli Storage Manager FastBack 6.1 before 6.1.12 allows remote attackers to cause a denial of service (daemon crash) via unspecified vectors, a different vulnerability than CVE-2015-1924, CVE-2015-1925, CVE-2015-1929, CVE-2015-1948, CVE-2015-1953, CVE-2015-1954, CVE-2015-1962, CVE-2015-1963, CVE-2015-1964, and CVE-2015-1965.
by Gianni Gnesa
memcached < 1.4.5 - Denial of Service via Integer Signedness Error
Multiple integer signedness errors in the (1) process_bin_sasl_auth, (2) process_bin_complete_sasl_auth, (3) process_bin_update, and (4) process_bin_append_prepend functions in Memcached 1.4.5 and earlier allow remote attackers to cause a denial of service (crash) via a large body length value in a packet.
Dopewars 1.5.12 - Denial of Service via Invalid REQUESTJET Message
Dopewars 1.5.12 allows remote attackers to cause a denial of service (segmentation fault) via a REQUESTJET message with an invalid location.
IBM Lotus Sametime 8.5.2-8.5.2.1 - Denial of Service via Crafted Audio Visual Session
IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote attackers to cause a denial of service (WebPlayer Firefox extension crash) via a crafted Audio Visual (AV) session.
by Chris John Riley, kicks4kittens
By Source