Ruby Exploits
5,920 exploits tracked across all sources.
VEEAM One Agent 9.5.4.4587 - Deserialization
This vulnerability allows remote attackers to execute arbitrary code on affected installations of VEEAM One Agent 9.5.4.4587. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HandshakeResult method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-10401.
by Michael Zanetta, Edgar Boda-Majer, wvu
CVSS 9.8
ASUS Remote Console <2.0.0.19,2.0.0.24 - Buffer Overflow
Stack-based buffer overflow in the DPC Proxy server (DpcProxy.exe) in ASUS Remote Console (aka ARC or ASMB3) 2.0.0.19 and 2.0.0.24 allows remote attackers to execute arbitrary code via a long string to TCP port 623.
Microsoft Directx - Memory Corruption
Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file.
BigAnt IM Server <2.2 - Buffer Overflow
Stack-based buffer overflow in the AntServer module (AntServer.exe) in BigAnt IM Server in BigAnt Messenger 2.2 allows remote attackers to execute arbitrary code via a long URI in a request to TCP port 6080. NOTE: some of these details are obtained from third party information.
by MC
SolarWinds Platform - Code Injection
SolarWinds Platform was susceptible to the Deserialization of Untrusted Data. This vulnerability allows a remote adversary with Orion admin-level account access to SolarWinds Web Console to execute arbitrary commands.
by Justin Hong, Lucas Miller, Piotr Bazydło, Spencer McIntyre
CVSS 7.2
IBM Cognos Tm1 - Memory Corruption
Multiple stack-based buffer overflows in tm1admsd.exe in the Admin Server in IBM Cognos TM1 9.4.x and 9.5.x before 9.5.2 FP2 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via crafted data.
by Unknown, juan vazquez
ALLMediaServer <1.6 - Buffer Overflow
Mediaserver.exe in ALLMediaServer 1.6 has a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long string to TCP port 888, a related issue to CVE-2017-17932.
by Hejap Zairy Al-Sharif
CVSS 9.8
Borland Software Interbase - Memory Corruption
Multiple stack-based buffer overflows in Borland InterBase LI 8.0.0.53 through 8.1.0.253, and WI 5.1.1.680 through 8.1.0.257, allow remote attackers to execute arbitrary code via (1) a long service attach request on TCP port 3050 to the (a) SVC_attach or (b) INET_connect function, (2) a long create request on TCP port 3050 to the (c) isc_create_database or (d) jrd8_create_database function, (3) a long attach request on TCP port 3050 to the (e) isc_attach_database or (f) PWD_db_aliased function, or unspecified vectors involving the (4) jrd8_attach_database or (5) expand_filename2 function.
by Ramon de C Valle
HP Openview Data Protector Applicatio... - Memory Corruption
Stack-based buffer overflow in the OmniInet process in HP OpenView Data Protector Application Recovery Manager 5.50 and 6.0 allows remote attackers to execute arbitrary code or cause a denial of service via a crafted MSG_PROTOCOL packet.
Borland Caliberrm - Memory Corruption
Stack-based buffer overflow in the PGMWebHandler::parse_request function in the StarTeam Multicast Service component (STMulticastService) 6.4 in Borland CaliberRM 2006 allows remote attackers to execute arbitrary code via a large HTTP request.
Enterasys Netsight < 4.1.0.79 - Memory Corruption
Stack-based buffer overflow in the Syslog service (nssyslogd.exe) in Enterasys Network Management Suite (NMS) before 4.1.0.80 allows remote attackers to execute arbitrary code via a long PRIO field in a message to UDP port 514.
by Jeremy Brown
Poppeeper Pop Peeper < 3.4.0.0 - Memory Corruption
Stack-based buffer overflow in POP Peeper 3.4.0.0 and earlier allows remote POP3 servers to execute arbitrary code via a long Date header, related to Imap.dll.
by MC
Anviz Crosschex - Buffer Overflow
Anviz CrossChex access control management software 4.3.8.0 and 4.3.12 is vulnerable to a buffer overflow vulnerability.
by Luis Catarino <[email protected]>, Pedro Rodrigues <[email protected]>, agalway-r7, adfoster-r7
CVSS 9.8
HP Storage Data Protector - Denial of Service
Unspecified vulnerability in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary code or cause a denial of service via unknown vectors, aka ZDI-CAN-1905.
by Brian Gorenc, juan vazquez
TinyIdentD <2.2 - Buffer Overflow
Stack-based buffer overflow in TinyIdentD 2.2 and earlier allows remote attackers to execute arbitrary code via a long string to TCP port 113.
by Maarten Boone
HP Openview Storage Data Protector - Memory Corruption
Stack-based buffer overflow in OmniInet.exe (aka the backup client service daemon) in the Application Recovery Manager component in HP OpenView Storage Data Protector 5.50 and 6.0 allows remote attackers to execute arbitrary code via an MSG_PROTOCOL command with long arguments, a different vulnerability than CVE-2009-3844.
HP Storage Data Protector <8 - RCE
Unspecified vulnerability in HP Storage Data Protector 8.x allows remote attackers to execute arbitrary code via unknown vectors.
by Christian Ramirez, Henoch Barrera
Bluecoat Webproxy - Buffer Overflow
Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web console access functionality in ProxyAV before 2.4.2.3 allows remote attackers to execute arbitrary code via a long Host: header.
Qbik WinGate 6.1.1.1077 - Buffer Overflow
Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request.
CCProxy - Buffer Overflow
Buffer overflow in the logging component of CCProxy allows remote attackers to execute arbitrary code via a long HTTP GET request.
by aushack
Proxy-pro Professional Gatekeeper - Buffer Overflow
Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote attackers to execute arbitrary code via a long GET request.
Symantec Veritas Backup Exec - Buffer Overflow
Stack-based buffer overflow in the Agent Browser in Veritas Backup Exec 8.x before 8.60.3878 Hotfix 68, and 9.x before 9.1.4691 Hotfix 40, allows remote attackers to execute arbitrary code via a registration request with a long hostname.
by hdm
Symantec Veritas Backup Exec - Buffer Overflow
Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for Netware allows remote attackers to execute arbitrary code via a CONNECT_CLIENT_AUTH request with authentication method type 3 (Windows credentials) and a long password argument.
by hdm
Veritas Backup Exec <16 FP1 - Use After Free
In Veritas Backup Exec 2014 before build 14.1.1187.1126, 15 before build 14.2.1180.3160, and 16 before FP1, there is a use-after-free vulnerability in multiple agents that can lead to a denial of service or remote code execution. An unauthenticated attacker can use this vulnerability to crash the agent or potentially take control of the agent process and then the system it is running on.
by Matthew Daley
CVSS 9.8
Microsoft SSL - Buffer Overflow
Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
by hdm
By Source