Exploitdb Exploits
2,689 exploits tracked across all sources.
Internet Explorer 6-8 - Use-After-Free in CSS Parser via Self-Referential @import Rule
Use-after-free vulnerability in the CSharedStyleSheet::Notify function in the Cascading Style Sheets (CSS) parser in mshtml.dll, as used in Microsoft Internet Explorer 6 through 8 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a self-referential @import rule in a stylesheet, aka "CSS Memory Corruption Vulnerability."
by Nephi Johnson
Oracle Java SE/Jav for Bus <6-5.0-1.4.2 - Info Disclosure
Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, and 1.4.2_25 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is related to improper checks when executing privileged methods in the Java Runtime Environment (JRE), which allows attackers to execute arbitrary code via (1) an untrusted object that extends the trusted class but has not modified a certain method, or (2) "a similar trust issue with interfaces," aka "Trusted Methods Chaining Remote Code Execution Vulnerability."
by Metasploit
CVSS 9.8
Microsoft Internet Explorer <7 - Use After Free
Use-after-free vulnerability in the Peer Objects component (aka iepeers.dll) in Microsoft Internet Explorer 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via vectors involving access to an invalid pointer after the deletion of an object, as exploited in the wild in March 2010, aka "Uninitialized Memory Corruption Vulnerability."
by Metasploit
CVSS 8.8
Apache Axis2 - Remote Code Execution via Default Admin Credentials
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
by Metasploit
Apache Axis2 - Remote Code Execution via Default Admin Credentials
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
by Metasploit
IBM Rational Quality Manager and Rational Test Lab Manager - Remote Code Execution via Default Tomcat ADMIN Password
The Tomcat server in IBM Rational Quality Manager and Rational Test Lab Manager has a default password for the ADMIN account, which makes it easier for remote attackers to execute arbitrary code by leveraging access to the manager role. NOTE: this might overlap CVE-2009-3548.
by Metasploit
Allegro RomPager 4.07 - UPnP HTTP Request Remote Denial of Service
by Ricky-Lee Birtles
UnrealIRCd 3.2.8.1 - Remote Code Execution via Trojaned DEBUG3_DOLOG_SYSTEM Macro
UnrealIRCd 3.2.8.1, as distributed on certain mirror sites from November 2009 through June 2010, contains an externally introduced modification (Trojan Horse) in the DEBUG3_DOLOG_SYSTEM macro, which allows remote attackers to execute arbitrary commands.
by Metasploit
TFTPUtil GUI 1.4.5 - Denial of Service (Metasploit)
by Vuk Ivanovic
ProFTPD 1.3.3c - Unauthenticated Remote Code Execution via Hidden FTP Command
A malicious backdoor was embedded in the official ProFTPD 1.3.3c source tarball distributed between November 28 and December 2, 2010. The backdoor implements a hidden FTP command trigger that, when invoked, causes the server to execute arbitrary shell commands with root privileges. This allows remote, unauthenticated attackers to run any OS command on the FTP server host.
by Metasploit
CVSS 9.8
Viscom Image Viewer <8.0 - Buffer Overflow
Stack-based buffer overflow in the Image2PDF function in the SCRIBBLE.ScribbleCtrl.1 ActiveX control (ImageViewer2.ocx) in Viscom Image Viewer CP Pro 8.0, Gold 5.5, Gold 6.0, and earlier allows remote attackers to execute arbitrary code via a long strPDFFile parameter.
by bz1p
Windows NT and Windows 2000 - Unauthenticated Local Account Access via Default Null Password
A Windows NT local user or administrator account has a default, null, blank, or missing password.
by Metasploit
ProFTPD - Stack-Based Buffer Overflow via TELNET IAC Escape Character
Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.
by Metasploit
SAP GUI 6.40 Patch 29 and 7.10 Patch 5 - Arbitrary File Write and Read via KWEdit ActiveX Control
Insecure method vulnerability in the KWEdit ActiveX control in SAP GUI 6.40 Patch 29 (KWEDIT.DLL 6400.1.1.41) and 7.10 Patch 5 (KWEDIT.DLL 7100.1.1.43) allows remote attackers to (1) overwrite arbitrary files via the SaveDocumentAs method or (2) read or execute arbitrary files via the OpenDocument method.
by Metasploit
SAP Business One 2005 A - Stack-Based Buffer Overflow via GIOP Request
Stack-based buffer overflow in NT_Naming_Service.exe in SAP Business One 2005 A 6.80.123 and 6.80.320 allows remote attackers to execute arbitrary code via a long GIOP request to TCP port 30000.
by Metasploit
POP Peeper < 3.4.0.0 - Remote Code Execution via Long Date Header
Stack-based buffer overflow in POP Peeper 3.4.0.0 and earlier allows remote POP3 servers to execute arbitrary code via a long Date header, related to Imap.dll.
by Metasploit
DATAC RealWin <= 2.0 Build 6.1.8.10 - Stack-Based Buffer Overflow via Long SCPC Packet
Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8.10 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) SCPC_INITIALIZE, (2) SCPC_INITIALIZE_RF, or (3) SCPC_TXTEVENT packet. NOTE: it was later reported that 1.06 is also affected by one of these requests.
by Metasploit
DATAC RealWin <= 2.0 Build 6.1.8.10 - Stack-Based Buffer Overflow via Long SCPC Packet
Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8.10 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) SCPC_INITIALIZE, (2) SCPC_INITIALIZE_RF, or (3) SCPC_TXTEVENT packet. NOTE: it was later reported that 1.06 is also affected by one of these requests.
by Metasploit
HP-UX - Remote Code Execution via wu-ftpd SITE EXEC Format String
The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.
by Metasploit
FreeNAS <0.7.2-5543 - Command Injection
FreeNAS 0.7.2 prior to revision 5543 includes an unauthenticated command‐execution backdoor in its web interface. The exec_raw.php script exposes a cmd parameter that is passed directly to the underlying shell without sanitation.
by Metasploit
Zenturi ProgramChecker - Remote Code Execution via DebugMsgLog or DoFileProperties Methods
Multiple buffer overflows in certain ActiveX controls in sasatl.dll in Zenturi ProgramChecker allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the (1) DebugMsgLog or (2) DoFileProperties methods.
by Metasploit
Symantec AppStream Client < 5.2.2 SP3 MP1 - Remote Code Execution via LaunchObj ActiveX Control
The LaunchObj ActiveX control before 5.2.2.865 in launcher.dll in Symantec AppStream Client 5.2.x before 5.2.2 SP3 MP1 does not properly validate downloaded files, which allows remote attackers to execute arbitrary code via the installAppMgr method and unspecified other methods.
by Metasploit
Symantec Altiris Deployment Solution/Notification Server - RCE via AeXNSPkgDLLib.dll
The Altiris eXpress NS SC Download ActiveX control in AeXNSPkgDLLib.dll, as used in Symantec Altiris Deployment Solution 6.9.x, Notification Server 6.0.x, and Symantec Management Platform 7.0.x exposes an unsafe method, which allows remote attackers to force the download of arbitrary files and possibly execute arbitrary code via the DownloadAndInstall method.
by Metasploit
Realtek Media Player <1.15.0.0 - Buffer Overflow
Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound Manager, RtlRack, or rtlrack.exe) 1.15.0.0 allows remote attackers to execute arbitrary code via a crafted playlist (PLA) file.
by Metasploit
By Source