Exploitdb Exploits
2,731 exploits tracked across all sources.
Imatix Xitami - Memory Corruption
Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remote attackers to execute arbitrary code via a long If-Modified-Since header to (1) xigui32.exe or (2) xitami.exe.
by Metasploit
NetTransport Download Manager 2.90.510 - Remote Buffer Overflow (Metasploit)
by Metasploit
Microsoft Windows <SP1 - Buffer Overflow
Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
by Metasploit
Microsoft Windows 2000 - Buffer Overflow
Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
by Metasploit
Microsoft Internet Explorer <6.0 - RCE
Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.
by Metasploit
Mercur Messaging 5.0 SP3 - Buffer Overflow
Stack-based buffer overflow in the IMAP service in Mercur Messaging 5.0 SP3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string to the (1) LOGIN or (2) SELECT command, a different set of attack vectors and possibly a different vulnerability than CVE-2003-1177.
by Metasploit
httpdx <1.5 - RCE
Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component.
by Metasploit
httpdx <1.5 - RCE
Multiple format string vulnerabilities in the tolog function in httpdx 1.4, 1.4.5, 1.4.6, 1.4.6b, and 1.5 allow (1) remote attackers to execute arbitrary code via format string specifiers in a GET request to the HTTP server component when logging is enabled, and allow (2) remote authenticated users to execute arbitrary code via format string specifiers in a PWD command to the FTP server component.
by Metasploit
Eureka-email Eureka Email - Memory Corruption
Stack-based buffer overflow in Eureka Email 2.2q allows remote POP3 servers to execute arbitrary code via a long error message.
by Metasploit
SquirrelMail 1.4.0 - GPG Plugin 1.1 - Command Injection
The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field.
by Metasploit
Dave Mills Ntpd < 4.0.99k - Buffer Overflow
Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.
by Metasploit
MicroP 0.1.1.1600 - Buffer Overflow
Stack-based buffer overflow in MicroP 0.1.1.1600 allows remote attackers to execute arbitrary code via a crafted .mppl file. NOTE: it has been reported that the overflow is in the lpFileName parameter of the CreateFileA function, but the overflow is probably caused by a separate, unnamed function.
by James Fitts
Samba 3.0.0-3.0.25rc3 - Command Injection
The MS-RPC functionality in smbd in Samba 3.0.0 through 3.0.25rc3 allows remote attackers to execute arbitrary commands via shell metacharacters involving the (1) SamrChangePassword function, when the "username map script" smb.conf option is enabled, and allows remote authenticated users to execute commands via shell metacharacters involving other MS-RPC functions in the (2) remote printer and (3) file share management.
by Metasploit
EasyFTP Server 1.7.0.11 - list.html path Stack Buffer Overflow (Metasploit)
by Metasploit
Microsoft Windows 2000 - Memory Corruption
Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.
by Metasploit
Subversion <1.0.2 - RCE
Stack-based buffer overflow during the apr_time_t data conversion in Subversion 1.0.2 and earlier allows remote attackers to execute arbitrary code via a (1) DAV2 REPORT query or (2) get-dated-rev svn-protocol command.
by Metasploit
SUN Java System Web Server - Memory Corruption
Stack-based buffer overflow in the WebDAV implementation in webservd in Sun Java System Web Server (aka SJWS) 7.0 Update 7 allows remote attackers to cause a denial of service (daemon crash) and possibly have unspecified other impact via a long URI in an HTTP OPTIONS request.
by Metasploit
Realnetworks Helix Universal Server - Buffer Overflow
Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 (9.0.2.768) allow remote attackers to execute arbitrary code via (1) a long Transport field in a SETUP RTSP request, (2) a DESCRIBE RTSP request with a long URL argument, or (3) two simultaneous HTTP GET requests with long arguments.
by Metasploit
Easy Chat Server <2.2 - DoS
chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a denial of service (server crash) via a long username parameter, possibly due to a buffer overflow. NOTE: it was later reported that 2.2 is also affected.
by Metasploit
EasyFTP Server 1.7.0.11 - 'LIST' Stack Buffer Overflow (Metasploit)
by Metasploit
JBoss JMX Console Deployer Upload and Execute
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
by Metasploit
CVSS 5.3
Xerver 4.32 - Source Disclosure / HTTP Authentication Bypass (Metasploit)
by Ben Schmidt
Hyleos Chemview - Memory Corruption
Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ActiveX control (HyleosChemView.ocx) in Hyleos ChemView 1.9.5.1 allow remote attackers to execute arbitrary code via a large number of white space characters in the filename argument to the (1) SaveasMolFile and (2) ReadMolFile methods.
by Metasploit
EasyFTP Server 1.7.0.11 - 'MKD' Stack Buffer Overflow (Metasploit)
by Metasploit
Opera 9 - Configuration Overwrite (Metasploit)
by Metasploit
By Source