Exploitdb Exploits
2,689 exploits tracked across all sources.
Autodesk IDrop - ActiveX Control Heap Memory Corruption (Metasploit)
by Metasploit
AOL Radio AmpX - ActiveX Control 'ConvertFile()' Remote Buffer Overflow (Metasploit)
by Metasploit
Nullsoft Winamp 5.12 - Buffer Overflow via Playlist File1 Field
Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).
by Metasploit
ABC Backup 5.50 and Urgent Backup 3.20 - Stack-based Buffer Overflow via Crafted ZIP Archive
Stack-based buffer overflow in (1) Urgent Backup 3.20, and (2) ABC Backup Pro 5.20 and ABC Backup 5.50, allows user-assisted remote attackers to execute arbitrary code via a crafted ZIP archive.
by Lincoln
UltraISO <8.6.2.2011 - Buffer Overflow
Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information.
by Metasploit
UltraISO < 9.3.3 - Stack-Based Buffer Overflow via Crafted CCD or IMG File
Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted (1) CCD or (2) IMG file.
by Metasploit
Microsoft Windows 2003 Server and XP - Remote Code Execution via MPEG2TuneRequest ActiveX Control
Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
by Metasploit
CVSS 8.8
HT-MP3Player 1.0 - Stack-Based Buffer Overflow via Long String in .ht3 File
Stack-based buffer overflow in HT-MP3Player 1.0 allows remote attackers to execute arbitrary code via a long string in a .ht3 file.
by Metasploit
Pirate Radio Destiny Media Player 1.61 - Stack-Based Buffer Overflow via .pls Playlist File
Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 allows remote attackers to execute arbitrary code via a long string in a .pls playlist file.
by Metasploit
Adobe Reader/Acrobat <9.3-8.2 - RCE
Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code via a crafted PDF file using ZLib compressed streams, as exploited in the wild in December 2009.
by Metasploit
CVSS 7.8
Adobe Acrobat Reader 7.0-7.1.1 - Remote Code Execution via Collab.getIcon Method
Stack-based buffer overflow in Adobe Reader and Adobe Acrobat 9 before 9.1, 8 before 8.1.3 , and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a crafted argument to the getIcon method of a Collab object, a different vulnerability than CVE-2009-0658.
by Metasploit
CVSS 8.8
CDE Common Desktop Environment - Remote Code Execution via Buffer Overflow in dtspcd Client Connection Routine
Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands.
by Metasploit
PAJAX 0.5.1 - Remote Code Execution via pajax_call_dispatcher.php Method and Args Parameters
Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to execute arbitrary code via the (1) $method and (2) $args parameters.
by Metasploit
Squid Web Proxy Cache 2.5.x and 3.x - Remote Code Execution via NTLM Authentication Password Overflow
Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable).
by Metasploit
SpamAssassin - Remote Code Execution via Crafted Message with Virtual Pop Username
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
by Metasploit
MySQL 5.0.0-5.0.89 - Remote Code Execution via X.509 Certificate Name Field Overflow
Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption and daemon crash) by establishing an SSL connection and sending an X.509 client certificate with a crafted name field, as demonstrated by mysql_overflow1.py and the vd_mysql5 module in VulnDisco Pack Professional 8.11. NOTE: this was originally reported for MySQL 5.0.51a.
by Metasploit
Cyrus IMAPD 2.3.2 - Stack-Based Buffer Overflow via Long USER Command
Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
by Metasploit
BerliOS GPD daemon 1.9.0-2.7 - Remote Code Execution via Format String in GPS Request
Format string vulnerability in the gpsd_report function for BerliOS GPD daemon (gpsd, formerly pygps) 1.9.0 through 2.7 allows remote attackers to execute arbitrary code via certain GPS requests containing format string specifiers that are not properly handled in syslog calls.
by Metasploit
Barracuda Spam Firewall <3.1.17 - Command Injection
img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter.
by Metasploit
Windows 2000 Server SP4 - Remote Code Execution via Crafted Transport Packets
Stack-based buffer overflow in nsum.exe in the Windows Media Unicast Service in Media Services for Microsoft Windows 2000 Server SP4 allows remote attackers to execute arbitrary code via crafted packets associated with transport information, aka "Media Services Stack-based Buffer Overflow Vulnerability."
by Metasploit
Samba < 2.2.8 - Remote Code Execution via SMB/CIFS Packet Fragment Reassembly
Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.
by Metasploit
Serenity Audio Player 3.2.3 - '.m3u' Remote Buffer Overflow (Metasploit)
by blake
WM Downloader 3.0.0.9 - Local Buffer Overflow (Metasploit)
by blake
EasyFTP Server <= 1.7.0.11 - Unauthenticated Stack-based Buffer Overflow via CWD Command
EasyFTP Server versions up to 1.7.0.11 contain a stack-based buffer overflow vulnerability in the FTP command parser. When processing the CWD (Change Working Directory) command, the server fails to properly validate the length of the input string, allowing attackers to overwrite memory on the stack. This flaw enables remote code execution without authentication, as EasyFTP allows anonymous access by default. The vulnerability was resolved in version 1.7.0.12, after which the product was renamed “UplusFtp.”
by Paul Makowski
CVSS 9.8
By Source