Exploitdb Exploits

50,095 exploits tracked across all sources.

Sort: Activity Stars
CVE-2009-4850 EXPLOITDB ruby VERIFIED
Awingsoft Awakening Winds3D Viewer Plugin 3.5.0.9 - Remote Code Execution via SceneURL Property
The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote attackers to execute arbitrary programs via a SceneURL property value with a URL for a .exe file.
by Metasploit
CVE-2010-0103 EXPLOITDB ruby VERIFIED
Energizer DUO USB - Remote Code Execution via TCP Port 7777
UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777.
by Metasploit
CVE-2010-2883 EXPLOITDB HIGH ruby VERIFIED
Adobe Reader/Acrobat <9.4-8.2.5 - Buffer Overflow
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.
by Metasploit
CVSS 7.3
CVE-2005-0277 EXPLOITDB ruby VERIFIED
3Com 3CDaemon 2.0 revision 10 - Buffer Overflow via Long FTP Command Argument
Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via (1) a long username in the USER command or (2) an FTP command that contains a long argument, such as cd, send, or ls.
by Metasploit
CVE-2006-6665 EXPLOITDB ruby VERIFIED
Astonsoft DeepBurner Pro & Free <1.8.0 - RCE
Buffer overflow in Astonsoft DeepBurner Pro and Free 1.8.0 and earlier allows user-assisted remote attackers to execute arbitrary code via a long file name tag in a dbr file.
by Metasploit
CVE-2010-1297 EXPLOITDB HIGH ruby VERIFIED
Adobe Flash Player
Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and Adobe Reader and Acrobat 9.x before 9.3.3, and 8.x before 8.2.3 on Windows and Mac OS X, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted SWF content, related to authplay.dll and the ActionScript Virtual Machine 2 (AVM2) newfunction instruction, as exploited in the wild in June 2010.
by Metasploit
CVSS 7.8
CVE-2009-3459 EXPLOITDB HIGH ruby VERIFIED
Adobe Acrobat < 9.1.3 - Remote Code Execution via Crafted PDF File
Heap-based buffer overflow in Adobe Reader and Acrobat 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2 allows remote attackers to execute arbitrary code via a crafted PDF file that triggers memory corruption, as exploited in the wild in October 2009. NOTE: some of these details are obtained from third party information.
by Metasploit
CVSS 8.8
EIP-2026-115640 EXPLOITDB text VERIFIED
Microsoft DRM Technology - 'msnetobj.dll' ActiveX Multiple Vulnerabilities
by Asheesh kumar Mani Tripathi
CVE-2006-0848 EXPLOITDB ruby VERIFIED
macOS X - Remote Code Execution via Safari Safe Files Download Feature
The "Open 'safe' files after downloading" option in Safari on Apple Mac OS X allows remote user-assisted attackers to execute arbitrary commands by tricking a user into downloading a __MACOSX folder that contains metadata (resource fork) that invokes the Terminal, which automatically interprets the script using bash, as demonstrated using a ZIP file that contains a script with a safe file extension.
by Metasploit
CVE-2001-1583 EXPLOITDB ruby VERIFIED
Solaris 8 - Remote Code Execution
lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220.
by Metasploit
CVE-2007-5423 EXPLOITDB ruby VERIFIED
TikiWiki 1.9.8 - Remote Code Execution via tiki-graph_formula.php f Parameter
tiki-graph_formula.php in TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP sequences in the f array parameter, which are processed by create_function.
by Metasploit
CVE-2010-3483 EXPLOITDB text
Primitive CMS 1.0.9 - Privilege Escalation
cms_write.php in Primitive CMS 1.0.9 does not properly restrict access, which allows remote attackers to gain administrative privileges via a direct request. NOTE: this vulnerability can be leveraged to conduct cross-site scripting attacks, as demonstrated using the (1) title, (2) content, and (3) menutitle parameters.
by Stephan Sattler
CVE-2010-4752 EXPLOITDB text VERIFIED
LightNEasy 3.2.1 - SQL Injection via Page Parameter
SQL injection vulnerability in LightNEasy.php in LightNEasy 3.2.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the page parameter, a different vector than CVE-2008-6593, CVE-2010-3484, and CVE-2010-3485. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Solidmedia
EIP-2026-108551 EXPLOITDB perl VERIFIED
Joomla! Component com_spain - 'nv' SQL Injection
by FL0RiX
CVE-2009-4098 EXPLOITDB ruby VERIFIED
OpenX < 2.8.1 - Authenticated Arbitrary File Upload and Remote Code Execution via Banner Edit
Unrestricted file upload vulnerability in banner-edit.php in OpenX adserver 2.8.1 and earlier allows remote authenticated users with banner / file upload permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an images directory.
by Metasploit
CVE-2004-0695 EXPLOITDB ruby VERIFIED
4D WebSTAR <5.3.2 - Buffer Overflow
Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 and earlier allows remote attackers to execute arbitrary code via a long FTP command.
by Metasploit
CVE-2004-0430 EXPLOITDB ruby VERIFIED
AppleFileServer <10.3.3 - Buffer Overflow
Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and earlier allows remote attackers to execute arbitrary code via a LoginExt packet for a Cleartext Password User Authentication Method (UAM) request with a PathName argument that includes an AFPName type string that is longer than the associated length field.
by Metasploit
CVE-2007-5863 EXPLOITDB ruby VERIFIED
Apple Mac OS X 10.5.1 - Command Injection
Software Update in Apple Mac OS X 10.5.1 allows remote attackers to execute arbitrary commands via a man-in-the-middle (MITM) attack between the client and the server, using a modified distribution definition file with the "allow-external-scripts" option.
by Metasploit
CVE-2009-3867 EXPLOITDB ruby VERIFIED
Sun Java JRE getSoundbank file:// URI Buffer Overflow
Stack-based buffer overflow in the HsbParser.getSoundBank function in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a long file: URL in an argument, aka Bug Id 6854303.
by Metasploit
CVE-2009-3869 EXPLOITDB ruby VERIFIED
Sun Java JRE AWT setDiffICM Buffer Overflow
Stack-based buffer overflow in the setDiffICM function in the Abstract Window Toolkit (AWT) in Java Runtime Environment (JRE) in Sun Java SE in JDK and JRE 5.0 before Update 22, JDK and JRE 6 before Update 17, SDK and JRE 1.3.x before 1.3.1_27, and SDK and JRE 1.4.x before 1.4.2_24 allows remote attackers to execute arbitrary code via a crafted argument, aka Bug Id 6872357.
by Metasploit
CVE-2008-5353 EXPLOITDB ruby VERIFIED
Sun Java Calendar Deserialization Privilege Escalation
The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects".
by Metasploit
CVE-2007-1286 EXPLOITDB ruby VERIFIED
PHP < 4.4.4 - Remote Code Execution via Long String to unserialize Function
Integer overflow in PHP 4.4.4 and earlier allows remote context-dependent attackers to execute arbitrary code via a long string to the unserialize function, which triggers the overflow in the ZVAL reference counter.
by Metasploit
CVE-2006-3677 EXPLOITDB ruby VERIFIED
Mozilla Firefox <1.5.0.5 & SeaMonkey <1.0.3 - RCE
Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.
by Metasploit
CVE-2009-2477 EXPLOITDB ruby VERIFIED
Firefox 3.5 - Remote Code Execution via TraceMonkey JIT Escape Function
js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a document containing P and FONT elements.
by Metasploit
CVE-2006-0295 EXPLOITDB ruby VERIFIED
Mozilla Firefox <1.5, Thunderbird <1.5 - RCE
Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption.
by Metasploit