Andi

10 exploits Active since Jul 2002
CVE-2002-1374 EXPLOITDB c WORKING POC
MySQL <3.23.54, <4.0.6 - Privilege Escalation
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.
CVE-2008-5689 EXPLOITDB c WORKING POC
OpenSolaris snv_01-snv_76 - Denial of Service via SIOCGTUNPARAM IOCTL Request
tun in IP Tunnel in Solaris 10 and OpenSolaris snv_01 through snv_76 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted SIOCGTUNPARAM IOCTL request, which triggers a NULL pointer dereference.
CVE-2008-0964 EXPLOITDB c WORKING POC
OpenSolaris and Solaris 8-10 - Remote Code Execution via Crafted SMB Packet
Multiple stack-based buffer overflows in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via a crafted SMB packet.
CVE-2003-1055 EXPLOITDB c WORKING POC
Solaris 8 and 9 - Buffer Overflow in nss_ldap.so.1 via Long Hostname
Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 may allow local users to gain root access via a long hostname in an LDAP lookup.
CVE-2004-2523 EXPLOITDB c WORKING POC
OpenFTPD < 0.30.2 - Authenticated Remote Code Execution via Format String in Message Argument
Format string vulnerability in the msg command (cat_message function in msg.c) in OpenFTPD 0.30.2 and earlier allows remote authenticated users to execute arbitrary code via format string specifiers in the message argument.
EIP-2026-103156 EXPLOITDB c WORKING POC
Lighttpd 1.4.17 - FastCGI Header Overflow Arbitrary Code Execution
CVE-2006-4020 EXPLOITDB php WORKING POC
PHP <5.1.4 & <4.4.3 - Buffer Overflow
scanf.c in PHP 5.1.4 and earlier, and 4.4.3 and earlier, allows context-dependent attackers to execute arbitrary code via a sscanf PHP function call that performs argument swapping, which increments an index past the end of an array and triggers a buffer over-read.
CVE-2009-2698 EXPLOITDB HIGH c WORKING POC
Linux Kernel <2.6.19 - Privilege Escalation
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
CVSS 7.8
CVE-2010-0740 EXPLOITDB c WORKING POC
OpenSSL 0.9.8f-0.9.8m - Denial of Service via Malformed TLS Record
The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor version number. NOTE: some of these details are obtained from third party information.
CVE-2002-0702 EXPLOITDB c WORKING POC
ISC DHCPd 3-3.0.1rc8 - Remote Code Execution via Format String in DNS Response
Format string vulnerabilities in the logging routines for dynamic DNS code (print.c) of ISC DHCP daemon (DHCPD) 3 to 3.0.1rc8, with the NSUPDATE option enabled, allow remote malicious DNS servers to execute arbitrary code via format strings in a DNS server response.