K-sPecial

6 exploits Active since Aug 2004
CVE-2005-1344 EXPLOITDB c WORKING POC
Apache HTTP Server 2.0.52 - Buffer Overflow via Long Realm Argument
Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
EIP-2026-107523 EXPLOITDB perl WORKING POC
Guestex Guestbook 1.00 - 'email' Remote Code Execution
CVE-2004-0230 EXPLOITDB perl WORKING POC
Juniper Junos - Denial of Service via TCP RST Packet Injection
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that use long-lived connections, such as BGP.
CVE-2006-2502 EXPLOITDB perl WORKING POC
Cyrus IMAPD 2.3.2 - Stack-Based Buffer Overflow via Long USER Command
Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
CVE-2006-5864 EXPLOITDB c WORKING POC
GNU gv 3.6.2 - Stack-based Buffer Overflow via Long Comments in PostScript Headers
Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. NOTE: this issue can be exploited through other products that use gv such as evince.
CVE-2006-2814 EXPLOITDB c WORKING POC
iShopCart - Buffer Overflow in vGetPost and main Functions
Multiple buffer overflows in the (1) vGetPost and (2) main functions in easy-scart.c through easy-scart6.c in iShopCart allow remote attackers to execute arbitrary code by sending a large amount of data containing "Submit" in an sslinvoice action, and allow remote attackers to have an unknown impact via a large amount of posted data.