Magnus Klaaborg Stubman

13 exploits Active since Aug 2015
CVE-2016-7434 NOMISEC HIGH WORKING POC
NTP 4.3.0-4.3.94 - Denial of Service via Crafted MRU List Query
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
1 stars
CVSS 7.5
CVE-2015-5621 EXPLOITDB HIGH text WORKING POC
net-snmp < 5.7.2 - Denial of Service and Possible Remote Code Execution via Crafted SNMP PDU
The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
CVSS 7.5
CVE-2018-7182 EXPLOITDB HIGH python WORKING POC
ntp 4.2.8p6-4.2.8p10 - Denial of Service via Crafted Mode 6 Packet
The ctl_getitem method in ntpd in ntp-4.2.8p6 before 4.2.8p11 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mode 6 packet with a ntpd instance from 4.2.8p6 through 4.2.8p10.
CVSS 7.5
CVE-2016-7567 EXPLOITDB CRITICAL text WORKING POC
OpenSLP 2.0 - Buffer Overflow in SLPFoldWhiteSpace
Buffer overflow in the SLPFoldWhiteSpace function in common/slp_compare.c in OpenSLP 2.0 allows remote attackers to have unspecified impact via a crafted string.
CVSS 9.8
CVE-2019-6442 EXPLOITDB MEDIUM python WORKING POC
ntpsec < 1.1.3 - Authenticated Out-of-bounds Write via Malformed Config Request
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y.
CVSS 6.5
CVE-2019-6443 EXPLOITDB CRITICAL python WORKING POC
ntpsec < 1.1.3 - Stack-based Buffer Over-read in ntp_control.c
An issue was discovered in NTPsec before 1.1.3. Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd.
CVSS 9.1
CVE-2018-18065 EXPLOITDB MEDIUM text WORKING POC
Net-SNMP < 5.8 - Authenticated Denial of Service via Crafted UDP Packet
_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
CVSS 6.5
CVE-2019-6444 EXPLOITDB CRITICAL python WORKING POC
ntpsec < 1.1.3 - Stack-based Buffer Over-read via process_control
An issue was discovered in NTPsec before 1.1.3. process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd.
CVSS 9.1
CVE-2018-12938 EXPLOITDB python WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2017-17833. Reason: This candidate is a duplicate of CVE-2017-17833. Notes: All CVE users should reference CVE-2017-17833 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2019-6445 EXPLOITDB MEDIUM python WORKING POC
ntpsec < 1.1.3 - Authenticated Denial of Service via NULL Pointer Dereference in ntp_control.c
An issue was discovered in NTPsec before 1.1.3. An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem.
CVSS 6.5
EIP-2026-102695 EXPLOITDB bash WORKING POC
net-snmp 5.7.3 - (Unauthenticated) Denial of Service (PoC)
CVE-2015-7855 EXPLOITDB MEDIUM python WORKING POC
ntp 4.2.0-4.2.8 - Denial of Service via Long Data Value in Mode 6 or 7 Packet
The decodenetnum function in ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote attackers to cause a denial of service (assertion failure) via a 6 or mode 7 packet containing a long data value.
CVSS 6.5
CVE-2016-7434 EXPLOITDB HIGH python WORKING POC
NTP 4.3.0-4.3.94 - Denial of Service via Crafted MRU List Query
The read_mru_list function in NTP before 4.2.8p9 allows remote attackers to cause a denial of service (crash) via a crafted mrulist query.
CVSS 7.5