Marc Bevand

5 exploits Active since Dec 2003
CVE-2008-1447 EXPLOITDB MEDIUM c WORKING POC
BIND < 9.5.0-P1, 9.4.2-P1, 9.3.5-P1 - DNS Cache Poisoning via Insufficient Transaction ID and Source Port Entropy
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
CVSS 6.8
CVE-2006-0230 EXPLOITDB perl WORKING POC
Symantec Scan Engine <5.1.0.7 - Privilege Escalation
Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests.
CVE-2003-1366 EXPLOITDB text WORKING POC
OpenBSD 2.0-3.2 - Unauthorized File Read via chpass Hard Link Attack
chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information.
CVE-2008-4194 EXPLOITDB c WORKING POC
pdnsd < 1.2.7-par - Denial of Service via Long DNS Reply
The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par allows remote attackers to cause a denial of service (daemon crash) via a long DNS reply with many entries in the answer section, related to a "dangling pointer bug."
CVE-2006-5379 EXPLOITDB c WORKING POC
NVIDIA Binary Graphics Driver <v8774,v8762 - RCE
The accelerated rendering functionality of NVIDIA Binary Graphics Driver (binary blob driver) For Linux v8774 and v8762, and probably on other operating systems, allows local and remote attackers to execute arbitrary code via a large width value in a font glyph, which can be used to overwrite arbitrary memory locations.