Nicob

16 exploits Active since Jan 2004
CVE-2009-4498 EXPLOITDB WRITEUP
Zabbix Server <1.8 - Command Injection
The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request.
CVE-2009-4499 EXPLOITDB WRITEUP
Zabbix Server <1.6.8 - SQL Injection
SQL injection vulnerability in the get_history_lastid function in the nodewatcher component in Zabbix Server before 1.6.8 allows remote attackers to execute arbitrary SQL commands via a crafted request, possibly related to the send_history_last_id function in zabbix_server/trapper/nodehistory.c.
CVE-2008-0926 METASPLOIT ruby WORKING POC
Novell eDirectory < 8.7.3.10 - Unauthenticated Denial of Service and Arbitrary File Read via SOAP Interface
The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected.
CVE-2003-0990 METASPLOIT ruby WORKING POC
SquirrelMail 1.4.0 - GPG Plugin 1.1 - Command Injection
The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field.
CVE-2007-0774 METASPLOIT ruby WORKING POC
Apache Tomcat JK Web Server Connector <1.2.21 - RCE
Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
CVE-2009-4498 METASPLOIT ruby WORKING POC
Zabbix Server <1.8 - Command Injection
The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request.
CVE-2006-5784 EXPLOITDB perl WORKING POC
SAP Web Application Server <7.00 - Info Disclosure
Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user.
CVE-2007-0774 EXPLOITDB ruby WORKING POC
Apache Tomcat JK Web Server Connector <1.2.21 - RCE
Stack-based buffer overflow in the map_uri_to_worker function (native/common/jk_uri_worker_map.c) in mod_jk.so for Apache Tomcat JK Web Server Connector 1.2.19 and 1.2.20, as used in Tomcat 4.1.34 and 5.5.20, allows remote attackers to execute arbitrary code via a long URL that triggers the overflow in a URI worker map routine.
CVE-2008-0927 EXPLOITDB text WORKING POC
Microsoft Windows-nt - Resource Management Error
dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header with multiple comma-separated values. NOTE: this might be similar to CVE-2008-1777.
CVE-2009-4501 EXPLOITDB text WRITEUP
Zabbix < 1.6.8 - Denial of Service via Missing Separators in Request
The zbx_get_next_field function in libs/zbxcommon/str.c in Zabbix Server before 1.6.8 allows remote attackers to cause a denial of service (crash) via a request that lacks expected separators, which triggers a NULL pointer dereference, as demonstrated using the Command keyword.
CVE-2009-4502 EXPLOITDB text WORKING POC
Zabbix Agent <1.6.7 - Command Injection
The NET_TCP_LISTEN function in net.c in Zabbix Agent before 1.6.7, when running on FreeBSD or Solaris, allows remote attackers to bypass the EnableRemoteCommands setting and execute arbitrary commands via shell metacharacters in the argument to net.tcp.listen. NOTE: this attack is limited to attacks from trusted IP addresses.
CVE-2005-1470 EXPLOITDB c WORKING POC
Ethereal - Denial of Service in TZSP MGCP ISUP SMB or Bittorrent Dissectors
Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, (4) SMB, or (5) Bittorrent dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors.
CVE-2003-0990 EXPLOITDB ruby WORKING POC
SquirrelMail 1.4.0 - GPG Plugin 1.1 - Command Injection
The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 allows remote attackers to execute commands via shell metacharacters in the "To:" field.
CVE-2009-4498 EXPLOITDB ruby WORKING POC
Zabbix Server <1.8 - Command Injection
The node_process_command function in Zabbix Server before 1.8 allows remote attackers to execute arbitrary commands via a crafted request.
EIP-2026-102629 EXPLOITDB text WRITEUP
Kojoney 0.0.4.1 - 'urllib.urlopen()' Remote Denial of Service
CVE-2006-0522 EXPLOITDB WORKING POC
Symantec Sygate Management Server <= 4.1 build 1417 - SQL Injection via Authentication Servlet
SQL injection vulnerability in the Authentication Servlet in Symantec Sygate Management Server (SMS) version 4.1 build 1417 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via unknown attack vectors related to a URL.