Paul Starzetz

15 exploits Active since Jul 2001
CVE-2001-1055 EXPLOITDB text WRITEUP
Windows 98 and 98SE - Denial of Service via Malformed ARP Request Flood
The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke.
EIP-2026-114771 EXPLOITDB bash WORKING POC
ntop 1.x - i Local Format String
CVE-2003-0961 EXPLOITDB c WORKING POC
Linux kernel <2.4.22 - Privilege Escalation
Integer overflow in the do_brk function for the brk system call in Linux kernel 2.4.22 and earlier allows local users to gain root privileges.
CVE-2004-0415 EXPLOITDB c WORKING POC
Linux Kernel - Unauthenticated Memory Exposure via 64-bit File Offset Pointer Conversion
Linux kernel does not properly convert 64-bit file offset pointers to 32 bits, which allows local users to access portions of kernel memory.
CVE-2004-1073 EXPLOITDB c WORKING POC
Linux kernel <2.6.8 - Code Injection
The open_exec function in the execve functionality (exec.c) in Linux kernel 2.4.x up to 2.4.27, and 2.6.x up to 2.6.8, allows local users to read non-readable ELF binaries by using the interpreter (PT_INTERP) functionality.
CVE-2004-1235 EXPLOITDB c WORKING POC
Linux kernel <2.6.11 - RCE
Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.
CVE-2001-0610 EXPLOITDB text WORKING POC
KDE 1.x - Symlink Attack in kfm Cache Directory
kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp.
CVE-2002-0525 EXPLOITDB text WRITEUP
INN <= 2.2.3 - Format String Vulnerability via NNTP Response
Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses.
CVE-2004-0077 EXPLOITDB c WORKING POC
Linux <2.2.25, <2.4.24, <2.6.2 - Privilege Escalation
The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985.
CVE-2004-1235 EXPLOITDB c WORKING POC
Linux kernel <2.6.11 - RCE
Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.
CVE-2003-0985 EXPLOITDB c WORKING POC
Linux kernel 2.4.x < 2.4.21 - Denial of Service and Privilege Escalation via mremap Bounds Check Bypass
The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077.
CVE-2004-1016 EXPLOITDB c WORKING POC
Linux Kernel 2.4.x-2.4.28 and 2.6.x-2.6.9 - Denial of Service via scm_send Deadlock
The scm_send function in the scm layer for Linux kernel 2.4.x up to 2.4.28, and 2.6.x up to 2.6.9, allows local users to cause a denial of service (system hang) via crafted auxiliary messages that are passed to the sendmsg function, which causes a deadlock condition.
CVE-2005-1263 EXPLOITDB bash WORKING POC
Linux kernel <2.6.12-rc4 - Code Injection
The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that, in certain conditions involving the create_elf_tables function, causes a negative length argument to pass a signed integer comparison, leading to a buffer overflow.
EIP-2026-102647 EXPLOITDB c WORKING POC
Linux Kernel 2.4.18/2.4.19 - Privileged File Descriptor Resource Exhaustion (Denial of Service)
CVE-2004-1137 EXPLOITDB c WORKING POC
Linux kernel 2.4.22-2.4.28 and 2.6.x-2.6.9 - Denial of Service and Remote Code Execution via IGMP Functionality
Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read.