RoMaNSoFt

10 exploits Active since Dec 1996
CVE-2007-5365 EXPLOITDB text WRITEUP
Debian Linux - Memory Corruption
Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.
CVE-2003-0109 EXPLOITDB c WORKING POC
Microsoft Windows 2000 - Buffer Overflow
Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
CVE-2005-1983 EXPLOITDB c WORKING POC
Microsoft Windows 2000 - Buffer Overflow
Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
EIP-2026-113059 EXPLOITDB html WORKING POC
VHCS 2.4.7.1 - Add User Authentication Bypass
CVE-2006-0685 EXPLOITDB html WORKING POC
Virtual Hosting Control System <2.4.7.1 - Privilege Escalation
The check_login function in login.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access.
CVE-2008-5010 EXPLOITDB text WRITEUP
SUN Opensolaris < snv_102 - Denial of Service
in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown DHCP requests related to the "number of offers," aka Bug ID 6713805.
CVE-1999-0101 EXPLOITDB bash WORKING POC
IBM Aix - Buffer Overflow
Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names.
CVE-2006-2451 EXPLOITDB c WORKING POC
Linux Kernel - Resource Management Error
The suid_dumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of service (disk consumption) and possibly gain privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions.
CVE-2008-2936 EXPLOITDB bash WORKING POC
Postfix - Access Control
Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script.
CVE-2004-1037 EXPLOITDB perl WORKING POC
TWiki 20030201 - Command Injection
The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string.