RoMaNSoFt

10 exploits Active since Dec 1996
CVE-2007-5365 EXPLOITDB text WRITEUP
Debian Linux - Memory Corruption
Stack-based buffer overflow in the cons_options function in options.c in dhcpd in OpenBSD 4.0 through 4.2, and some other dhcpd implementations based on ISC dhcp-2, allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a DHCP request specifying a maximum message size smaller than the minimum IP MTU.
CVE-2003-0109 EXPLOITDB c WORKING POC
Windows 2000 - Remote Code Execution via WebDAV Request
Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
CVE-2005-1983 EXPLOITDB c WORKING POC
Microsoft Windows 2000 and XP SP1 - Stack-Based Buffer Overflow in Plug and Play Service
Stack-based buffer overflow in the Plug and Play (PnP) service for Microsoft Windows 2000 and Windows XP Service Pack 1 allows remote attackers to execute arbitrary code via a crafted packet, and local users to gain privileges via a malicious application, as exploited by the Zotob (aka Mytob) worm.
EIP-2026-113059 EXPLOITDB html WORKING POC
VHCS 2.4.7.1 - Add User Authentication Bypass
CVE-2006-0685 EXPLOITDB html WORKING POC
Virtual Hosting Control System <2.4.7.1 - Privilege Escalation
The check_login function in login.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access.
CVE-2008-5010 EXPLOITDB text WRITEUP
OpenSolaris < snv_103 - Denial of Service via DHCP Request Handling
in.dhcpd in the DHCP implementation in Sun Solaris 8 through 10, and OpenSolaris before snv_103, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via unknown DHCP requests related to the "number of offers," aka Bug ID 6713805.
CVE-1999-0101 EXPLOITDB bash WORKING POC
IBM AIX - Buffer Overflow in gethostbyname via Corrupt DNS Host Names
Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names.
CVE-2006-2451 EXPLOITDB c WORKING POC
Linux Kernel 2.6.13-2.6.17.3 & 2.6.16-2.6.16.23 - DoS & Privilege Escalation via suid_dumpable
The suid_dumpable support in Linux kernel 2.6.13 up to versions before 2.6.17.4, and 2.6.16 before 2.6.16.24, allows a local user to cause a denial of service (disk consumption) and possibly gain privileges via the PR_SET_DUMPABLE argument of the prctl function and a program that causes a core dump file to be created in a directory for which the user does not have permissions.
CVE-2008-2936 EXPLOITDB bash WORKING POC
Postfix < 2.3.15, 2.4 < 2.4.8, 2.5 < 2.5.4, 2.6 < 2.6-20080814 - Arbitrary File Write via Hard Link to Symlink
Postfix before 2.3.15, 2.4 before 2.4.8, 2.5 before 2.5.4, and 2.6 before 2.6-20080814, when the operating system supports hard links to symlinks, allows local users to append e-mail messages to a file to which a root-owned symlink points, by creating a hard link to this symlink and then sending a message. NOTE: this can be leveraged to gain privileges if there is a symlink to an init script.
CVE-2004-1037 EXPLOITDB perl WORKING POC
TWiki 20030201 - Remote Code Execution via Search Function Shell Metacharacters
The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string.