kaveh razavi

10 exploits Active since May 2005
CVE-2006-5961 EXPLOITDB c WORKING POC
Mercury Mail Transport System 4.01b - Buffer Overflow
Buffer overflow in Mercury Mail Transport System 4.01b for Windows has unknown impact and attack vectors, as originally reported in a GLEG VulnDisco pack. NOTE: the provenance of this information is unknown; the details are obtained from third party information. The original researcher is reliable.
CVE-2021-42114 WRITEUP CRITICAL WORKING POC
Samsung DDR4 SDRAM Firmware - Rowhammer Bit Flip via Non-Uniform Access Patterns
Modern DRAM devices (PC-DDR4, LPDDR4X) are affected by a vulnerability in their internal Target Row Refresh (TRR) mitigation against Rowhammer attacks. Novel non-uniform Rowhammer access patterns, consisting of aggressors with different frequencies, phases, and amplitudes allow triggering bit flips on affected memory modules using our Blacksmith fuzzer. The patterns generated by Blacksmith were able to trigger bitflips on all 40 PC-DDR4 DRAM devices in our test pool, which cover the three major DRAM manufacturers: Samsung, SK Hynix, and Micron. This means that, even when chips advertised as Rowhammer-free are used, attackers may still be able to exploit Rowhammer. For example, this enables privilege-escalation attacks against the kernel or binaries such as the sudo binary, and also triggering bit flips in RSA-2048 keys (e.g., SSH keys) to gain cross-tenant virtual-machine access. We can confirm that DRAM devices acquired in July 2020 with DRAM chips from all three major DRAM vendors (Samsung, SK Hynix, Micron) are affected by this vulnerability. For more details, please refer to our publication.
CVSS 9.0
CVE-2005-1173 EXPLOITDB c WORKING POC
PMSoftware Simple Web Server 1.0 - RCE
Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote attackers to execute arbitrary code via a long GET request.
CVE-2007-1373 EXPLOITDB c WORKING POC
Mercury Mail Transport System < 4.01b - Remote Code Execution via Long LOGIN Command
Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961.
CVE-2005-0634 EXPLOITDB c WORKING POC
Golden FTP Server 1.92 - Remote Code Execution via Long USER Command
Buffer overflow in Golden FTP Server 1.92 allows remote attackers to execute arbitrary code via a long USER command.
CVE-2005-0277 EXPLOITDB c WORKING POC
3Com 3CDaemon 2.0 revision 10 - Buffer Overflow via Long FTP Command Argument
Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via (1) a long username in the USER command or (2) an FTP command that contains a long argument, such as cd, send, or ls.
CVE-2005-4620 EXPLOITDB c WORKING POC
WinRAR 3.50 - Local Buffer Overflow via Long Command-Line Argument
Buffer overflow in WinRAR 3.50 and earlier allows local users to execute arbitrary code via a long command-line argument. NOTE: because this program executes with the privileges of the invoking user, and because remote programs do not normally have the ability to specify a command-line argument for this program, there may not be a typical attack vector for the issue that crosses privilege boundaries. Therefore this may not be a vulnerability.
CVE-2005-2210 EXPLOITDB c WORKING POC
Internet Download Manager 4.05 - Stack-based Buffer Overflow via Long URL
Stack-based buffer overflow in Internet Download Manager 4.05 allows remote attackers to execute arbitrary code via a long URL.
EIP-2026-104634 EXPLOITDB c WORKING POC
iWebNegar 1.1 - Configuration Nullification Denial of Service
CVE-2006-2022 EXPLOITDB c WORKING POC
Fenice < 1.10 - Remote Code Execution via RTSP URL Parsing Buffer Overflow
Buffer overflow in the parse_url function in the RTSP module (rtsp/parse_url.c) in Fenice 1.10 and earlier allows remote attackers to execute arbitrary code via a long URL.