kcope

26 exploits Active since Dec 2004
CVE-2010-0926 METASPLOIT ruby WORKING POC
Samba <3.3.11, <3.4.6, <3.5.0rc3 - Path Traversal
The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.
CVE-2012-6066 METASPLOIT ruby WORKING POC
freeSSHd < 1.2.6 - Unauthenticated Authentication Bypass via Crafted Session
freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
CVE-2009-1185 METASPLOIT ruby WORKING POC
udev < 141 - Privilege Escalation via Unverified NETLINK Message
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.
CVE-2006-2926 EXPLOITDB perl WORKING POC
Qbik WinGate 6.1.1.1077 - Buffer Overflow
Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request.
CVE-2005-4411 EXPLOITDB perl WORKING POC
Mercury Mail Transport System <4.01b - RCE
Buffer overflow in Mercury Mail Transport System 4.01b allows remote attackers to execute arbitrary code via a long request to TCP port 105.
CVE-2004-1892 EXPLOITDB perl WORKING POC
eMule 0.42d - Stack-based Buffer Overflow in DecodeBase16 Function
Stack-based buffer overflow in DecodeBase16 function, as used in the (1) IRC module and (2) web server in eMule 0.42d, allows remote attackers to execute arbitrary code via a long string.
CVE-2012-6066 EXPLOITDB ruby WORKING POC
freeSSHd < 1.2.6 - Unauthenticated Authentication Bypass via Crafted Session
freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
CVE-2006-3086 EXPLOITDB perl WORKING POC
Microsoft Hyperlink Object Library - Buffer Overflow
Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka "Hyperlink COM Object Buffer Overflow Vulnerability." NOTE: this is a different issue than CVE-2006-3059.
EIP-2026-114892 EXPLOITDB perl WORKING POC
Alt-N MDaemon 8.0 - IMAP Server CREATE Remote Buffer Overflow (PoC)
CVE-2006-2646 EXPLOITDB perl WORKING POC
MDaemon - Remote Code Execution via Long A0001 Argument
Buffer overflow in Alt-N MDaemon, possibly 9.0.1 and earlier, allows remote attackers to execute arbitrary code via a long A0001 argument that begins with a '"' (double quote).
CVE-2007-0634 EXPLOITDB c WORKING POC
Solaris 10 - Denial of Service via ICMP Packets
Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.
CVE-2007-0634 EXPLOITDB c WORKING POC
Solaris 10 - Denial of Service via ICMP Packets
Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.
CVE-2006-6652 EXPLOITDB perl WORKING POC
NetBSD-current <20050914 - NetBSD libc - RCE
Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before 20050914, NetBSD 2.* and 3.* before 20061203, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion.
CVE-2009-1955 EXPLOITDB HIGH perl WORKING POC
Apache APR-util < 1.3.7 - Denial of Service via XML Entity Expansion
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
CVSS 7.5
CVE-2005-3081 EXPLOITDB perl WORKING POC
wzdftpd 0.5.4 - Authenticated Remote Command Execution via SITE Command
wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the SITE command.
CVE-2006-2502 EXPLOITDB c WORKING POC
Cyrus IMAPD 2.3.2 - Stack-Based Buffer Overflow via Long USER Command
Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
CVE-2010-0926 EXPLOITDB text WORKING POC
Samba <3.3.11, <3.4.6, <3.5.0rc3 - Path Traversal
The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.
CVE-2005-3524 EXPLOITDB c WORKING POC
linux-ftpd-ssl 0.17 - Remote Code Execution via Long Directory Name XPWD Command
Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0.17 allows remote attackers to execute arbitrary code by creating a long directory name, then executing the XPWD command.
CVE-2005-1255 EXPLOITDB perl WORKING POC
Ipswitch IMail < 8.2 Hotfix 2 - Remote Code Execution via IMAP LOGIN Command
Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character.
CVE-2010-0926 EXPLOITDB ruby WORKING POC
Samba <3.3.11, <3.4.6, <3.5.0rc3 - Path Traversal
The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.
CVE-2009-1185 EXPLOITDB ruby WORKING POC
udev < 141 - Privilege Escalation via Unverified NETLINK Message
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.
CVE-2005-3098 EXPLOITDB bash WORKING POC
Qualcomm qpopper <4.0.8 - Privilege Escalation
poppassd in Qualcomm qpopper 4.0.8 allows local users to modify arbitrary files and gain privileges via the -t (trace file) command line argument.
CVE-2009-1185 EXPLOITDB bash WORKING POC
udev < 141 - Privilege Escalation via Unverified NETLINK Message
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.
EIP-2026-100685 EXPLOITDB c WORKING POC
FreeBSD 4.x / < 5.4 - 'master.passwd' Disclosure
CVE-2005-3098 EXPLOITDB bash WORKING POC
Qualcomm qpopper <4.0.8 - Privilege Escalation
poppassd in Qualcomm qpopper 4.0.8 allows local users to modify arbitrary files and gain privileges via the -t (trace file) command line argument.