kingcope

113 exploits Active since Dec 2004
CVE-2009-3023 EXPLOITDB ruby WORKING POC
Microsoft Internet Information Server 5.0-6.0 - Authenticated Remote Code Execution via FTP NLST Command Buffer Overflow
Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability."
CVE-2007-1658 EXPLOITDB text WORKING POC
Windows Vista - Remote Code Execution via Windows Mail Link Handling
Windows Mail in Microsoft Windows Vista might allow user-assisted remote attackers to execute certain programs via a link to a (1) local file or (2) UNC share pathname in which there is a directory with the same base name as an executable program at the same level, as demonstrated using C:/windows/system32/winrm (winrm.cmd) and migwiz (migwiz.exe).
CVE-2009-3023 EXPLOITDB perl WORKING POC
Microsoft Internet Information Server 5.0-6.0 - Authenticated Remote Code Execution via FTP NLST Command Buffer Overflow
Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability."
CVE-2009-1676 EXPLOITDB text WRITEUP
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-1535. Reason: This candidate is a duplicate of CVE-2009-1535. Notes: All CVE users should reference CVE-2009-1535 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2005-4411 EXPLOITDB perl WORKING POC
Mercury Mail Transport System <4.01b - RCE
Buffer overflow in Mercury Mail Transport System 4.01b allows remote attackers to execute arbitrary code via a long request to TCP port 105.
EIP-2026-118704 EXPLOITDB text WORKING POC
JBoss AS 2.0 - Remote Command Execution
EIP-2026-118768 EXPLOITDB text WORKING POC
MDaemon Mailer Daemon 11.0.1 - Remote File Disclosure
EIP-2026-118797 EXPLOITDB text WRITEUP
Microsoft IIS 6.0/7.5 (+ PHP) - Multiple Vulnerabilities
CVE-2012-6066 EXPLOITDB text WORKING POC
freeSSHd < 1.2.6 - Unauthenticated Authentication Bypass via Crafted Session
freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
CVE-2012-6066 EXPLOITDB text WRITEUP
freeSSHd < 1.2.6 - Unauthenticated Authentication Bypass via Crafted Session
freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
CVE-2009-0880 EXPLOITDB ruby WORKING POC
IBM Director < 5.20.3 - Remote Code Execution via CIM Server Path Traversal
Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request.
CVE-2004-1892 EXPLOITDB perl WORKING POC
eMule 0.42d - Stack-based Buffer Overflow in DecodeBase16 Function
Stack-based buffer overflow in DecodeBase16 function, as used in the (1) IRC module and (2) web server in eMule 0.42d, allows remote attackers to execute arbitrary code via a long string.
CVE-2009-0880 EXPLOITDB text WORKING POC
IBM Director < 5.20.3 - Remote Code Execution via CIM Server Path Traversal
Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request.
CVE-2008-3257 EXPLOITDB perl WORKING POC
Oracle WebLogic Server <10.3 - Buffer Overflow
Stack-based buffer overflow in the Apache Connector (mod_wl) in Oracle WebLogic Server (formerly BEA WebLogic Server) 10.3 and earlier allows remote attackers to execute arbitrary code via a long HTTP version string, as demonstrated by a string after "POST /.jsp" in an HTTP request.
EIP-2026-115664 EXPLOITDB perl WORKING POC
Microsoft IIS 6.0 - '/AUX / '.aspx' Remote Denial of Service
CVE-2010-1899 EXPLOITDB text WORKING POC
Internet Information Services 5.1-7.5 - Denial of Service via Crafted ASP Request
Stack consumption vulnerability in the ASP implementation in Microsoft Internet Information Services (IIS) 5.1, 6.0, 7.0, and 7.5 allows remote attackers to cause a denial of service (daemon outage) via a crafted request, related to asp.dll, aka "IIS Repeated Parameter Request Denial of Service Vulnerability."
CVE-2006-3086 EXPLOITDB perl WORKING POC
Microsoft Hyperlink Object Library - Buffer Overflow
Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated using an Excel worksheet with a long link in Unicode, aka "Hyperlink COM Object Buffer Overflow Vulnerability." NOTE: this is a different issue than CVE-2006-3059.
CVE-2009-2521 EXPLOITDB text WORKING POC
Microsoft Internet Information Services 5.0-7.0 - Authenticated Denial of Service via FTP List Command
Stack consumption vulnerability in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 7.0 allows remote authenticated users to cause a denial of service (daemon crash) via a list (ls) -R command containing a wildcard that references a subdirectory, followed by a .. (dot dot), aka "IIS FTP Service DoS Vulnerability."
CVE-2007-0634 EXPLOITDB c WORKING POC
Solaris 10 - Denial of Service via ICMP Packets
Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.
CVE-2008-1480 EXPLOITDB c WORKING POC
Solaris 10 - Denial of Service via Malformed RPC Request
rpc.metad in Sun Solaris 10 allows remote attackers to cause a denial of service (daemon crash) via a malformed RPC request.
CVE-2007-0882 EXPLOITDB bash WORKING POC
Solaris 10 and 11 - Unauthenticated Argument Injection in telnetd via -f Sequence
Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows remote attackers to log into certain accounts, as demonstrated by the bin account.
CVE-2012-5975 EXPLOITDB ruby WORKING POC
SSH Tectia Server 6.0.4-6.3.2 - Authentication Bypass via Blank Password
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.
EIP-2026-114742 EXPLOITDB text SUSPICIOUS
Sun Solaris 10 - 'rpc.ypupdated' Remote Code Execution
CVE-2009-0304 EXPLOITDB c WORKING POC
Sun Solaris 10-11 & OpenSolaris - DoS
The kernel in Sun Solaris 10 and 11 snv_101b, and OpenSolaris before snv_108, allows remote attackers to cause a denial of service (system crash) via a crafted IPv6 packet, related to an "insufficient validation security vulnerability," as demonstrated by SunOSipv6.c.
CVE-2008-4556 EXPLOITDB perl WORKING POC
Sun Solaris 8 and 9 - Stack-Based Buffer Overflow in adm_build_path Function
Stack-based buffer overflow in the adm_build_path function in sadmind in Sun Solstice AdminSuite on Solaris 8 and 9 allows remote attackers to execute arbitrary code via a crafted request.