kingcope

113 exploits Active since Dec 2004
CVE-2012-2336 EXPLOITDB c WORKING POC
PHP < 5.3.13 and 5.4.x < 5.4.3 - Denial of Service via Malformed CGI Query String
sapi/cgi/cgi_main.c in PHP before 5.3.13 and 5.4.x before 5.4.3, when configured as a CGI script (aka php-cgi), does not properly handle query strings that lack an = (equals sign) character, which allows remote attackers to cause a denial of service (resource consumption) by placing command-line options in the query string, related to lack of skipping a certain php_getopt for the 'T' case. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1823.
CVE-2013-4878 EXPLOITDB text WORKING POC
Parallels Plesk Panel <9.0.x, 9.2.x - RCE
The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823.
CVE-2007-5731 EXPLOITDB perl WORKING POC
Apache Jakarta Slide <= 2.1 - Authenticated Path Traversal via WebDAV Write Request
Absolute path traversal vulnerability in Apache Jakarta Slide 2.1 and earlier allows remote authenticated users to read arbitrary files via a WebDAV write request that specifies an entity with a SYSTEM tag, a related issue to CVE-2007-5461.
CVE-2010-2333 EXPLOITDB perl WORKING POC
LiteSpeed Web Server < 4.0.15 - Unauthenticated Source Code Disclosure via Null Byte and .txt Extension
LiteSpeed Technologies LiteSpeed Web Server 4.0.x before 4.0.15 allows remote attackers to read the source code of scripts via an HTTP request with a null byte followed by a .txt file extension.
CVE-2012-5615 EXPLOITDB perl SCANNER
Oracle MySQL <5.5.38 & MariaDB <5.5.28a - Info Disclosure
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
CVE-2009-3898 EXPLOITDB text WRITEUP
nginx <0.7.63, <0.8.17 - Path Traversal
Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method.
CVE-2011-0902 EXPLOITDB text WORKING POC
Sun Microsystems SunScreen Firewall <5.9 - RCE
Multiple untrusted search path vulnerabilities in the Java Service in Sun Microsystems SunScreen Firewall on SunOS 5.9 allow local users to execute arbitrary code via a modified (1) PATH or (2) LD_LIBRARY_PATH environment variable.
EIP-2026-103760 EXPLOITDB bash WORKING POC
(Tod Miller's) Sudo/SudoEdit 1.6.9p21/1.7.2p4 - Local Privilege Escalation
CVE-2008-1218 EXPLOITDB python WORKING POC
Dovecot <1.0.13, <1.1.rc3 - Command Injection
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delimiters that enable the skip_password_check field to be specified.
EIP-2026-103849 EXPLOITDB text SUSPICIOUS
Apache Tomcat - Account Scanner / 'PUT' Request Command Execution
CVE-2010-1132 EXPLOITDB text WORKING POC
SpamAssassin Milter Plugin <0.3.1 - RCE
The mlfi_envrcpt function in spamass-milter.cpp in SpamAssassin Milter Plugin 0.3.1, when using the expand option, allows remote attackers to execute arbitrary system commands via shell metacharacters in the RCPT TO field of an email message.
EIP-2026-103823 EXPLOITDB text WORKING POC
xscreensaver 5.01 - Arbitrary File Disclosure Symlink
EIP-2026-103816 EXPLOITDB bash WORKING POC
Sudo 1.6.9p18 - 'Defaults SetEnv' Local Privilege Escalation
EIP-2026-103766 EXPLOITDB text WRITEUP
BSD (Multiple Distributions) - 'setusercontext()' Multiple Vulnerabilities
CVE-2014-5329 EXPLOITDB HIGH perl WORKING POC
GIGAPOD OfficeHard <3.04.03, GIGAPOD 2010/3 <3.01.02 - DoS via Apache HTTP Request Handling
GIGAPOD file servers (Appliance model and Software model) provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests (CVE-2011-3192), which may lead to a denial-of-service (DoS) condition.
CVSS 7.5
EIP-2026-103591 EXPLOITDB text WORKING POC
MySQL 5.0.45 - (Authenticated) COM_CREATE_DB Format String (PoC)
CVE-2009-0696 EXPLOITDB c WORKING POC
ISC BIND 9.4-9.4.3-P2, 9.5-9.5.1-P2, 9.6-9.6.1 - Denial of Service via ANY Record in Dynamic Update
The dns_db_findrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service (assertion failure and daemon exit) via an ANY record in the prerequisite section of a crafted dynamic update message.
EIP-2026-103471 EXPLOITDB c WORKING POC
FreeBSD / OpenBSD - 'ftpd' Null Pointer Dereference Denial of Service
CVE-2009-1955 EXPLOITDB HIGH perl WORKING POC
Apache APR-util < 1.3.7 - Denial of Service via XML Entity Expansion
The expat XML parser in the apr_xml_* interface in xml/apr_xml.c in Apache APR-util before 1.3.7, as used in the mod_dav and mod_dav_svn modules in the Apache HTTP Server, allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document containing a large number of nested entity references, as demonstrated by a PROPFIND request, a similar issue to CVE-2003-1564.
CVSS 7.5
CVE-2013-2028 EXPLOITDB perl WORKING POC
nginx 1.3.9-1.4.0 - Remote Code Execution via Chunked Transfer-Encoding
The ngx_http_parse_chunked function in http/ngx_http_parse.c in nginx 1.3.9 through 1.4.0 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a chunked Transfer-Encoding request with a large chunk size, which triggers an integer signedness error and a stack-based buffer overflow.
CVE-2006-2502 EXPLOITDB c WORKING POC
Cyrus IMAPD 2.3.2 - Stack-Based Buffer Overflow via Long USER Command
Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
CVE-2005-3081 EXPLOITDB perl WORKING POC
wzdftpd 0.5.4 - Authenticated Remote Command Execution via SITE Command
wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the SITE command.
CVE-2010-0926 EXPLOITDB ruby WORKING POC
Samba <3.3.11, <3.4.6, <3.5.0rc3 - Path Traversal
The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.
CVE-2010-0926 EXPLOITDB text WORKING POC
Samba <3.3.11, <3.4.6, <3.5.0rc3 - Path Traversal
The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.
CVE-2010-4221 EXPLOITDB perl WORKING POC
ProFTPD - Stack-Based Buffer Overflow via TELNET IAC Escape Character
Multiple stack-based buffer overflows in the pr_netio_telnet_gets function in netio.c in ProFTPD before 1.3.3c allow remote attackers to execute arbitrary code via vectors involving a TELNET IAC escape character to a (1) FTP or (2) FTPS server.