kingcope

113 exploits Active since Dec 2004
CVE-2012-5627 EXPLOITDB perl WORKING POC
Oracle MySQL 5.5.0-5.5.28 & MariaDB 5.2.0-5.2.13 - Brute Force via Insufficient Salt Rotation
Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the change_user command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks.
CVE-2005-3524 EXPLOITDB c WORKING POC
linux-ftpd-ssl 0.17 - Remote Code Execution via Long Directory Name XPWD Command
Buffer overflow in the SSL-ready version of linux-ftpd (linux-ftpd-ssl) 0.17 allows remote attackers to execute arbitrary code by creating a long directory name, then executing the XPWD command.
CVE-2005-1255 EXPLOITDB perl WORKING POC
Ipswitch IMail < 8.2 Hotfix 2 - Remote Code Execution via IMAP LOGIN Command
Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 and 8.13 in Ipswitch Collaboration Suite (ICS), and other versions before IMail Server 8.2 Hotfix 2, allow remote attackers to execute arbitrary code via a LOGIN command with (1) a long username argument or (2) a long username argument that begins with a special character.
EIP-2026-103120 EXPLOITDB perl WORKING POC
GNU InetUtils ftpd 1.4.2 - 'ld.so.preload' Remote Code Execution
CVE-2010-4344 EXPLOITDB CRITICAL perl WORKING POC
Exim < 4.70 - Remote Code Execution via Crafted SMTP Headers
Heap-based buffer overflow in the string_vformat function in string.c in Exim before 4.70 allows remote attackers to execute arbitrary code via an SMTP session that includes two MAIL commands in conjunction with a large message containing crafted headers, leading to improper rejection logging.
CVSS 9.8
CVE-2008-3234 EXPLOITDB text WRITEUP
OpenSSH - Authenticated SELinux Role Bypass via Username Suffix
sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
EIP-2026-103065 EXPLOITDB text WRITEUP
Apache suEXEC - Information Disclosure / Privilege Escalation
CVE-2012-5613 EXPLOITDB perl WORKING POC
MySQL <5.5.19 & MariaDB <5.5.28a - Privilege Escalation
MySQL 5.5.19 and possibly other versions, and MariaDB 5.5.28a and possibly other versions, when configured to assign the FILE privilege to users who should not have administrative privileges, allows remote authenticated users to gain privileges by leveraging the FILE privilege to create files as the MySQL administrator. NOTE: the vendor disputes this issue, stating that this is only a vulnerability when the administrator does not follow recommendations in the product's installation documentation. NOTE: it could be argued that this should not be included in CVE because it is a configuration issue.
CVE-2012-5975 EXPLOITDB text WRITEUP
SSH Tectia Server 6.0.4-6.3.2 - Authentication Bypass via Blank Password
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.
CVE-2005-3098 EXPLOITDB bash WORKING POC
Qualcomm qpopper <4.0.8 - Privilege Escalation
poppassd in Qualcomm qpopper 4.0.8 allows local users to modify arbitrary files and gain privileges via the -t (trace file) command line argument.
CVE-2009-1185 EXPLOITDB bash WORKING POC
udev < 141 - Privilege Escalation via Unverified NETLINK Message
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.
CVE-2013-0238 EXPLOITDB perl WORKING POC
ircd-hybrid < 8.0.6 - Denial of Service via Negative Mask Parsing
The try_parse_v4_netmask function in hostmask.c in IRCD-Hybrid before 8.0.6 does not properly validate masks, which allows remote attackers to cause a denial of service (crash) via a mask that causes a negative number to be parsed.
CVE-2013-4123 EXPLOITDB perl WORKING POC
Squid 3.2.x-3.2.12 and 3.3.x-3.3.7 - Denial of Service via HTTP Host Header Port Number
client_side_request.cc in Squid 3.2.x before 3.2.13 and 3.3.x before 3.3.8 allows remote attackers to cause a denial of service via a crafted port number in a HTTP Host header.
EIP-2026-102722 EXPLOITDB perl WORKING POC
Pure-FTPd 1.0.21 (CentOS 6.2 / Ubuntu 8.04) - Null Pointer Dereference Crash (PoC)
CVE-2011-1137 EXPLOITDB text WORKING POC
ProFTPD < 1.3.3d - Denial of Service via Malformed SSH Message
Integer overflow in the mod_sftp (aka SFTP) module in ProFTPD 1.3.3d and earlier allows remote attackers to cause a denial of service (memory consumption leading to OOM kill) via a malformed SSH message.
CVE-2009-2446 EXPLOITDB c WORKING POC
MySQL 4.0.0-5.0.83 - Authenticated Denial of Service via Format String in Database Name
Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other impact via format string specifiers in a database name in a (1) COM_CREATE_DB or (2) COM_DROP_DB request. NOTE: some of these details are obtained from third party information.
CVE-2012-5614 EXPLOITDB text WORKING POC
Oracle MySQL <5.1.67 & <5.5.29 - DoS
Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.
CVE-2012-5611 EXPLOITDB perl WORKING POC
Oracle MySQL <5.5.28 & MariaDB <5.5.28a - RCE
Stack-based buffer overflow in the acl_get function in Oracle MySQL 5.5.19 and other versions through 5.5.28, and 5.1.53 and other versions through 5.1.66, and MariaDB 5.5.2.x before 5.5.28a, 5.3.x before 5.3.11, 5.2.x before 5.2.13 and 5.1.x before 5.1.66, allows remote authenticated users to execute arbitrary code via a long argument to the GRANT FILE command.
CVE-2012-5612 EXPLOITDB perl WORKING POC
Oracle MySQL <5.5.29 - Buffer Overflow
Heap-based buffer overflow in Oracle MySQL 5.5.19 and other versions through 5.5.28, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code, as demonstrated using certain variations of the (1) USE, (2) SHOW TABLES, (3) DESCRIBE, (4) SHOW FIELDS FROM, (5) SHOW COLUMNS FROM, (6) SHOW INDEX FROM, (7) CREATE TABLE, (8) DROP TABLE, (9) ALTER TABLE, (10) DELETE FROM, (11) UPDATE, and (12) SET PASSWORD commands.
CVE-2012-0207 EXPLOITDB HIGH c WORKING POC
Linux Kernel < 3.2.1 - Denial of Service via IGMP Packet Divide-By-Zero
The igmp_heard_query function in net/ipv4/igmp.c in the Linux kernel before 3.2.1 allows remote attackers to cause a denial of service (divide-by-zero error and panic) via IGMP packets.
CVSS 7.5
CVE-2010-0738 EXPLOITDB MEDIUM perl WORKING POC
JBoss JMX Console Deployer Upload and Execute
The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JBoss EAP or JBEAP) 4.2 before 4.2.0.CP09 and 4.3 before 4.3.0.CP08 performs access control only for the GET and POST methods, which allows remote attackers to send requests to this application's GET handler by using a different method.
CVSS 5.3
EIP-2026-101355 EXPLOITDB text WRITEUP
MikroTik RouterOS - sshd (ROSSSH) Remote Heap Corruption
EIP-2026-100956 EXPLOITDB c WORKING POC
FreeBSD 5.4-RELEASE ftpd 6.00LS - 'sendfile' Memory Leak
EIP-2026-100968 EXPLOITDB text WORKING POC
NcFTPd 2.8.5 - Remote Jail Breakout
EIP-2026-100967 EXPLOITDB perl WORKING POC
Litespeed Web Server 4.0.17 with PHP (FreeBSD) - Remote Overflow