mu-b

65 exploits Active since Jun 2001
CVE-2007-5466 EXPLOITDB perl WORKING POC
eXtremail <= 2.1.1 - Remote Code Execution via IMAP Buffer Overflow
Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote attackers to (1) have an unknown impact by sending multiple long strings to the IMAP port (143/tcp); (2) execute arbitrary code via a long string in an IMAP AUTHENTICATE PLAIN action, involving the ifParseAuthPlain function; (3) execute arbitrary code via a long LOGIN command to the admin interface port (4501/tcp); or (4) execute arbitrary code via a long string in an IMAP AUTHENTICATE LOGIN (aka CRAM-MD5 authentication) action, involving the ifProcImapAuth1 function.
CVE-2007-5466 EXPLOITDB c WORKING POC
eXtremail <= 2.1.1 - Remote Code Execution via IMAP Buffer Overflow
Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote attackers to (1) have an unknown impact by sending multiple long strings to the IMAP port (143/tcp); (2) execute arbitrary code via a long string in an IMAP AUTHENTICATE PLAIN action, involving the ifParseAuthPlain function; (3) execute arbitrary code via a long LOGIN command to the admin interface port (4501/tcp); or (4) execute arbitrary code via a long string in an IMAP AUTHENTICATE LOGIN (aka CRAM-MD5 authentication) action, involving the ifProcImapAuth1 function.
CVE-2007-5466 EXPLOITDB c WORKING POC
eXtremail <= 2.1.1 - Remote Code Execution via IMAP Buffer Overflow
Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote attackers to (1) have an unknown impact by sending multiple long strings to the IMAP port (143/tcp); (2) execute arbitrary code via a long string in an IMAP AUTHENTICATE PLAIN action, involving the ifParseAuthPlain function; (3) execute arbitrary code via a long LOGIN command to the admin interface port (4501/tcp); or (4) execute arbitrary code via a long string in an IMAP AUTHENTICATE LOGIN (aka CRAM-MD5 authentication) action, involving the ifProcImapAuth1 function.
CVE-2007-1373 METASPLOIT ruby WORKING POC
Mercury Mail Transport System < 4.01b - Remote Code Execution via Long LOGIN Command
Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961.
CVE-2007-1578 EXPLOITDB perl WORKING POC
Atrium MERCUR IMAPD 5.00.14 SP4 - Remote Code Execution via NTLMSSP Argument
Multiple integer signedness errors in the NTLM implementation in Atrium MERCUR IMAPD (mcrimap4.exe) 5.00.14, with SP4, allow remote attackers to execute arbitrary code via a long NTLMSSP argument that triggers a stack-based buffer overflow.
CVE-2006-6423 EXPLOITDB perl WORKING POC
MailEnable Professional and Enterprise Edition 1.1-2.35 - Stack-Based Buffer Overflow via IMAP Service
Stack-based buffer overflow in the IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.35, Professional Edition 1.6 through 1.84, and Enterprise Edition 1.1 through 1.41 allows remote attackers to execute arbitrary code via a pre-authentication command followed by a crafted parameter and a long string, as addressed by the ME-10025 hotfix.
CVE-2006-6423 EXPLOITDB perl WORKING POC
MailEnable Professional and Enterprise Edition 1.1-2.35 - Stack-Based Buffer Overflow via IMAP Service
Stack-based buffer overflow in the IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.35, Professional Edition 1.6 through 1.84, and Enterprise Edition 1.1 through 1.41 allows remote attackers to execute arbitrary code via a pre-authentication command followed by a crafted parameter and a long string, as addressed by the ME-10025 hotfix.
CVE-2007-1301 EXPLOITDB perl WORKING POC
MailEnable Enterprise and Professional Editions - Authenticated Stack-Based Buffer Overflow via IMAP APPEND Command
Stack-based buffer overflow in the IMAP service in MailEnable Enterprise and Professional Editions 2.37 and earlier allows remote authenticated users to execute arbitrary code via a long argument to the APPEND command. NOTE: this is probably different than CVE-2006-6423.
EIP-2026-117887 EXPLOITDB c WORKING POC
SafeGuard PrivateDisk 2.0/2.3 - 'privatediskm.sys' Multiple Local Security Bypass Vulnerabilities
CVE-2008-0573 EXPLOITDB c WORKING POC
SafeNET IPSecDrv.sys 10.4.0.12 - Privilege Escalation via Crafted IOCTL Request
IPSecDrv.sys 10.4.0.12 in SafeNET HighAssurance Remote and SoftRemote allows local users to gain privileges via a crafted IPSECDRV_IOCTL IOCTL request.
CVE-2009-2227 EXPLOITDB c WORKING POC
B Labs Bopup Comm Server <3.2.26.5460 - Buffer Overflow
Stack-based buffer overflow in B Labs Bopup Communication Server 3.2.26.5460 allows remote attackers to execute arbitrary code via a crafted request to TCP port 19810.
EIP-2026-117683 EXPLOITDB c WORKING POC
NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit
CVE-2011-0513 EXPLOITDB c WORKING POC
SecurStar DriveCrypt <= 5.4 - Local Privilege Escalation via DCR.sys IOCTL 0x00073800
DCR.sys driver in SecurStar DriveCrypt 5.4, 5.3, and earlier allows local users to execute arbitrary code via a crafted argument to the 0x00073800 IOCTL.
CVE-2008-5121 EXPLOITDB c WORKING POC
Citrix Deterministic Network Enhancer 2.21.7.233-3.21.7.17464 Privilege Escalation via DNE_IOCTL
dne2000.sys in Citrix Deterministic Network Enhancer (DNE) 2.21.7.233 through 3.21.7.17464, as used in (1) Cisco VPN Client, (2) Blue Coat WinProxy, and (3) SafeNet SoftRemote and HighAssurance Remote, allows local users to gain privileges via a crafted DNE_IOCTL DeviceIoControl request to the \\.\DNE device interface.
CVE-2008-1140 EXPLOITDB c WORKING POC
DLMFDISK.sys 1.2.0.27 - Privilege Escalation
DLMFDISK.sys 1.2.0.27 in DESlock+ 3.2.6 and earlier allows local users to gain privileges via a certain DLKFDISK_IOCTL request to \\.\DLKFDisk_Control that overwrites a data structure associated with a mounted pseudo-filesystem, aka the "ring0 SYSTEM" vulnerability.
CVE-2008-1141 EXPLOITDB c WORKING POC
DESlock+ < 3.2.6 - Denial of Service via DLMFENC_IOCTL Requests
Memory leak in DLMFENC.sys 1.0.0.26 in DESlock+ 3.2.6 and earlier allows local users to cause a denial of service (kernel memory consumption) via a series of DLMFENC_IOCTL requests to \\.\DLKPFSD_Device that allocate "link list structures."
CVE-2009-4832 EXPLOITDB c WORKING POC
DESlock+ 4.0.2 - Local Privilege Escalation via IOCTL 0x80012010 Request
The dlpcrypt.sys kernel driver 0.1.1.27 in DESlock+ 4.0.2 allows local users to gain privileges via a crafted IOCTL 0x80012010 request to the DLPCryptCore device.
CVE-2008-1139 EXPLOITDB c WORKING POC
DESlock+ <3.2.6 - Privilege Escalation
DESlock+ 3.2.6 and earlier, when DLMFENC.sys 1.0.0.26 and DLMFDISK.sys 1.2.0.27 are present, allows local users to gain privileges via a certain DLMFENC_IOCTL request to \\.\DLKPFSD_Device that overwrites a pointer, aka the "ring0 link list zero SYSTEM" vulnerability.
EIP-2026-117029 EXPLOITDB c WORKING POC
DESlock+ < 4.1.10 - 'vdlptokn.sys' Local Kernel Ring0 SYSTEM
EIP-2026-116850 EXPLOITDB c WORKING POC
Authentium SafeCentral 2.6 - 'shdrv.sys' Local Kernel Ring0 SYSTEM
CVE-2007-3157 EXPLOITDB c WORKING POC
SafeNET High Assurance Remote and SoftRemote - Denial of Service via Invalid IPv6 IPSec Packet
IPSecDrv.sys 10.4.0.12 in SafeNET High Assurance Remote 1.4.0 Build 12, and SoftRemote, allows remote attackers to cause a denial of service (infinite loop and system hang) via an invalid packet with certain bytes in an option header, possibly related to the IPv6 support for IPSec.
CVE-2006-5177 EXPLOITDB perl WORKING POC
MailEnable Professional/E 2.0 - RCE/DoS
The NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to (1) execute arbitrary code via unspecified vectors involving crafted base64 encoded NTLM Type 3 messages, or (2) cause a denial of service via crafted base64 encoded NTLM Type 1 messages, which trigger a buffer over-read.
CVE-2007-1373 EXPLOITDB perl WORKING POC
Mercury Mail Transport System < 4.01b - Remote Code Execution via Long LOGIN Command
Stack-based buffer overflow in Mercury/32 (aka Mercury Mail Transport System) 4.01b and earlier allows remote attackers to execute arbitrary code via a long LOGIN command. NOTE: this might be the same issue as CVE-2006-5961.
CVE-2007-0955 EXPLOITDB perl WORKING POC
MailEnable Professional <2.35 - DoS
The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professional 2.35 and earlier allows remote attackers to cause a denial of service (application crash) via certain base64-encoded data following an AUTHENTICATE NTLM command to the imap port (143/tcp), which results in an out-of-bounds read.
CVE-2007-0955 EXPLOITDB perl WORKING POC
MailEnable Professional <2.35 - DoS
The NTLM_UnPack_Type3 function in MENTLM.dll in MailEnable Professional 2.35 and earlier allows remote attackers to cause a denial of service (application crash) via certain base64-encoded data following an AUTHENTICATE NTLM command to the imap port (143/tcp), which results in an out-of-bounds read.