qaaz

18 exploits Active since Oct 2005
CVE-2008-0009 EXPLOITDB c WORKING POC
Linux kernel <2.6.25 - Memory Corruption
The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.
CVE-2008-0009 EXPLOITDB c WORKING POC
Linux kernel <2.6.25 - Memory Corruption
The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.
CVE-2008-0010 EXPLOITDB c WORKING POC
Linux kernel <2.6.25 - Info Disclosure
The copy_from_user_mmap_sem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations.
CVE-2007-5225 EXPLOITDB c WORKING POC
SunOS 8-10 - Unauthenticated Memory Read via FIFO I_PEEK ioctl
Integer signedness error in FIFO filesystems (named pipes) on Sun Solaris 8 through 10 allows local users to read the contents of unspecified memory locations via a negative maximum length value to the I_PEEK ioctl.
CVE-2008-0310 EXPLOITDB bash WORKING POC
SCO UnixWare 7.1.4 - Local Path Traversal via PKGINST Environment Variable
Directory traversal vulnerability in pkgadd in SCO UnixWare 7.1.4 before p534589 allows local users to create or append to arbitrary files via ".." sequences in an unspecified environment variable, probably PKGINST.
CVE-2008-0010 EXPLOITDB c WORKING POC
Linux kernel <2.6.25 - Info Disclosure
The copy_from_user_mmap_sem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations.
CVE-2008-6559 EXPLOITDB c WORKING POC
SCO ReliantHA 1.1.4 - Local Privilege Escalation via mcd -d Argument
Merge mcd in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges via a crafted -d argument that contains .. (dot dot) sequences that point to a directory containing a file whose name includes shell metacharacters.
CVE-2008-1343 EXPLOITDB bash WORKING POC
SCO UnixWare 7.1.4 - Path Traversal
Directory traversal vulnerability in (1) pkgadd and (2) pkgrm in SCO UnixWare 7.1.4 allows local users to gain privileges via unknown vectors.
CVE-2008-6558 EXPLOITDB c WORKING POC
SCO UnixWare 7.1.4 ReliantHA - Privilege Escalation via RELIANT_PATH Environment Variable
Untrusted search path vulnerability in (1) hvdisp and (2) rcvm in ReliantHA 1.1.4 in SCO UnixWare 7.1.4 allows local users to gain root privileges by modifying the RELIANT_PATH environment variable to point to a malicious bin/hvenv program.
EIP-2026-114726 EXPLOITDB c WORKING POC
Solaris 10 (SPARC/x86) - sysinfo Kernel Memory Disclosure
CVE-2007-0752 EXPLOITDB text WORKING POC
Apple Mac OS X 10.4.8 - Privilege Escalation
The PPP daemon (pppd) in Apple Mac OS X 10.4.8 checks ownership of the stdin file descriptor to determine if the invoker has sufficient privileges, which allows local users to load arbitrary plugins and gain root privileges by bypassing this check.
CVE-2008-0600 EXPLOITDB c WORKING POC
Linux Kernel 2.6.17-2.6.24.1 - Local Privilege Escalation via vmsplice_to_pipe Pointer Dereference
The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010.
CVE-2005-2943 EXPLOITDB c WORKING POC
XMail - Stack-based Buffer Overflow via Long -t Command Line Option
Stack-based buffer overflow in sendmail in XMail before 1.22 allows remote attackers to execute arbitrary code via a long -t command line option.
CVE-2008-0600 EXPLOITDB c WORKING POC
Linux Kernel 2.6.17-2.6.24.1 - Local Privilege Escalation via vmsplice_to_pipe Pointer Dereference
The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vulnerability than CVE-2008-0009 and CVE-2008-0010.
CVE-2007-3333 EXPLOITDB c WORKING POC
IBM AIX 5.2.0 and 5.3 SP6 - Remote Code Execution via Terminal Control Sequence Overflow
Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 allows remote attackers to execute arbitrary code via a large number of terminal control sequences.
CVE-2007-4003 EXPLOITDB bash WORKING POC
IBM AIX 5.3 SP6 - Local Arbitrary Code Execution via pioout ParseRoutine Argument
pioout in IBM AIX 5.3 SP6 allows local users to execute arbitrary code by specifying a malicious library with the -R (ParseRoutine) command line argument.
CVE-2007-4004 EXPLOITDB c WORKING POC
IBM AIX <5.3 SP6 & 5.2.0 - Buffer Overflow
Buffer overflow in the ftp client in IBM AIX 5.3 SP6 and 5.2.0 allows local users to execute arbitrary code via unspecified vectors that trigger the overflow in a gets function call. NOTE: the client is setuid root on AIX, so this issue crosses privilege boundaries.
CVE-2007-3333 EXPLOITDB c WORKING POC
IBM AIX 5.2.0 and 5.3 SP6 - Remote Code Execution via Terminal Control Sequence Overflow
Stack-based buffer overflow in capture in IBM AIX 5.3 SP6 and 5.2.0 allows remote attackers to execute arbitrary code via a large number of terminal control sequences.