snooq

16 exploits Active since Dec 2001
CVE-2003-0812 EXPLOITDB c WORKING POC
Windows Workstation Service - Buffer Overflow
Stack-based buffer overflow in a logging function for Windows Workstation Service (WKSSVC.DLL) allows remote attackers to execute arbitrary code via RPC calls that cause long entries to be written to a debug log file ("NetSetup.LOG"), as demonstrated using the NetAddAlternateComputerName API.
CVE-2003-1260 EXPLOITDB perl WORKING POC
CuteFTP 5.0 - Remote Code Execution via Long LIST Command Response
Buffer overflow in CuteFTP 5.0 allows remote attackers to execute arbitrary code via a long response to a LIST command.
CVE-2004-0333 EXPLOITDB c WORKING POC
UUDeview <8.1 - Remote Code Execution
Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters.
CVE-2004-0212 EXPLOITDB c WORKING POC
Avaya IP600 Media Servers - Stack-Based Buffer Overflow via Long Parameters in .job File
Stack-based buffer overflow in the Task Scheduler for Windows 2000 and XP, and Internet Explorer 6 on Windows NT 4.0, allows local or remote attackers to execute arbitrary code via a .job file containing long parameters, as demonstrated using Internet Explorer and accessing a .job file on an anonymous share.
CVE-2005-1219 EXPLOITDB c WORKING POC
Microsoft Color Management Module - RCE
Buffer overflow in the Microsoft Color Management Module for Windows allows remote attackers to execute arbitrary code via an image with crafted ICC profile format tags.
CVE-2005-1344 EXPLOITDB c WORKING POC
Apache HTTP Server 2.0.52 - Buffer Overflow via Long Realm Argument
Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
CVE-2001-0797 EXPLOITDB perl WORKING POC
SGI IRIX - Buffer Overflow in Login via Telnet/Rlogin Arguments
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
CVE-2003-1347 EXPLOITDB text WRITEUP
Geeklog 1.3.7 - Cross-Site Scripting via cid, uid, or Homepage Field
Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to comment.php, (2) uid parameter to profiles.php, (3) uid to users.php, and (4) homepage field.
CVE-2003-1347 EXPLOITDB text WORKING POC
Geeklog 1.3.7 - Cross-Site Scripting via cid, uid, or Homepage Field
Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to comment.php, (2) uid parameter to profiles.php, (3) uid to users.php, and (4) homepage field.
CVE-2003-1347 EXPLOITDB text WORKING POC
Geeklog 1.3.7 - Cross-Site Scripting via cid, uid, or Homepage Field
Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to comment.php, (2) uid parameter to profiles.php, (3) uid to users.php, and (4) homepage field.
CVE-2003-1347 EXPLOITDB text WRITEUP
Geeklog 1.3.7 - Cross-Site Scripting via cid, uid, or Homepage Field
Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 allow remote attackers to inject arbitrary web script or HTML via the (1) cid parameter to comment.php, (2) uid parameter to profiles.php, (3) uid to users.php, and (4) homepage field.
CVE-2005-1520 EXPLOITDB c++ WORKING POC
GNU Mailutils < 0.6.90 - Remote Code Execution via Crafted Email Header
Buffer overflow in the header_get_field_name function in header.c for GNU Mailutils 0.5 and 0.6, and other versions before 0.6.90, allows remote attackers to execute arbitrary code via a crafted e-mail.
CVE-2003-0849 EXPLOITDB c WORKING POC
cfengine 2.x - Remote Code Execution via Modified Packet Length Values
Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote attackers to execute arbitrary code via certain packets with modified length values, which is trusted by the ReceiveTransaction function when using a buffer provided by the BusyWithConnection function.
CVE-2003-0127 EXPLOITDB c WORKING POC
Linux kernel <2.2.25-2.4.21 - Privilege Escalation
The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.
EIP-2026-102880 EXPLOITDB c WORKING POC
ISDNRep 4.56 - Command Line Argument Local Buffer Overflow (2)
CVE-2003-0770 EXPLOITDB perl WORKING POC
IkonBoard <= 3.1.2a - Remote Code Execution via Lang Cookie Injection
FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not properly cleanse the "lang" cookie when it contains illegal characters, which allows remote attackers to execute arbitrary code when the cookie is inserted into a Perl "eval" statement.