venglin

7 exploits Active since Jul 2000
CVE-2026-45250 NOMISEC HIGH WORKING POC
FreeBSD 15.0-RELEASE < p9, 14.4-RELEASE < p5, 14.3-RELEASE < p14 - Stack-based Buffer Overflow in setcred(2)
The setcred(2) system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied list exceeds the capacity of that buffer, a stack buffer overflow occurs. Because the bounds check on the supplementary groups list occurs after the kernel stack buffer has already been written, an unprivileged local user may trigger the overflow without holding any special privilege. Successful exploitation may allow an attacker to execute arbitrary code in the context of the kernel, allowing an unprivileged local user to gain elevated privileges on the affected system.
1 stars
CVSS 7.8
CVE-2005-2072 EXPLOITDB c WORKING POC
Solaris 8-10 - Privilege Escalation via LD_AUDIT Environment Variable
The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT.
CVE-2002-0542 EXPLOITDB c WORKING POC
OpenBSD <3.1 - Privilege Escalation
mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron.
CVE-2000-0573 EXPLOITDB c WORKING POC
HP-UX - Remote Code Execution via wu-ftpd SITE EXEC Format String
The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.
CVE-2001-0414 EXPLOITDB c WORKING POC
ntpd < 4.0.99k - Buffer Overflow via Long readvar Argument
Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.
CVE-2000-0699 EXPLOITDB c WORKING POC
HP-UX 10.20 - Remote Code Execution via FTP PASS Command Format String
Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary commands via format strings in the PASS command.
CVE-2001-0247 EXPLOITDB perl WORKING POC
NetBSD - Remote Code Execution via Long Pattern String with {} Sequence
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.