venglin

6 exploits Active since Jul 2000
CVE-2005-2072 EXPLOITDB c WORKING POC
SUN Solaris - Access Control
The runtime linker (ld.so) in Solaris 8, 9, and 10 trusts the LD_AUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by (1) modifying LD_AUDIT to reference malicious code and possibly (2) using a long value for LD_AUDIT.
CVE-2002-0542 EXPLOITDB c WORKING POC
OpenBSD <3.1 - Privilege Escalation
mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron.
CVE-2000-0573 EXPLOITDB c WORKING POC
wu-ftpd <2.6.0 - Code Injection
The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.
CVE-2001-0414 EXPLOITDB c WORKING POC
Dave Mills Ntpd < 4.0.99k - Buffer Overflow
Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.
CVE-2000-0699 EXPLOITDB c WORKING POC
Hp-ux - Denial of Service
Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary commands via format strings in the PASS command.
CVE-2001-0247 EXPLOITDB perl WORKING POC
Netbsd - Buffer Overflow
Buffer overflows in BSD-based FTP servers allows remote attackers to execute arbitrary commands via a long pattern string containing a {} sequence, as seen in (1) g_opendir, (2) g_lstat, (3) g_stat, and (4) the glob0 buffer as used in the glob functions glob2 and glob3.