CVE-2000-0096

qpopper 3.0 beta - Local Buffer Overflow via LIST Command

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0096. PoCs published by Zhodiac.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in Qualcomm's qpopper daemon (versions 3.0beta29 or lower) via the LIST command. It injects shellcode to spawn a shell, requiring valid user credentials for exploitation.

Description

Buffer overflow in qpopper 3.0 beta versions allows local users to gain privileges via a long LIST command.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Zhodiac · cremotelinux

https://www.exploit-db.com/exploits/19729

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in Qualcomm's qpopper daemon (versions 3.0beta29 or lower) via the LIST command. It injects shellcode to spawn a shell, requiring valid user credentials for exploitation.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Qualcomm qpopper <= 3.0beta29

Auth required

Prerequisites: Valid POP account credentials · Network access to the qpopper service (port 110)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/948

Scores

EPSS 0.0051

EPSS Percentile 39.5%

Details

Status published

Products (30)

qualcomm/qpopper 3.0

qualcomm/qpopper 3.0beta1

qualcomm/qpopper 3.0beta2

qualcomm/qpopper 3.0beta3

qualcomm/qpopper 3.0beta4

qualcomm/qpopper 3.0beta5

qualcomm/qpopper 3.0beta6

qualcomm/qpopper 3.0beta7

qualcomm/qpopper 3.0beta8

qualcomm/qpopper 3.0beta9

... and 20 more

Published Jan 26, 2000

Tracked Since Feb 18, 2026