3APA3A

13 exploits Active since Jun 2001
CVE-2001-1088 EXPLOITDB text WRITEUP
Microsoft Outlook <8.5 - Info Disclosure
Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.
CVE-2007-0843 EXPLOITDB c WORKING POC
Microsoft Windows 2000-XP-Vista - Info Disclosure
The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.
CVE-2001-0675 EXPLOITDB text WRITEUP
The Bat! 1.51 - Denial of Service via Malformed Email Header
Rit Research Labs The Bat! 1.51 for Windows allows a remote attacker to cause a denial of service by sending an email to a user's account containing a carriage return <CR> that is not followed by a line feed <LF>.
EIP-2026-116472 EXPLOITDB text WORKING POC
Valve Software Half-Life Dedicated Server 3.1/4.1 - Information Disclosure/Denial of Service
CVE-2002-0338 EXPLOITDB text WORKING POC
The Bat! 1.53d and 1.54beta - Denial of Service via MS-DOS Device Name in Attachment
The Bat! 1.53d and 1.54beta, and possibly other versions, allows remote attackers to cause a denial of service (crash) via an attachment whose name includes an MS-DOS device name.
CVE-2002-1712 EXPLOITDB c WORKING POC
Microsoft Windows 2000 - Denial of Service via Empty TCP/IP Packets with ACK and FIN Bits
Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
CVE-2002-1712 EXPLOITDB c WORKING POC
Microsoft Windows 2000 - Denial of Service via Empty TCP/IP Packets with ACK and FIN Bits
Microsoft Windows 2000 allows remote attackers to cause a denial of service (memory consumption) by sending a flood of empty TCP/IP packets with the ACK and FIN bits set to the NetBIOS port (TCP/139), as demonstrated by stream3.
CVE-2003-1407 EXPLOITDB text WORKING POC
Windows NT 4.0 - Buffer Overflow via Long Pathname Argument to cd Command
Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to execute arbitrary code via a long pathname argument to the cd command.
CVE-2008-0192 EXPLOITDB text WORKING POC
WordPress < 2.0.9 - Cross-Site Scripting via popuptitle Parameter
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php.
CVE-2008-0192 EXPLOITDB text WORKING POC
WordPress < 2.0.9 - Cross-Site Scripting via popuptitle Parameter
Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the popuptitle parameter to (1) wp-admin/post.php or (2) wp-admin/page-new.php.
CVE-2008-0193 EXPLOITDB text WORKING POC
WordPress < 2.0.11 - Cross-Site Scripting via Backup Parameter
Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress 2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers to inject arbitrary web script or HTML via the backup parameter in a wp-db-backup.php action to wp-admin/edit.php.
CVE-2001-1106 EXPLOITDB text WRITEUP
Sambar Server 5 and earlier - Local Password Decryption via Symmetric Key
The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure.
CVE-2003-1445 EXPLOITDB text WORKING POC
Far Manager 1.70beta1 - Stack-based Buffer Overflow via Long Pathname
Stack-based buffer overflow in Far Manager 1.70beta1 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long pathname.