Alexander Klink

11 exploits Active since May 2006
CVE-2013-4426 WRITEUP WRITEUP
pyxtrlock <0.1 - Info Disclosure
pyxtrlock before 0.1 uses an incorrect variable name, which allows physically proximate attackers to bypass the lock screen via multiple failed authentication attempts, which trigger a crash.
CVE-2013-4427 WRITEUP WRITEUP
Leon Weber Pyxtrlock < 0.1 - Improper Input Validation
pyxtrlock before 0.2 does not properly check the return values of the (1) xcb_grab_pointer and (2) xcb_grab_keyboard XCB library functions, which allows physically proximate attackers to gain access to the keyboard or mouse without unlocking the screen via unspecified vectors.
CVE-2011-4885 METASPLOIT ruby WORKING POC
Php < 5.3.8 - Improper Input Validation
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
EIP-2026-118781 EXPLOITDB text WRITEUP
Microsoft Crypto API X.509 Certificate Validation - Remote Information Disclosure
CVE-2006-2109 EXPLOITDB text WORKING POC
Jsboard < 2.0.11 - XSS
Cross-site scripting (XSS) vulnerability in the parse_query_str function in include/print.php in JSBoard 2.0.10 and 2.0.11, and possibly other versions before 2.0.12, allows remote attackers to inject arbitrary web script or HTML via parameters that are set as global variables within the program, as demonstrated using the table parameter to login.php.
CVE-2007-1363 EXPLOITDB text WORKING POC
Dropafew < 0.2 - SQL Injection
Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the delete action in (a) search.php or (b) search-pda.php, or the (2) calories parameter in a save action in editlogcal.php.
CVE-2007-1363 EXPLOITDB text WORKING POC
Dropafew < 0.2 - SQL Injection
Multiple SQL injection vulnerabilities in DropAFew before 0.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the delete action in (a) search.php or (b) search-pda.php, or the (2) calories parameter in a save action in editlogcal.php.
CVE-2007-1364 EXPLOITDB text WORKING POC
DropAFew <0.2.1 - Info Disclosure
DropAFew before 0.2.1 does not require authorization for certain privileged actions, which allows remote attackers to (1) view the logged calorie information of arbitrary users via the id parameter in editlogcal.php, (2) add arbitrary links via links.php, or (3) create arbitrary users via newaccount2.php.
CVE-2008-7017 EXPLOITDB text WORKING POC
Cacert - XSS
Cross-site scripting (XSS) vulnerability in analyse.php in CAcert 20080921, and possibly other versions before 20080928, allows remote attackers to inject arbitrary web script or HTML via the CN (CommonName) field in the subject of an X.509 certificate.
EIP-2026-103659 EXPLOITDB text WORKING POC
Splunk 4.3.1 - Denial of Service
CVE-2007-1465 EXPLOITDB WORKING POC
Dproxy - Buffer Overflow
Stack-based buffer overflow in dproxy.c for dproxy 0.1 through 0.5 allows remote attackers to execute arbitrary code via a long DNS query packet to UDP port 53.