Alexey Sintsov

23 exploits Active since Sep 2001
CVE-2009-1523 EXPLOITDB WRITEUP
Jetty 5.1.14 6.x < 6.1.17 and 7.x <= 7.0.0.M2 - Path Traversal via URI
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.
CVE-2011-0920 EXPLOITDB html WORKING POC
IBM Lotus Domino - Authentication Bypass and Remote Code Execution via UNC Share Pathname
The Remote Console in IBM Lotus Domino, when a certain unsupported configuration involving UNC share pathnames is used, allows remote attackers to bypass authentication and execute arbitrary code via unspecified vectors, aka SPR PRAD89WGRS.
CVE-2011-10021 EXPLOITDB HIGH ruby WORKING POC
Magix Musik Maker 16 - Buffer Overflow
Magix Musik Maker 16 is vulnerable to a stack-based buffer overflow due to improper handling of .mmm arrangement files. The vulnerability arises from an unsafe strcpy() operation that fails to validate input length, allowing attackers to overwrite the Structured Exception Handler (SEH). By crafting a malicious .mmm file, an attacker can trigger the overflow when the file is opened, potentially leading to arbitrary code execution. This vulnerability was remediated in version 17.
CVE-2010-2655 EXPLOITDB text WRITEUP
IBM Advanced Management Module < 2.48 - Authenticated Path Traversal via DIR Parameter
Directory traversal vulnerability in private/file_management.php on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allows remote authenticated users to list arbitrary directories and possibly have unspecified other impact via a .. (dot dot) in the DIR parameter.
CVE-2010-2654 EXPLOITDB text WRITEUP
IBM BladeCenter AMM <4.7 and 5.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities on the IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, allow remote attackers to inject arbitrary web script or HTML via the (1) INDEX or (2) IPADDR parameter to private/cindefn.php, (3) the domain parameter to private/power_management_policy_options.php, the slot parameter to (4) private/pm_temp.php or (5) private/power_module.php, (6) the WEBINDEX parameter to private/blade_leds.php, or (7) the SLOT parameter to private/ipmi_bladestatus.php.
CVE-2011-4404 METASPLOIT ruby WORKING POC
VMware vCenter Update Manager - Directory Traversal and Arbitrary File Read
The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523.
CVE-2011-4404 EXPLOITDB text WRITEUP
VMware vCenter Update Manager - Directory Traversal and Arbitrary File Read
The default configuration of the HTTP server in Jetty in vSphere Update Manager in VMware vCenter Update Manager 4.0 before Update 4 and 4.1 before Update 2 allows remote attackers to conduct directory traversal attacks and read arbitrary files via unspecified vectors, a related issue to CVE-2009-1523.
EIP-2026-119057 EXPLOITDB perl WORKING POC
ProSSHD 1.2 - (Authenticated) Remote (ASLR + DEP Bypass)
EIP-2026-119108 EXPLOITDB text WORKING POC
SAP GUI 7.10 - WebViewer3D Active-X JIT-Spray
EIP-2026-119107 EXPLOITDB text WORKING POC
SAP GUI 7.00 - BExGlobal Active-X unsecure method
CVE-2010-3595 EXPLOITDB text WORKING POC
Oracle Fusion Middleware <10.1.3.5 - Info Disclosure
Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors related to Import Server. NOTE: the previous information was obtained from the January 2011 CPU. Oracle has not commented on claims from the original researcher that remote attackers can read arbitrary files via a full pathname in the first argument to the ImportBodyText method in the EasyMail ActiveX control (emsmtp.dll).
CVE-2009-1523 EXPLOITDB text WORKING POC
Jetty 5.1.14 6.x < 6.1.17 and 7.x <= 7.0.0.M2 - Path Traversal via URI
Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.
CVE-2010-1939 EXPLOITDB text WORKING POC
Apple Safari 4.0.5 - Use-After-Free via Popup Window Close Method
Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object.
CVE-2006-0021 EXPLOITDB c++ WORKING POC
Windows XP SP1-SP2 and Server 2003 up to SP1 - Denial of Service via Invalid IGMP Packet
Microsoft Windows XP SP1 and SP2, and Server 2003 up to SP1, allows remote attackers to cause a denial of service (hang) via an IGMP packet with an invalid IP option, aka the "IGMP v3 DoS Vulnerability."
CVE-2009-3440 EXPLOITDB text WRITEUP
OSSIM < 2.1.2 - Cross-Site Scripting via Option Parameter
Cross-site scripting (XSS) vulnerability in Open Source Security Information Management (OSSIM) before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the option parameter to the default URI (aka the main menu).
CVE-2010-2656 EXPLOITDB text WRITEUP
IBM Advanced Management Module < 2.48 - Unauthenticated Sensitive Information Exposure via Direct Request
The IBM BladeCenter with Advanced Management Module (AMM) firmware build ID BPET48L, and possibly other versions before 4.7 and 5.0, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download (1) logs or (2) core files via direct requests, as demonstrated by a request for private/sdc.tgz.
CVE-2010-1143 EXPLOITDB text WRITEUP
VMware View Manager 3.1.x - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in VMware View (formerly Virtual Desktop Manager or VDM) 3.1.x before 3.1.3 build 252693 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2010-1143 EXPLOITDB text WRITEUP
VMware View Manager 3.1.x - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in VMware View (formerly Virtual Desktop Manager or VDM) 3.1.x before 3.1.3 build 252693 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-3732 EXPLOITDB text WRITEUP
VMware ACE 2.5.0-2.5.3 - Remote Code Execution via Format String Vulnerability
Format string vulnerability in vmware-vmrc.exe build 158248 in VMware Remote Console (aka VMrc) allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2011-1519 EXPLOITDB html WORKING POC
IBM Lotus Domino <8.x - Auth Bypass
The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920.
EIP-2026-101521 EXPLOITDB text WORKING POC
Alteon OS BBI (Nortell) - Cross-Site Scripting / Cross-Site Request Forgery
CVE-2010-1460 EXPLOITDB text WORKING POC
IBM Advanced Management Module < bpet50g - Denial of Service via Malformed TCP Application Data
The IBM BladeCenter with Advanced Management Module (AMM) firmware before bpet50g does not properly perform interrupt sharing for USB and iSCSI, which allows remote attackers to cause a denial of service (management module reboot) via TCP packets with malformed application data.
CVE-2001-0985 EXPLOITDB perl WORKING POC
Hassan Consulting Shopping Cart 1.23 - RCE
shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attackers to execute arbitrary commands via shell metacharacters in the "page" parameter.