Alfons Luja

16 exploits Active since Apr 2008
CVE-2008-2031 EXPLOITDB c WORKING POC
VicFTPS 5.0 - Denial of Service via Crafted LIST Command
VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a crafted LIST command, which triggers a NULL pointer dereference. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-118525 EXPLOITDB html WORKING POC
ExcelOCX ActiveX 3.2 - Download File Insecure Method
EIP-2026-118448 EXPLOITDB text WORKING POC
dwebpro 6.8.26 - Directory Traversal / File Disclosure
EIP-2026-118447 EXPLOITDB text WORKING POC
DWebPro 6.8.26 - Directory Traversal / Arbitrary File Disclosure
EIP-2026-118357 EXPLOITDB html WORKING POC
Ciansoft PDFBuilderX 2.2 - ActiveX Arbitrary File Overwrite
CVE-2008-6829 EXPLOITDB c WORKING POC
VicFTPS 5.0 - Denial of Service via Malformed LIST Command
VicFTPS 5.0 allows remote attackers to cause a denial of service (crash) via a LIST command that starts with a "/\/" (forward slash, backward slash, forward slash). NOTE: this might be the same issue as CVE-2008-2031.
CVE-2008-7074 EXPLOITDB php WORKING POC
i.Scribe 1.88-2.00 - Remote Code Execution via SMTP Server Response Format String
Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remote SMTP servers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a server response, which is not properly handled "when displaying the signon message."
CVE-2009-1209 EXPLOITDB php WORKING POC
W3C Amaya Web Browser 11.1 - Remote Code Execution via Long Defer Attribute in Script Tag
Stack-based buffer overflow in W3C Amaya Web Browser 11.1 allows remote attackers to execute arbitrary code via a script tag with a long defer attribute.
CVE-2008-6842 EXPLOITDB php WORKING POC
Pluck 4.6.1 - Path Traversal via Post Parameter
Directory traversal vulnerability in data/modules/blog/module_pages_site.php in Pluck 4.6.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the post parameter.
EIP-2026-111287 EXPLOITDB text WRITEUP
Pivot 1.40.6 - Arbitrary File Deletion
CVE-2008-6933 EXPLOITDB php WORKING POC
MiniGal b13 - Path Traversal via List Parameter
Directory traversal vulnerability in index.php in MiniGal b13 (aka MG2) allows remote attackers to read the source code of .php files, and possibly the content of other files, via a .. (dot dot) in the list parameter.
EIP-2026-109437 EXPLOITDB text WORKING POC
MG2 0.5.1 - 'filename' Remote Code Execution
EIP-2026-109137 EXPLOITDB text WORKING POC
Limbo CMS 1.0.4.2 - Cross-Site Request Forgery / Privilege Escalation
CVE-2008-5291 EXPLOITDB text WORKING POC
fuzzylime_cms 3.03 - Remote File Inclusion via Track.php p Parameter
Directory traversal vulnerability in code/track.php in FuzzyLime 3.03 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter, a different vector than CVE-2007-4805 and CVE-2008-3165.
CVE-2009-0572 EXPLOITDB text WORKING POC
FlatnuX CMS - Remote Code Execution
PHP remote file inclusion vulnerability in include/flatnux.php in FlatnuX CMS (aka Flatnuke3) 2009-01-27 and 2009-02-04, when register_globals is enabled and magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the _FNROOTPATH parameter to (1) index.php and (2) filemanager.php.
EIP-2026-107132 EXPLOITDB text WORKING POC
Flatnux 2009-01-27 - Cross-Site Scripting / Iframe Injection