Auriemma Luigi

18 exploits Active since Sep 2001
CVE-2002-1075 EXPLOITDB text WRITEUP
Pegasus Mail <4.01 - Buffer Overflow
Buffer overflow in Pegasus mail client 4.01 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) To or (2) From headers.
CVE-2002-2145 EXPLOITDB text WORKING POC
Savant Web Server <3.1 - Auth Bypass
Savant Web Server 3.1 and earlier allows remote attackers to bypass authentication for password protected user folders via a URL with a hex encoded space (%20) and a '.' (%2e) at the end of the filename.
CVE-2002-0654 EXPLOITDB text WRITEUP
Apache 2.0-2.0.39 - Info Disclosure
Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to determine the full pathname of the server via (1) a request for a .var file, which leaks the pathname in the resulting error message, or (2) via an error message that occurs when a script (child process) cannot be invoked.
CVE-2002-0661 EXPLOITDB text WORKING POC
Apache HTTP Server 2.0-2.0.39 - Directory Traversal via Backslash-Encoded Dot-Dot Sequences
Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via .. (dot dot) sequences containing \ (backslash) characters.
CVE-2002-0968 EXPLOITDB c WORKING POC
AnalogX SimpleServer:WWW < 1.16 - Remote Code Execution via Long HTTP Request Method
Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier allows remote attackers to cause a denial of service (crash) and execute code via a long HTTP request method name.
CVE-2002-1079 EXPLOITDB text WRITEUP
Abyss Web Server 1.0.3 - Path Traversal
Directory traversal vulnerability in Abyss Web Server 1.0.3 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in an HTTP GET request.
CVE-2002-1828 EXPLOITDB text WORKING POC
Savant Webserver 3.1 - Denial of Service via Negative Content-Length
Savant Webserver 3.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request with a negative Content-Length value.
CVE-2002-1043 EXPLOITDB text WRITEUP
Ultrafunk Popcorn 1.20 - Denial of Service via Malformed Subject Header
Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of service (crash) via a malformed Subject ("\t\t").
EIP-2026-115216 EXPLOITDB text WRITEUP
Emule 0.27b - Empty Nickname Chat Request Denial of Service
CVE-2003-1364 EXPLOITDB text WORKING POC
Aprelium Technologies Abyss Web Server 1.1.2 - Denial of Service via Empty Connection or Range Fields
Aprelium Technologies Abyss Web Server 1.1.2, and possibly other versions before 1.1.4, allows remote attackers to cause a denial of service (crash) via an HTTP GET message with empty (1) Connection or (2) Range fields.
EIP-2026-115207 EXPLOITDB text WRITEUP
eDonkey Clients 0.44/0.45 - Multiple Chat Dialog Resource Consumption Vulnerabilities
CVE-2002-1451 EXPLOITDB text WRITEUP
Blazix - Unauthenticated Source Code Disclosure via Trailing '+' or '\' Character
Blazix before 1.2.2 allows remote attackers to read source code of JSP scripts or list restricted web directories via an HTTP request that ends in a (1) "+" or (2) "\" (backslash) character.
CVE-2003-1430 EXPLOITDB text WRITEUP
Unreal Tournament Server - Path Traversal via unreal:// URL
Directory traversal vulnerability in Unreal Tournament Server 436 and earlier allows remote attackers to access known files via a ".." (dot dot) in an unreal:// URL.
CVE-2002-1451 EXPLOITDB text WRITEUP
Blazix - Unauthenticated Source Code Disclosure via Trailing '+' or '\' Character
Blazix before 1.2.2 allows remote attackers to read source code of JSP scripts or list restricted web directories via an HTTP request that ends in a (1) "+" or (2) "\" (backslash) character.
CVE-2002-0964 EXPLOITDB text WRITEUP
Half-Life Server <= 1.1.1.0 - Denial of Service via CD Key Challenge Flood
Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via multiple responses to the initial challenge with different cd_key values, which reaches the player limit and prevents other players from connecting until the original responses have timed out.
EIP-2026-103459 EXPLOITDB text WRITEUP
Epic Games Unreal Tournament Server 436.0 - Denial of Service Amplifier
CVE-2003-1431 EXPLOITDB text WRITEUP
Unreal Engine 226f-436 - Denial of Service via Long Host String in Unreal URL
Buffer overflow in Epic Games Unreal Engine 226f through 436 allows remote attackers to cause a denial of service (crash) via a long host string in the Unreal URL.
CVE-2001-0693 EXPLOITDB text WORKING POC
WebTrends HTTP Server <3.5 - Info Disclosure
WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view script source code via a filename followed by an encoded space (%20).