Aviv Raff

21 exploits Active since May 2005
CVE-2008-4696 METASPLOIT ruby WORKING POC
Opera - Stored Cross-Site Scripting via History Search Database
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat).
CVE-2005-2265 METASPLOIT ruby WORKING POC
Firefox < 1.0.5 and Mozilla < 1.7.9 - Denial of Service via InstallVersion.compareTo
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.
CVE-2006-4868 METASPLOIT ruby WORKING POC
Microsoft Outlook & IE 6.0 - Buffer Overflow
Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.
CVE-2005-2265 EXPLOITDB ruby WORKING POC
Firefox < 1.0.5 and Mozilla < 1.7.9 - Denial of Service via InstallVersion.compareTo
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.
EIP-2026-118999 EXPLOITDB html WORKING POC
Opera 9.61 - 'opera:historysearch' Code Execution
EIP-2026-118998 EXPLOITDB html WORKING POC
Opera 9.52/9.60 - Persistent Cross-Site Scripting Code Execution
CVE-2005-2265 EXPLOITDB ruby WORKING POC
Firefox < 1.0.5 and Mozilla < 1.7.9 - Denial of Service via InstallVersion.compareTo
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.
CVE-2005-0905 EXPLOITDB html WORKING POC
Maxthon 1.2.0 - Information Disclosure via m2_search_text Property
Maxthon 1.2.0 allows remote malicious web sites to obtain potentially sensitive data from the search bar via the m2_search_text property.
CVE-2006-4868 EXPLOITDB ruby WORKING POC
Microsoft Outlook & IE 6.0 - Buffer Overflow
Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.
CVE-2008-2281 EXPLOITDB html WORKING POC
Internet Explorer <8.0b - XSS
Cross-zone scripting vulnerability in the Print Table of Links feature in Internet Explorer 6.0, 7.0, and 8.0b allows user-assisted remote attackers to inject arbitrary web script or HTML in the Local Machine Zone via an HTML document with a link containing JavaScript sequences, which are evaluated by a resource script when a user prints this document.
CVE-2007-1499 EXPLOITDB text WORKING POC
Microsoft Internet Explorer 7.0 - Cross-Site Scripting via res: URI Navigation Cancel Page Spoofing
Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability."
EIP-2026-118274 EXPLOITDB html WORKING POC
Apple QuickTime /w IE .qtl Version XAS - Remote
EIP-2026-115721 EXPLOITDB c++ WORKING POC
Microsoft Internet Explorer 7 - DLL-load Hijacking Code Execution (PoC)
CVE-2006-3471 EXPLOITDB html WORKING POC
Microsoft Internet Explorer 6 on Windows XP - DoS
Microsoft Internet Explorer 6 on Windows XP allows remote attackers to cause a denial of service (crash) via a table with a frameset as a child, which triggers a null dereference, as demonstrated using the appendChild method.
CVE-2006-7066 EXPLOITDB text WORKING POC
Microsoft Internet Explorer 6 and 7.0.6000.16473 - Denial of Service via Orphaned Object Property Access
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating an object inside an iframe, deleting the frame by setting its location.href to about:blank, then accessing a property of the object within the deleted frame, which triggers a NULL pointer dereference. NOTE: it was later reported that 7.0.6000.16473 and earlier are also affected.
CVE-2007-0059 EXPLOITDB ruby WORKING POC
Apple QuickTime 3-7.1.3 - Remote Code Execution via HREFTrack Local URI
Cross-zone scripting vulnerability in Apple Quicktime 3 to 7.1.3 allows remote user-assisted attackers to execute arbitrary code and list filesystem contents via a QuickTime movie (.MOV) with an HREF Track (HREFTrack) that contains an automatic action tag with a local URI, which is executed in a local zone during preview, as exploited by a MySpace worm.
CVE-2008-4696 EXPLOITDB ruby WORKING POC
Opera - Stored Cross-Site Scripting via History Search Database
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat).
EIP-2026-103993 EXPLOITDB html WORKING POC
Mozilla Firefox 1.04 - 'compareTo()' Remote Code Execution
CVE-2008-4696 EXPLOITDB ruby WORKING POC
Opera - Stored Cross-Site Scripting via History Search Database
Cross-site scripting (XSS) vulnerability in Opera.dll in Opera before 9.61 allows remote attackers to inject arbitrary web script or HTML via the anchor identifier (aka the "optional fragment"), which is not properly escaped before storage in the History Search database (aka md.dat).
CVE-2008-4795 EXPLOITDB html WORKING POC
Opera < 9.62 - Cross-Site Scripting via Links Panel
The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks.
CVE-2006-4965 EXPLOITDB ruby WORKING POC
Apple QuickTime 7.1.3 - Remote Code Execution via QuickTime Media Link File
Apple QuickTime 7.1.3 Player and Plug-In allows remote attackers to execute arbitrary JavaScript code and possibly conduct other attacks via a QuickTime Media Link (QTL) file with an embed XML element and a qtnext parameter that identifies resources outside of the original domain. NOTE: as of 20070912, this issue has been demonstrated by using instances of Components.interfaces.nsILocalFile and Components.interfaces.nsIProcess to execute arbitrary local files within Firefox and possibly Internet Explorer.