Beenu Arora

25 exploits Active since Dec 2007
CVE-2010-3143 EXPLOITDB c WORKING POC
Microsoft Windows Contacts - Untrusted Search Path and DLL Hijacking via Trojan Horse wab32res.dll
Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file. NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3147.
CVE-2010-3146 EXPLOITDB c WORKING POC
Microsoft Groove 2007 SP2 - Privilege Escalation
Multiple untrusted search path vulnerabilities in Microsoft Groove 2007 SP2 allow local users to gain privileges via a Trojan horse (1) mso.dll or (2) GroovePerfmon.dll file in the current working directory, as demonstrated by a directory that contains a Groove vCard (.vcg) or Groove Tool Archive (.gta) file, aka "Microsoft Groove Insecure Library Loading Vulnerability."
EIP-2026-118140 EXPLOITDB python WORKING POC
WM Downloader 3.0.0.9 (Windows XP SP3) - PLS PLA
CVE-2010-3125 EXPLOITDB c WORKING POC
TeamMate Audit Management Software Suite 8.0 patch 2 - Untrusted Search Path and DLL Hijacking via mfc71enu.dll
Untrusted search path vulnerability in TeamMate Audit Management Software Suite 8.0 patch 2 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse mfc71enu.dll that is located in the same folder as a .tmx file.
EIP-2026-117881 EXPLOITDB c WORKING POC
Roxio Photosuite 9 - 'homeutils9.dll' DLL Hijacking
CVE-2010-3139 EXPLOITDB c WORKING POC
Microsoft Windows Progman Group Converter - RCE
Untrusted search path vulnerability in Microsoft Windows Progman Group Converter (grpconv.exe) allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse imm.dll that is located in the same folder as a .grp file.
CVE-2010-3147 EXPLOITDB c WORKING POC
Windows Address Book <6.00.2900.5512 - Privilege Escalation
Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
CVE-2010-3145 EXPLOITDB text WORKING POC
Microsoft BitLocker Drive Encryption API - Privilege Escalation
Untrusted search path vulnerability in the BitLocker Drive Encryption API, as used in sdclt.exe in Backup Manager in Microsoft Windows Vista SP1 and SP2, allows local users to gain privileges via a Trojan horse fveapi.dll file in the current working directory, as demonstrated by a directory that contains a Windows Backup Catalog (.wbcat) file, aka "Backup Manager Insecure Library Loading Vulnerability."
CVE-2010-3148 EXPLOITDB c WORKING POC
Microsoft Visio 2003 SP3 - Privilege Escalation
Untrusted search path vulnerability in Microsoft Visio 2003 SP3 allows local users to gain privileges via a Trojan horse mfc71enu.dll file in the current working directory, as demonstrated by a directory that contains a .vsd, .vdx, .vst, or .vtx file, aka "Microsoft Visio Insecure Library Loading Vulnerability."
CVE-2011-0108 EXPLOITDB c WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2011. Notes: none
CVE-2010-3144 EXPLOITDB text WORKING POC
Microsoft Windows XP/SP3-Server 2003 SP2 - Privilege Escalation
Untrusted search path vulnerability in the Internet Connection Signup Wizard in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a Trojan horse smmscrpt.dll file in the current working directory, as demonstrated by a directory that contains an ISP or INS file, aka "Internet Connection Signup Wizard Insecure Library Loading Vulnerability."
EIP-2026-117339 EXPLOITDB c WORKING POC
InterVideo WinDVD 5 - 'cpqdvd.dll' DLL Hijacking
EIP-2026-115724 EXPLOITDB text WORKING POC
Microsoft Internet Explorer 7 - Microsoft Clip Organizer Multiple Insecure ActiveX Control Denial of Service Vulnerabilities
EIP-2026-115095 EXPLOITDB text WORKING POC
Core Impact 7.5 - Denial of Service
EIP-2026-112396 EXPLOITDB text WORKING POC
SpitFire Photo Pro - 'pages.php' SQL Injection
EIP-2026-111650 EXPLOITDB text WORKING POC
QuicO - 'photo.php' SQL Injection
CVE-2008-6266 EXPLOITDB text WORKING POC
phpWebSite - SQL Injection via Links.php cid Parameter
SQL injection vulnerability in links.php in Appalachian State University phpWebSite allows remote attackers to execute arbitrary SQL commands via the cid parameter in a viewlink action.
CVE-2008-7000 EXPLOITDB text WRITEUP
PHPAuction 3.2 - Remote Code Execution via Index.php Lan Parameter
PHP remote file inclusion vulnerability in index.php in PHPAuction 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the lan parameter. NOTE: this might be related to CVE-2005-2255.1.
EIP-2026-109743 EXPLOITDB text WRITEUP
MyBlog 1.x - 'Games.php?ID' Remote File Inclusion
CVE-2007-6455 EXPLOITDB text WORKING POC
Mambo 4.6.2 - Cross-Site Scripting via Itemid or Option Parameter
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Mambo 4.6.2 allow remote attackers to inject arbitrary web script or HTML via the (1) Itemid parameter in a com_frontpage option and the (2) option parameter.
CVE-2008-6213 EXPLOITDB text WORKING POC
Harlandscripts Pro Traffic One - SQL Injection via trg Parameter in mypage.php
SQL injection vulnerability in mypage.php in Harlandscripts Pro Traffic One allows remote attackers to execute arbitrary SQL commands via the trg parameter.
CVE-2008-4741 EXPLOITDB text WRITEUP
far-php 1.00 - Path Traversal via Index.php c Parameter
Directory traversal vulnerability in index.php in FAR-PHP 1.00, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter.
EIP-2026-105981 EXPLOITDB text WORKING POC
CMS Made Simple 1.6.6 - Local File Inclusion / Cross-Site Scripting
EIP-2026-105982 EXPLOITDB text WORKING POC
CMS Made Simple 1.6.6 - Multiple Vulnerabilities
EIP-2026-102688 EXPLOITDB text SUSPICIOUS
Mozilla Firefox 3.0 - '.JPEG' File Denial of Service