Ben Campbell

24 exploits Active since Jan 1997
CVE-2012-5377 EXPLOITDB ruby WORKING POC
ActivePerl 5.16.1.1601 - Privilege Escalation
Untrusted search path vulnerability in the installation functionality in ActivePerl 5.16.1.1601, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\Perl\Site\bin directory, which is added to the PATH system environment variable, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview.
CVE-2012-5378 EXPLOITDB ruby WORKING POC
ActiveTcl 8.5.12 - Privilege Escalation
Untrusted search path vulnerability in the installation functionality in ActiveTcl 8.5.12, when installed in the top-level C:\ directory, allows local users to gain privileges via a Trojan horse DLL in the C:\TD\bin directory, which is added to the PATH system environment variable, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview.
CVE-2012-5379 EXPLOITDB HIGH ruby WORKING POC
ActivePython 3.2.2.3 - Privilege Escalation
Untrusted search path vulnerability in the installation functionality in ActivePython 3.2.2.3, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Python27 or C:\Python27\Scripts directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the ActivePython installation
CVSS 7.3
CVE-2012-5380 EXPLOITDB MEDIUM ruby WORKING POC
Ruby 1.9.3-p194 - Privilege Escalation
Untrusted search path vulnerability in the installation functionality in Ruby 1.9.3-p194, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Ruby193\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the Ruby installation
CVSS 6.7
CVE-2012-5381 EXPLOITDB ruby WORKING POC
PHP 5.3.17 - Untrusted Search Path Vulnerability via DLL Hijacking
Untrusted search path vulnerability in the installation functionality in PHP 5.3.17, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\PHP directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the PHP installation
CVE-2012-5382 EXPLOITDB ruby WORKING POC
Zend Server 5.6.0 SP4 - Privilege Escalation
Untrusted search path vulnerability in the installation functionality in Zend Server 5.6.0 SP4, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the C:\Zend\ZendServer\share\ZendFramework\bin directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the choice of C:\ (and the resulting unsafe PATH) is established by an administrative action that is not a default part of the Zend Server installation
CVE-1999-0506 METASPLOIT ruby SCANNER
Windows NT and Windows 2000 - Unauthenticated Remote Access via Null Password
A Windows NT domain user or administrator account has a default, null, blank, or missing password.
CVE-2013-3238 METASPLOIT ruby WORKING POC
phpMyAdmin <3.5.8 and <4.0.0-rc3 - Authenticated RCE
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature.
CVE-2014-1610 METASPLOIT ruby WORKING POC
MediaWiki <1.22.2/<1.21.5/<1.19.11 - RCE
MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.
CVE-2013-0008 METASPLOIT ruby WORKING POC
Windows Vista/7/8, Server 2008/2012, RT - Privilege Escalation via Win32k Window Broadcast
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
CVE-2012-4177 METASPLOIT ruby WORKING POC
Ubisoft Uplay PC < 2.0.4 - Remote Code Execution via -orbit_exe_path Argument
The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -orbit_exe_path command line argument.
CVE-2013-3660 METASPLOIT HIGH ruby WORKING POC
Windows - Local Privilege Escalation via EPATHOBJ::pprFlattenRec Pointer Initialization
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
CVSS 7.8
CVE-1999-0504 METASPLOIT ruby WORKING POC
Windows NT and Windows 2000 - Unauthenticated Local Account Access via Default Null Password
A Windows NT local user or administrator account has a default, null, blank, or missing password.
CVE-2013-0109 METASPLOIT ruby WORKING POC
NVIDIA Display Driver <307.78 & R310<311.00 - Privilege Escalation/DoS via Exception Handling
The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not properly handle exceptions, which allows local users to gain privileges or cause a denial of service (memory overwrite) via a crafted application.
CVE-1999-0504 METASPLOIT ruby WORKING POC
Windows NT and Windows 2000 - Unauthenticated Local Account Access via Default Null Password
A Windows NT local user or administrator account has a default, null, blank, or missing password.
CVE-2013-1300 METASPLOIT ruby WORKING POC
Microsoft Windows - Privilege Escalation
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
CVE-2013-0109 EXPLOITDB ruby WORKING POC
NVIDIA Display Driver <307.78 & R310<311.00 - Privilege Escalation/DoS via Exception Handling
The NVIDIA driver before 307.78, and Release 310 before 311.00, in the NVIDIA Display Driver service on Windows does not properly handle exceptions, which allows local users to gain privileges or cause a denial of service (memory overwrite) via a crafted application.
CVE-2013-1300 EXPLOITDB ruby WORKING POC
Microsoft Windows - Privilege Escalation
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle objects in memory, which allows local users to gain privileges via a crafted application, aka "Win32k Memory Allocation Vulnerability."
CVE-2012-4177 EXPLOITDB ruby WORKING POC
Ubisoft Uplay PC < 2.0.4 - Remote Code Execution via -orbit_exe_path Argument
The web browser plugin for Ubisoft Uplay PC before 2.0.4 allows remote attackers to execute arbitrary programs via the -orbit_exe_path command line argument.
CVE-2013-0008 EXPLOITDB ruby WORKING POC
Windows Vista/7/8, Server 2008/2012, RT - Privilege Escalation via Win32k Window Broadcast
win32k.sys in the kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 2012, and Windows RT does not properly handle window broadcast messages, which allows local users to gain privileges via a crafted application, aka "Win32k Improper Message Handling Vulnerability."
EIP-2026-117519 EXPLOITDB ruby WORKING POC
Microsoft Windows - AlwaysInstallElevated MSI (Metasploit)
CVE-2012-5383 EXPLOITDB ruby WORKING POC
Oracle MySQL <5.5.28 - Privilege Escalation
Untrusted search path vulnerability in the installation functionality in Oracle MySQL 5.5.28, when installed in the top-level C:\ directory, might allow local users to gain privileges via a Trojan horse DLL in the "C:\MySQL\MySQL Server 5.5\bin" directory, which may be added to the PATH system environment variable by an administrator, as demonstrated by a Trojan horse wlbsctrl.dll file used by the "IKE and AuthIP IPsec Keying Modules" system service in Windows Vista SP1, Windows Server 2008 SP2, Windows 7 SP1, and Windows 8 Release Preview. NOTE: CVE disputes this issue because the unsafe PATH is established only by a separate administrative action that is not a default part of the MySQL installation
CVE-2013-3238 EXPLOITDB ruby WORKING POC
phpMyAdmin <3.5.8 and <4.0.0-rc3 - Authenticated RCE
phpMyAdmin 3.5.x before 3.5.8 and 4.x before 4.0.0-rc3 allows remote authenticated users to execute arbitrary code via a /e\x00 sequence, which is not properly handled before making a preg_replace function call within the "Replace table prefix" feature.
CVE-2014-1610 EXPLOITDB ruby WORKING POC
MediaWiki <1.22.2/<1.21.5/<1.19.11 - RCE
MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.