Brian Carrier

6 exploits Active since Jul 2000
CVE-2026-40024 WRITEUP HIGH WRITEUP
Sleuth Kit tsk_recover Path Traversal
The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can craft a malicious filesystem image with embedded /../ sequences in filenames that, when processed by tsk_recover, writes files outside the output directory, potentially achieving code execution by overwriting shell configuration or cron entries.
CVSS 7.1
CVE-2026-40025 WRITEUP MEDIUM WRITEUP
Sleuth Kit APFS Keybag Parser Out-of-Bounds Read
The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the APFS filesystem keybag parser where the wrapped_key_parser class follows attacker-controlled length fields without bounds checking, causing heap reads past the allocated buffer. An attacker can craft a malicious APFS disk image that triggers information disclosure or crashes when processed by any Sleuth Kit tool that parses APFS volumes.
CVSS 4.4
CVE-2026-40026 WRITEUP MEDIUM WRITEUP
Sleuth Kit ISO9660 SUSP Extension Reference Out-of-Bounds Read
The Sleuth Kit through 4.14.0 contains an out-of-bounds read vulnerability in the ISO9660 filesystem parser where the parse_susp() function trusts len_id, len_des, and len_src fields from the disk image to memcpy data into a stack buffer without verifying that the source data falls within the parsed SUSP block. An attacker can craft a malicious ISO image that causes reads past the end of the SUSP data buffer, and a zero-length SUSP entry can trigger an infinite parsing loop.
CVSS 4.4
CVE-2000-0625 EXPLOITDB c WORKING POC
NetZero < 3.0 - Weak Encryption of User Login Information
NetZero 3.0 and earlier uses weak encryption for storing a user's login information, which allows a local user to decrypt the password.
CVE-2000-0684 EXPLOITDB c WORKING POC
BEA WebLogic 5.1.x - Unauthenticated Remote Code Execution via JSPServlet
BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.
CVE-2000-0955 EXPLOITDB perl WORKING POC
Cisco Virtual Central Office 4000 < 5.1.3 - Weak Encryption in SNMP MIB
Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to store usernames and passwords in the SNMP MIB, which allows an attacker who knows the community name to crack the password and gain privileges.