Csaba Fitzl

8 exploits Active since Apr 2009
CVE-2014-0160 NOMISEC HIGH WORKING POC
OpenSSL 1.0.1-1.0.1f - Out-of-bounds Read via Heartbeat Extension
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
CVSS 7.5
CVE-2014-0160 NOMISEC HIGH WORKING POC
OpenSSL 1.0.1-1.0.1f - Out-of-bounds Read via Heartbeat Extension
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
CVSS 7.5
CVE-2014-0160 EXPLOITDB HIGH python WORKING POC
OpenSSL 1.0.1-1.0.1f - Out-of-bounds Read via Heartbeat Extension
The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug.
CVSS 7.5
CVE-2020-25736 METASPLOIT HIGH ruby WORKING POC
Acronis TrueImage XPC Privilege Escalation
Acronis True Image 2019 update 1 through 2021 update 1 on macOS allows local privilege escalation due to an insecure XPC service configuration.
CVSS 7.8
CVE-2009-1330 EXPLOITDB python WORKING POC
Easy RM to MP3 Converter - Stack-based Buffer Overflow via Long Filename in Playlist File
Stack-based buffer overflow in Easy RM to MP3 Converter allows remote attackers to execute arbitrary code via a long filename in a playlist (.pls) file.
CVE-2015-8285 EXPLOITDB HIGH python WORKING POC
QuickHeal Total Security - Denial of Service via webssx.sys Driver
The webssx.sys driver in QuickHeal 16.00 allows remote attackers to cause a denial of service.
CVSS 7.5
CVE-2014-0346 EXPLOITDB python WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-0160. Reason: This candidate is a reservation duplicate of CVE-2014-0160. Notes: All CVE users should reference CVE-2014-0160 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
EIP-2026-103377 EXPLOITDB python WORKING POC
MacOS 320.whatis Script - Privilege Escalation