David Litchfield

24 exploits Active since Jan 1999
CVE-2003-0727 METASPLOIT ruby WORKING POC
Oracle 9i Database Release 2 - Buffer Overflow
Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions.
CVE-2003-0727 EXPLOITDB ruby WORKING POC
Oracle 9i Database Release 2 - Buffer Overflow
Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions.
CVE-2000-0985 EXPLOITDB c WORKING POC
All-Mail 1.1 - RCE
Buffer overflow in All-Mail 1.1 allows remote attackers to execute arbitrary commands via a long "MAIL FROM" or "RCPT TO" command.
CVE-2003-0727 EXPLOITDB c WORKING POC
Oracle 9i Database Release 2 - Buffer Overflow
Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions.
CVE-2000-0425 EXPLOITDB c WORKING POC
Lsoft Listserv - Buffer Overflow
Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8 allows remote attackers to execute arbitrary commands.
CVE-1999-0448 EXPLOITDB c WORKING POC
IIS 4.0 - Info Disclosure
IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
CVE-2002-0419 EXPLOITDB text WORKING POC
Microsoft Internet Information Server - Information Disclosure
Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request. NOTE: this entry originally contained a vector (1) in which the server reveals whether it supports Basic or NTLM authentication through 401 Access Denied error messages. CVE has REJECTED this vector; it is not a vulnerability because the information is already available through legitimate use, since authentication cannot proceed without specifying a scheme that is supported by both the client and the server.
CVE-2000-0951 EXPLOITDB text WORKING POC
IIS 5.0 - Info Disclosure
A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search.
CVE-2000-0302 EXPLOITDB text WORKING POC
Microsoft Index Server - Info Disclosure
Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL.
CVE-2002-0721 EXPLOITDB text WORKING POC
Microsoft SQL Server 7.0-2000 - Privilege Escalation
Microsoft SQL Server 7.0 and 2000 installs with weak permissions for extended stored procedures that are associated with helper functions, which could allow unprivileged users, and possibly remote attackers, to run stored procedures with administrator privileges via (1) xp_execresultset, (2) xp_printstatements, or (3) xp_displayparamstmt.
CVE-2002-0649 EXPLOITDB c++ WORKING POC
Microsoft Data Engine - Memory Corruption
Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.
CVE-2003-0003 EXPLOITDB text WRITEUP
Microsoft Windows 2000 Terminal Services - Buffer Overflow
Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
CVE-1999-0700 EXPLOITDB c WORKING POC
Microsoft Windows 2000 - Memory Corruption
Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file.
CVE-2000-1081 EXPLOITDB c WORKING POC
SQL Server - Buffer Overflow
The xp_displayparamstmt function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
CVE-2000-1083 EXPLOITDB c WORKING POC
SQL Server - Buffer Overflow
The xp_showcolv function in SQL Server and Microsoft SQL Server Desktop Engine (MSDE) does not properly restrict the length of a buffer before calling the srv_paraminfo function in the SQL Server API for Extended Stored Procedures (XP), which allows an attacker to cause a denial of service or execute arbitrary commands, aka the "Extended Stored Procedure Parameter Parsing" vulnerability.
EIP-2026-117576 EXPLOITDB c WORKING POC
Microsoft Windows NT 4.0/4.0 SP1/4.0 SP2/4.0 SP3/4.0 SP4 - Server Operator to Administrator Privilege Escalation: System Key
CVE-1999-0716 EXPLOITDB c WORKING POC
Microsoft Windows 2000 - Buffer Overflow
Buffer overflow in Windows NT 4.0 help file utility via a malformed help file.
CVE-1999-0715 EXPLOITDB c WORKING POC
Microsoft Windows 2000 - Buffer Overflow
Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry.
CVE-2002-0859 EXPLOITDB text WORKING POC
Microsoft Jet - Buffer Overflow
Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.
EIP-2026-104027 EXPLOITDB ruby WORKING POC
Oracle 11g - Multiple Privilege Escalation Vulnerabilities
EIP-2026-104024 EXPLOITDB ruby WORKING POC
Oracle 10g - Multiple Privilege Escalation Vulnerabilities
CVE-1999-1130 EXPLOITDB text WRITEUP
Netscape Enterprise Server <3.5.1 - Info Disclosure
Default configuration of the search engine in Netscape Enterprise Server 3.5.1, and possibly other versions, allows remote attackers to read the source of JHTML files by specifying a search command using the HTML-tocrec-demo1.pat pattern file.
EIP-2026-104042 EXPLOITDB text WRITEUP
Oracle9i Application Server 9.0.2 - MOD_ORADAV Access Control
CVE-1999-1030 EXPLOITDB text WRITEUP
Behold Software Web Page Counter - Denial of Service
counter.exe 2.70 allows a remote attacker to cause a denial of service (hang) via an HTTP request that ends in %0A (newline), which causes a malformed entry in the counter log that produces an access violation.