Donato Ferrante

39 exploits Active since Jan 2004
CVE-2004-2113 EXPLOITDB text WRITEUP
BremsServer 1.2.4 - Cross-Site Scripting via URL
Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the URL.
CVE-2004-2120 EXPLOITDB text WRITEUP
reptile_web_server - Denial of Service via Incomplete GET Requests
Reptile Web Server allows remote attackers to cause a denial of service (CPU consumption) via multiple incomplete GET requests without the HTTP version.
CVE-2004-0678 EXPLOITDB text WRITEUP
12Planet Chat Server 2.9 - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) in one2planet.infolet.InfoServlet in 12Planet Chat Server 2.9 allows remote attackers to execute arbitrary script as other users via the page parameter.
EIP-2026-103452 EXPLOITDB text WRITEUP
Easy Chat Server 1.x - Multiple Denial of Service Vulnerabilities
EIP-2026-103532 EXPLOITDB text WRITEUP
LANChat Pro Revival 1.666c - UDP Processing Remote Denial of Service
CVE-2004-2646 EXPLOITDB c WORKING POC
Free Web Chat 2.0 - Denial of Service via Null usrName Variable
The addUser function in UserManager.java in Free Web Chat 2.0 allows remote attackers to cause a denial of service (uncaught NullPointerException) via unknown attack vectors that cause the usrName variable to be null.
CVE-2004-2647 EXPLOITDB java WORKING POC
Free Web Chat 2.0 - Denial of Service via Multiple Connections
Free Web Chat 2.0 allows remote attackers to cause a denial of service (CPU consumption) via multiple connections from the same user.
CVE-2004-1973 EXPLOITDB text WORKING POC
DiGi Web Server - Denial of Service via Excessive Slash Characters
DiGi Web Server allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request that contains a large number of / (slash) characters, which consumes resources when DiGi converts the slashes to \ (backslash) characters.
CVE-2003-1199 EXPLOITDB text WRITEUP
MyProxy 20030629 - Cross-Site Scripting via URL Parameter
Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows remote attackers to inject arbitrary web script or HTML via the URL.
CVE-2004-1838 EXPLOITDB text WRITEUP
xweb 1.0 - Directory Traversal via URL
Directory traversal vulnerability in xweb 1.0 allows remote attackers to download arbitrary files via a .. (dot dot) in the URL.
CVE-2004-1801 EXPLOITDB text WRITEUP
PWebServer 0.3.3 - Directory Traversal via URL
Directory traversal vulnerability in PWebServer 0.3.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
CVE-2004-2618 EXPLOITDB text WRITEUP
Pegasi Web Server 0.2.2 - Cross-Site Scripting via URI
Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to inject arbitrary web script or HTML via the URI, directly after the initial '/' (slash).
CVE-2004-2617 EXPLOITDB text WRITEUP
Pegasi Web Server 0.2.2 - Path Traversal
Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 allows remote attackers to read files outside of the web root via a .. (dot dot) directly after the initial '/' (slash) in the URI.
CVE-2004-1919 EXPLOITDB text WORKING POC
Crackalaka 1.0.8 - Denial of Service via Large Malformed Strings
The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote attackers to cause a denial of service (crash) via large malformed strings.