Federico L. Bossi Bonin

13 exploits Active since Mar 2006
CVE-2006-1664 EXPLOITDB perl WORKING POC
libxine <1.14 - RCE
Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.
CVE-2007-0165 EXPLOITDB c WORKING POC
SUN Solaris - Denial of Service
Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.
CVE-2008-4619 EXPLOITDB c WORKING POC
Sunos - Denial of Service
The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. NOTE: this might be a duplicate of CVE-2007-0165.
CVE-2006-0323 EXPLOITDB perl WORKING POC
Realnetworks Helix Player - Memory Corruption
Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.
CVE-2006-6719 EXPLOITDB perl WORKING POC
GNU Wget 1.10.2 - DoS
The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
CVE-2006-0323 EXPLOITDB perl WORKING POC
Realnetworks Helix Player - Memory Corruption
Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.
EIP-2026-103424 EXPLOITDB c WORKING POC
BitchX 1.1-final - 'do_hook()' Remote Denial of Service
CVE-2006-2802 EXPLOITDB c WORKING POC
Gxine - Buffer Overflow
Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6.
EIP-2026-102717 EXPLOITDB c WORKING POC
portmap 5 Beta - 'Set/Dump' Local Denial of Service
CVE-2008-1110 EXPLOITDB perl WORKING POC
xine-lib <1.1.10 - RCE
Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header. NOTE: this issue leads to a crash when an attack uses the CVE-2006-1664 exploit code, but it is different from CVE-2006-1664.
CVE-2006-6811 EXPLOITDB MEDIUM c WORKING POC
KsIRC 1.3.12 - DoS
KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow.
CVSS 6.5
CVE-2006-6660 EXPLOITDB text WORKING POC
KDE libkhtml <4.2.0 - DoS
The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag.
CVE-2006-6660 EXPLOITDB html WORKING POC
KDE libkhtml <4.2.0 - DoS
The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag.