Federico L. Bossi Bonin

13 exploits Active since Mar 2006
CVE-2006-1664 EXPLOITDB perl WORKING POC
xine-lib - Buffer Overflow via Crafted MPEG Stream
Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.
CVE-2007-0165 EXPLOITDB c WORKING POC
Solaris 8 and 9 - Denial of Service via Malformed RPC Requests
Unspecified vulnerability in libnsl in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (crash) via malformed RPC requests that trigger a crash in rpcbind.
CVE-2008-4619 EXPLOITDB c WORKING POC
Sun Solaris 9 - Denial of Service via RPC XDR_DECODE Operation
The RPC subsystem in Sun Solaris 9 allows remote attackers to cause a denial of service (daemon crash) via a crafted request to procedure 8 in program 100000 (rpcbind), related to the XDR_DECODE operation and the taddr2uaddr function. NOTE: this might be a duplicate of CVE-2007-0165.
CVE-2006-0323 EXPLOITDB perl WORKING POC
RealNetworks RealPlayer RealOne Player Rhapsody and Helix Player - Buffer Overflow via Crafted SWF File
Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.
CVE-2006-6719 EXPLOITDB perl WORKING POC
GNU wget 1.10.2 - Denial of Service via FTP SYST Command
The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
CVE-2006-0323 EXPLOITDB perl WORKING POC
RealNetworks RealPlayer RealOne Player Rhapsody and Helix Player - Buffer Overflow via Crafted SWF File
Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.
EIP-2026-103424 EXPLOITDB c WORKING POC
BitchX 1.1-final - 'do_hook()' Remote Denial of Service
CVE-2006-2802 EXPLOITDB c WORKING POC
xine-lib 1.1.1 - Denial of Service via HTTP Plugin Long Reply
Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6.
EIP-2026-102717 EXPLOITDB c WORKING POC
portmap 5 Beta - 'Set/Dump' Local Denial of Service
CVE-2008-1110 EXPLOITDB perl WORKING POC
xine-lib < 1.1.10 - Buffer Overflow in ASF Demuxer
Buffer overflow in demuxers/demux_asf.c (aka the ASF demuxer) in the xineplug_dmx_asf.so plugin in xine-lib before 1.1.10 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a crafted ASF header. NOTE: this issue leads to a crash when an attack uses the CVE-2006-1664 exploit code, but it is different from CVE-2006-1664.
CVE-2006-6811 EXPLOITDB MEDIUM c WORKING POC
KsIRC 1.3.12 - Denial of Service via Long PRIVMSG String
KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow.
CVSS 6.5
CVE-2006-6660 EXPLOITDB text WORKING POC
KDE libkhtml < 4.2.0 - Denial of Service via Malformed HTML Tags
The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag.
CVE-2006-6660 EXPLOITDB html WORKING POC
KDE libkhtml < 4.2.0 - Denial of Service via Malformed HTML Tags
The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag.