Georgi Guninski

54 exploits Active since Apr 1997
CVE-1999-0030 EXPLOITDB c WORKING POC
SGI Irix - Buffer Overflow
root privileges via buffer overflow in xlock command on SGI IRIX systems.
CVE-1999-0038 EXPLOITDB HIGH c WORKING POC
Data General DG UX - Buffer Overflow
Buffer overflow in xlock program allows local users to execute commands as root.
CVSS 8.4
CVE-2001-0898 EXPLOITDB text WORKING POC
Opera <6.0 - Info Disclosure
Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a new window to the domain has been opened or (2) access data via about:cache.
CVE-2001-0137 EXPLOITDB html WORKING POC
Windows Media Player 7 - RCE
Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a skin file named skin.wmz, then referencing that skin in the codebase parameter to an applet tag, aka the Windows Media Player Skins File Download" vulnerability.
EIP-2026-118869 EXPLOITDB html WORKING POC
Microsoft Virtual Machine - Arbitrary Java Codebase Execution
CVE-1999-0793 EXPLOITDB text WORKING POC
Internet Explorer - Info Disclosure
Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet.
CVE-2001-0538 EXPLOITDB text WORKING POC
Microsoft Outlook <2002 - RCE
Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
CVE-2001-0643 EXPLOITDB text WRITEUP
Internet Explorer 5.5 - Info Disclosure
Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type.
CVE-2002-0023 EXPLOITDB text WRITEUP
Internet Explorer <6.0 - Info Disclosure
Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.
CVE-2001-0538 EXPLOITDB text WORKING POC
Microsoft Outlook <2002 - RCE
Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
CVE-2001-1325 EXPLOITDB WORKING POC
Internet Explorer <5.6 - XSS
Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH).
CVE-1999-1110 EXPLOITDB text WORKING POC
Windows Media Player <5.0 - Info Disclosure
Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client.
CVE-2000-0156 EXPLOITDB text WORKING POC
Internet Explorer <5.x - SSRF
Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability.
CVE-1999-0877 EXPLOITDB text WORKING POC
Microsoft Internet Explorer - Information Disclosure
Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME.
CVE-1999-0869 EXPLOITDB text WORKING POC
Internet Explorer <4.01 - XSS
Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.
CVE-2000-0886 EXPLOITDB text WORKING POC
IIS 5.0 - Command Injection
IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability.
CVE-2000-0942 EXPLOITDB text WRITEUP
Microsoft Indexing Services - XSS
The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
EIP-2026-118817 EXPLOITDB html WORKING POC
Microsoft Internet Explorer 5.5 - 'Index.dat' (MS00-055)
CVE-2000-1105 EXPLOITDB html WORKING POC
IXSso.query - Info Disclosure
The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled.
CVE-1999-0668 EXPLOITDB text WORKING POC
Scriptlet.typelib - RCE
The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.
CVE-1999-0981 EXPLOITDB text WORKING POC
Microsoft Internet Explorer < 5.01 - Symlink Following
Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect."
CVE-2001-1410 EXPLOITDB text WORKING POC
Internet Explorer <6 - Info Disclosure
Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method, which could allow attackers to simulate a victim's display and conduct unauthorized activities or steal sensitive data via social engineering.
CVE-1999-0702 EXPLOITDB text WORKING POC
Microsoft Internet Explorer - Code Injection
Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability.
CVE-1999-0347 EXPLOITDB text WRITEUP
Internet Explorer 4.01 - Info Disclosure
Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the character.
CVE-1999-0891 EXPLOITDB text WORKING POC
Microsoft Internet Explorer - Code Injection
The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect.