Georgi Guninski

54 exploits Active since Apr 1997
CVE-1999-0030 EXPLOITDB c WORKING POC
SGI IRIX - Buffer Overflow in xlock
root privileges via buffer overflow in xlock command on SGI IRIX systems.
CVE-1999-0038 EXPLOITDB HIGH c WORKING POC
Data General DG UX - Buffer Overflow
Buffer overflow in xlock program allows local users to execute commands as root.
CVSS 8.4
CVE-2001-0898 EXPLOITDB text WORKING POC
Opera Web Browser < 6.0 - Information Disclosure via JavaScript setTimeout
Opera 6.0 and earlier allows remote attackers to access sensitive information such as cookies and links for other domains via Javascript that uses setTimeout to (1) access data after a new window to the domain has been opened or (2) access data via about:cache.
CVE-2001-0137 EXPLOITDB html WORKING POC
Windows Media Player 7 - Remote Code Execution via Malicious Skin File
Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a skin file named skin.wmz, then referencing that skin in the codebase parameter to an applet tag, aka the Windows Media Player Skins File Download" vulnerability.
EIP-2026-118869 EXPLOITDB html WORKING POC
Microsoft Virtual Machine - Arbitrary Java Codebase Execution
CVE-1999-0793 EXPLOITDB text WORKING POC
Internet Explorer - Info Disclosure
Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet.
CVE-2001-0538 EXPLOITDB text WORKING POC
Microsoft Outlook < 2002 - Remote Code Execution via Malicious HTML Email or Web Page
Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
CVE-2001-0643 EXPLOITDB text WRITEUP
Internet Explorer 5.5 - Info Disclosure
Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type.
CVE-2002-0023 EXPLOITDB text WRITEUP
Internet Explorer <6.0 - Info Disclosure
Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.
CVE-2001-0538 EXPLOITDB text WORKING POC
Microsoft Outlook < 2002 - Remote Code Execution via Malicious HTML Email or Web Page
Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
CVE-2001-1325 EXPLOITDB WORKING POC
Internet Explorer 5.0-5.5 and Outlook Express 5.0-5.5 - Remote Code Execution via XSL Scripts in IFRAME
Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using an IFRAME tag, possibly due to a vulnerability in Windows Scripting Host (WSH).
CVE-1999-1110 EXPLOITDB text WORKING POC
Windows Media Player <5.0 - Info Disclosure
Windows Media Player ActiveX object as used in Internet Explorer 5.0 returns a specific error code when a file does not exist, which allows remote malicious web sites to determine the existence of files on the client.
CVE-2000-0156 EXPLOITDB text WORKING POC
Internet Explorer 4.x and 5.x - Unauthenticated Arbitrary File Access via Image Source Redirect
Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability.
CVE-1999-0877 EXPLOITDB text WORKING POC
Internet Explorer 5 - Unauthenticated Exposure of Sensitive Information via IFRAME ExecCommand
Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME.
CVE-1999-0869 EXPLOITDB text WORKING POC
Internet Explorer 3.x-4.01 - Frame Spoofing
Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.
CVE-2000-0886 EXPLOITDB text WORKING POC
Internet Information Server 5.0 - Remote Code Execution via Malformed Executable File Request
IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability.
CVE-2000-0942 EXPLOITDB text WRITEUP
Microsoft Indexing Service - Cross-Site Scripting via CiRestriction Parameter
The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
EIP-2026-118817 EXPLOITDB html WORKING POC
Microsoft Internet Explorer 5.5 - 'Index.dat' (MS00-055)
CVE-2000-1105 EXPLOITDB html WORKING POC
Microsoft Indexing Service - Information Disclosure via ixsso.query ActiveX Object
The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled.
CVE-1999-0668 EXPLOITDB text WORKING POC
Microsoft Internet Explorer scriptlet.typelib - ActiveX Command Execution
The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.
CVE-1999-0981 EXPLOITDB text WORKING POC
Internet Explorer < 5.01 - Local File Access via Server-side Page Reference Redirect
Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect."
CVE-2001-1410 EXPLOITDB text WORKING POC
Internet Explorer <6 - Info Disclosure
Internet Explorer 6 and earlier allows remote attackers to create chromeless windows using the Javascript window.createPopup method, which could allow attackers to simulate a victim's display and conduct unauthorized activities or steal sensitive data via social engineering.
CVE-1999-0702 EXPLOITDB text WORKING POC
Internet Explorer 5.0 and 5.01 - Remote Code Execution via Import/Export Favorites
Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability.
CVE-1999-0347 EXPLOITDB text WRITEUP
Internet Explorer 4.01 - Info Disclosure
Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the character.
CVE-1999-0891 EXPLOITDB text WORKING POC
Internet Explorer 5 - Arbitrary File Read via Server-Side Redirect
The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect.