Georgi Guninski

54 exploits Active since Apr 1997
CVE-2000-0653 EXPLOITDB text WORKING POC
Microsoft Outlook Express - Info Disclosure
Microsoft Outlook Express allows remote attackers to monitor a user's email by creating a persistent browser link to the Outlook Express windows, aka the "Persistent Mail-Browser Link" vulnerability.
CVE-2001-0137 EXPLOITDB html WORKING POC
Windows Media Player 7 - Remote Code Execution via Malicious Skin File
Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a skin file named skin.wmz, then referencing that skin in the codebase parameter to an applet tag, aka the Windows Media Player Skins File Download" vulnerability.
CVE-2001-0148 EXPLOITDB html WORKING POC
Windows Media Player 7 - Remote Code Execution via JavaScript URL in ActiveX Control
The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability.
CVE-2001-0149 EXPLOITDB html WORKING POC
Windows Scripting Host - Info Disclosure
Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object.
CVE-2001-1347 EXPLOITDB c WORKING POC
Windows 2000 - Denial of Service and Privilege Escalation via Hardware Breakpoint Handling
Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes.
CVE-2000-0854 EXPLOITDB c++ WORKING POC
Microsoft Office 2000 - Code Injection
When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
CVE-2001-0324 EXPLOITDB text WORKING POC
Windows 98 and Windows 2000 - Denial of Service via UDP Socket Exhaustion
Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents the host from establishing any additional UDP connections, and possibly causes a crash.
CVE-2001-0151 EXPLOITDB perl WORKING POC
Internet Information Services 5.0 - Denial of Service via Malformed WebDAV Requests
IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests.
CVE-1999-0306 EXPLOITDB c WORKING POC
HP VVOS - Buffer Overflow in xlock Program
buffer overflow in HP xlock program.
EIP-2026-104540 EXPLOITDB c WRITEUP
OpenBSD 2.x/3.x - Local Malformed Binary Execution Denial of Service
CVE-2000-0958 EXPLOITDB html WORKING POC
HotJava Browser 3.0 - Unauthenticated DOM Access via JavaScript URL in Named Window
HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window.
CVE-2001-0009 EXPLOITDB bash WORKING POC
Lotus Domino 5.0.5 - Path Traversal
Directory traversal vulnerability in Lotus Domino 5.0.5 web server allows remote attackers to read arbitrary files via a .. attack.
CVE-2000-0028 EXPLOITDB text WORKING POC
Internet Explorer 5.0-5.01 - CSRF
Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the cross frame security policy and read files via the external.NavigateAndFind function.
CVE-1999-0750 EXPLOITDB text WORKING POC
Hotmail - Stored Cross-Site Scripting via HTML STYLE Tag
Hotmail allows Javascript to be executed via the HTML STYLE tag, allowing remote attackers to execute commands on the user's Hotmail account.
EIP-2026-103820 EXPLOITDB text WORKING POC
vim 6.3 < 6.3.082 - 'modlines' Local Command Execution
EIP-2026-103411 EXPLOITDB html WORKING POC
Apple Safari (webkit) (iPhone/OSX/Windows) - Remote Denial of Service
EIP-2026-103559 EXPLOITDB html WORKING POC
Mozilla Firefox 1.0.7 - Integer Overflow Denial of Service
CVE-2003-1232 EXPLOITDB text WORKING POC
Emacs 21.2.1 - Arbitrary Command Execution via Local Variables Section
Emacs 21.2.1 does not prompt or warn the user before executing Lisp code in the local variables section of a text file, which allows user-assisted attackers to execute arbitrary commands, as demonstrated using the mode-name variable.
CVE-2004-1335 EXPLOITDB c WORKING POC
Linux Kernel < 2.6.10 - Denial of Service via ip_options_get Memory Leak
Memory leak in the ip_options_get function in the Linux kernel before 2.6.10 allows local users to cause a denial of service (memory consumption) by repeatedly calling the ip_cmsg_send function.
EIP-2026-102648 EXPLOITDB c WORKING POC
Linux Kernel 2.4.28/2.6.9 - Memory Leak Local Denial of Service
CVE-2004-1333 EXPLOITDB c WORKING POC
Linux Kernel < 2.6.10 - Denial of Service via vc_resize Integer Overflow
Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow.
CVE-2006-0884 EXPLOITDB html WORKING POC
Thunderbird < 1.0.7 - Information Disclosure via IFRAME SRC JavaScript URI
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.
CVE-2010-2939 EXPLOITDB text WRITEUP
OpenSSL <1.0.0a-0.9.7 - Use After Free
Double free vulnerability in the ssl3_get_key_exchange function in the OpenSSL client (ssl/s3_clnt.c) in OpenSSL 1.0.0a, 0.9.8, 0.9.7, and possibly other versions, when using ECDH, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted private key with an invalid prime. NOTE: some sources refer to this as a use-after-free issue.
EIP-2026-102451 EXPLOITDB text WRITEUP
Oracle 8.1.7 - JSP/JSPSQL Remote File Reading
CVE-1999-1208 EXPLOITDB c WORKING POC
IBM AIX <= 4.2 - Local Buffer Overflow via Long Command Line Argument
Buffer overflow in ping in AIX 4.2 and earlier allows local users to gain root privileges via a long command line argument.