H D Moore

59 exploits Active since May 2000
CVE-2008-1447 EXPLOITDB MEDIUM ruby WORKING POC
BIND < 9.5.0-P1, 9.4.2-P1, 9.3.5-P1 - DNS Cache Poisoning via Insufficient Transaction ID and Source Port Entropy
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic via a birthday attack that uses in-bailiwick referrals to conduct cache poisoning against recursive resolvers, related to insufficient randomness of DNS transaction IDs and source ports, aka "DNS Insufficient Socket Entropy Vulnerability" or "the Kaminsky bug."
CVSS 6.8
CVE-2006-0992 EXPLOITDB WORKING POC
Novell GroupWise Messenger - Stack-Based Buffer Overflow via Accept-Language Header
Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accidentally referenced CVE-2006-0092. This is the correct identifier.
CVE-2006-0476 EXPLOITDB WORKING POC
Nullsoft Winamp 5.12 - Buffer Overflow via Playlist File1 Field
Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).
CVE-2005-2265 EXPLOITDB ruby WORKING POC
Firefox < 1.0.5 and Mozilla < 1.7.9 - Denial of Service via InstallVersion.compareTo
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.
EIP-2026-119030 EXPLOITDB WORKING POC
PeerCast 0.1216 - Remote Buffer Overflow (Metasploit)
CVE-2001-0241 EXPLOITDB c WORKING POC
Windows 2000 - Buffer Overflow in Internet Printing ISAPI Extension
Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.
CVE-2002-1744 EXPLOITDB text WRITEUP
Microsoft Internet Information Services 5.0 - Directory Traversal via Hex-Encoded Unicode Dot-Dot
Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 allows remote attackers to view source code and determine the existence of arbitrary files via a hex-encoded "%c0%ae%c0%ae" string, which is the Unicode representation for ".." (dot dot).
CVE-2006-1359 EXPLOITDB WORKING POC
Microsoft Internet Explorer <7 - RCE/DoS
Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
CVE-2006-0005 EXPLOITDB WORKING POC
Windows Media Player 9-10 - Remote Code Execution via Long EMBED src Attribute
Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute.
EIP-2026-118786 EXPLOITDB WORKING POC
Microsoft IIS - SA WebAgent 5.2/5.3 Redirect Overflow (Metasploit)
CVE-2001-0341 EXPLOITDB WORKING POC
Microsoft FrontPage Server Extensions - Remote Code Execution via Long Registration Request to fp30reg.dll
Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll.
CVE-2006-3439 EXPLOITDB WORKING POC
Microsoft Windows <2003 - Buffer Overflow
Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
EIP-2026-118897 EXPLOITDB WORKING POC
Microsoft Windows XP/2003 - Metafile Escape() Code Execution (Metasploit)
CVE-2003-0605 EXPLOITDB c WORKING POC
Windows 2000 SP3-SP4 - Denial of Service and Privilege Escalation via RPC DCOM Interface
The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the __RemoteGetClassObject interface that cause a NULL pointer to be passed to the PerformScmStage function.
CVE-2005-4143 EXPLOITDB WORKING POC
Lyris ListManager 5.0-8.9a - SQL Injection via /read/attachment URL
SQL injection vulnerability in Lyris ListManager 5.0 through 8.9a allows remote attackers to execute arbitrary SQL commands via SQL code after a numeric argument to a /read/attachment URL.
CVE-2006-5156 EXPLOITDB WORKING POC
McAfee ePolicy Orchestrator < 3.5.0.720 and ProtectionPilot < 1.1.1.126 - Remote Code Execution via Long Source Header
Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header.
CVE-2006-2370 EXPLOITDB WORKING POC
Windows 2000 and 2003 Server - Remote Code Execution via RRAS RPC Request
Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
EIP-2026-118845 EXPLOITDB WORKING POC
Microsoft Internet Explorer 6.0 SP0 - IsComponentInstalled() Remote (Metasploit)
CVE-2006-2370 EXPLOITDB WORKING POC
Windows 2000 and 2003 Server - Remote Code Execution via RRAS RPC Request
Buffer overflow in the Routing and Remote Access service (RRAS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote unauthenticated or authenticated attackers to execute arbitrary code via certain crafted "RPC related requests," aka the "RRAS Memory Corruption Vulnerability."
CVE-2006-3730 EXPLOITDB HIGH ruby WORKING POC
Microsoft IE - Code Injection
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.
CVSS 8.8
CVE-2006-0003 EXPLOITDB WORKING POC
Microsoft Data Access Components 2.7-2.8 - Remote Code Execution via RDS.Dataspace ActiveX Control
Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors.
CVE-2006-6055 EXPLOITDB ruby WORKING POC
D-Link DWL-G132 A5AGU.SYS 1.0.1.41 - Stack-Based Buffer Overflow via 802.11 Beacon Rates IE
Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 wireless adapter allows remote attackers to execute arbitrary code via a 802.11 beacon request with a long Rates information element (IE).
EIP-2026-118341 EXPLOITDB WORKING POC
CA Unicenter 3.1 - CAM 'log_security()' Remote Stack Overflow (Metasploit)
CVE-2004-1857 EXPLOITDB text WORKING POC
HP Web Jetadmin 7.5.2546 - Authenticated Directory Traversal via setinclude Parameter
Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter.
CVE-2004-2074 EXPLOITDB c WORKING POC
Dream FTP 1.02 - Denial of Service via Format String in PASS or RETR Commands
Format string vulnerability in Dream FTP 1.02 allows local users to cause a denial of service (crash) via format string specifiers in the (1) PASS or (2) RETR commands.