Hans Jerry Illikainen

4 exploits Active since Mar 2016
CVE-2016-1960 EXPLOITDB HIGH html WORKING POC
Mozilla Firefox <45.0 - Firefox ESR 38.x <38.7 - RCE
Integer underflow in the nsHtml5TreeBuilder class in the HTML5 string parser in Mozilla Firefox before 45.0 and Firefox ESR 38.x before 38.7 allows remote attackers to execute arbitrary code or cause a denial of service (use-after-free) by leveraging mishandling of end tags, as demonstrated by incorrect SVG processing, aka ZDI-CAN-3545.
CVSS 8.8
CVE-2016-5399 EXPLOITDB HIGH python WORKING POC
PHP < 5.5.37 - Out-of-bounds Write via bzread Function
The bzread function in ext/bz2/bz2.c in PHP before 5.5.38, 5.6.x before 5.6.24, and 7.x before 7.0.9 allows remote attackers to cause a denial of service (out-of-bounds write) or execute arbitrary code via a crafted bz2 archive.
CVSS 7.8
CVE-2016-3078 EXPLOITDB CRITICAL text WORKING POC
PHP < 7.0.6 - Integer Overflow in ZipArchive getFromIndex and getFromName
Multiple integer overflows in php_zip.c in the zip extension in PHP before 7.0.6 allow remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted call to (1) getFromIndex or (2) getFromName in the ZipArchive class.
CVSS 9.8
CVE-2016-3074 EXPLOITDB CRITICAL text WORKING POC
libgd 2.1.1 - Denial of Service and Potential Remote Code Execution via Crafted Compressed GD2 Data
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.
CVSS 9.8