His0k4

100 exploits Active since Feb 2005
CVE-2007-4803 EXPLOITDB python WORKING POC
Atomix Productions Atomixmp3 - Memory Corruption
Buffer overflow in AtomixMP3 2.3 allows user-assisted remote attackers to execute arbitrary code via long strings in file and title fields in a .pls file, as demonstrated by the (1) File1 and (2) Title1 fields, different vectors than CVE-2006-6287 and CVE-2007-2487.
CVE-2009-1815 EXPLOITDB python WORKING POC
Sonicspot Audioactive Player - Memory Corruption
Stack-based buffer overflow in Sonic Spot Audioactive Player 1.93b allows remote attackers to execute arbitrary code via a long string in a playlist file, as demonstrated by a long .mp3 URL in a .m3u file.
CVE-2009-4756 EXPLOITDB python WORKING POC
TraktorBeatport.exe <1.0.0.283 - Buffer Overflow
Stack-based buffer overflow in TraktorBeatport.exe 1.0.0.283 in Beatport Player 1.0.0.0 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.
CVE-2009-1068 EXPLOITDB python WORKING POC
Bsplayer Bs.player - Memory Corruption
Stack-based buffer overflow in BS.Player (bsplayer) 2.32 Build 975 Free and 2.34 Build 980 PRO and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long hostname in a .bsl playlist file.
CVE-2008-5754 EXPLOITDB python WORKING POC
BulletProof FTP Client - Buffer Overflow
Stack-based buffer overflow in BulletProof FTP Client allows user-assisted attackers to execute arbitrary code via a .bps file (aka Session-File) with a long second line, possibly a related issue to CVE-2008-5753.
EIP-2026-116953 EXPLOITDB python WORKING POC
Chasys Media Player 1.1 - '.pls' Local Stack Overflow
CVE-2009-1437 EXPLOITDB python WORKING POC
Coolplayer - Memory Corruption
Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka CoolPlayer+ Portable) 2.19.6 and earlier allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file. NOTE: this may overlap CVE-2008-3408.
CVE-2009-3429 EXPLOITDB python WORKING POC
Pirateradio Destiny Media Player - Memory Corruption
Stack-based buffer overflow in Pirate Radio Destiny Media Player 1.61 allows remote attackers to execute arbitrary code via a long string in a .pls playlist file.
CVE-2008-3733 EXPLOITDB python WORKING POC
EO Video <1.36 - Buffer Overflow
Stack-based buffer overflow in EO Video (eo-video) 1.36 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a .eop (aka playlist) file with a ProjectElement element that contains a long Name element.
CVE-2009-2485 EXPLOITDB ruby WORKING POC
HT-MP3Player 1.0 - Buffer Overflow
Stack-based buffer overflow in HT-MP3Player 1.0 allows remote attackers to execute arbitrary code via a long string in a .ht3 file.
CVE-2009-2485 EXPLOITDB python WORKING POC
HT-MP3Player 1.0 - Buffer Overflow
Stack-based buffer overflow in HT-MP3Player 1.0 allows remote attackers to execute arbitrary code via a long string in a .ht3 file.
CVE-2009-1071 EXPLOITDB python WORKING POC
Randomsoftware Icarus - Memory Corruption
Stack-based buffer overflow in Icarus 2.0 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted Portable Game Notation (.pgn) file.
EIP-2026-115944 EXPLOITDB python WORKING POC
Nofeel FTP Server 3.6 - 'CWD' Remote Memory Consumption
CVE-2008-5753 EXPLOITDB python WORKING POC
BulletProof FTP Client <2.63 - Buffer Overflow
Stack-based buffer overflow in BulletProof FTP Client 2.63 and 2010 allows user-assisted attackers to execute arbitrary code via a bookmark file entry with a long host name, which appears as a host parameter within the quick-connect bar.
CVE-2008-1958 EXPLOITDB text WORKING POC
Tr Script News 2.1 - RCE
Unrestricted file upload vulnerability in the ajout_cat mode in admin/main.php in Tr Script News 2.1 allows remote authenticated users to execute arbitrary code by uploading a file with a .php extension.
CVE-2008-2185 EXPLOITDB text WORKING POC
Toocharger Smartblog - Path Traversal
Directory traversal vulnerability in index.php in SMartBlog (aka SMBlog) 1.3 allows remote attackers to include arbitrary local files via directory traversal sequences in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-6633 EXPLOITDB text WORKING POC
Beaussier Roomphplanning - SQL Injection
SQL injection vulnerability in RoomPHPlanning 1.5 allows remote attackers to execute arbitrary SQL commands via the idresa parameter to resaopen.php.
CVE-2009-1587 EXPLOITDB text WORKING POC
Kalptarudemos Php Site Lock - Authentication Bypass
index.php in PHP Site Lock 2.0 allows remote attackers to bypass authentication and obtain administrative access by setting the login_id, group_id, login_name, user_id, and user_type cookies to certain values.
CVE-2008-6429 EXPLOITDB text WORKING POC
Mike Leeper Com Prayercenter < 1.4.9 - SQL Injection
SQL injection vulnerability in the PrayerCenter (com_prayercenter) component 1.4.9 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view_request action to index2.php.
CVE-2008-3498 EXPLOITDB text WORKING POC
nBill (com_netinvoice) 1.2.0 SP1 - SQL Injection
SQL injection vulnerability in the nBill (com_netinvoice) component 1.2.0 SP1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in an orders action to index.php. NOTE: some of these details are obtained from third party information.
CVE-2008-6430 EXPLOITDB perl WORKING POC
Joomla Com Mycontent - SQL Injection
SQL injection vulnerability in the MyContent (com_mycontent) component 1.1.13 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.
CVE-2008-4715 EXPLOITDB text WORKING POC
Jpad - SQL Injection
SQL injection vulnerability in the Jpad (com_jpad) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
CVE-2008-2564 EXPLOITDB perl WORKING POC
Joomla Com Jotloader < 1.2.1.a - SQL Injection
SQL injection vulnerability in the JotLoader (com_jotloader) component 1.2.1.a and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter to index.php.
CVE-2008-6068 EXPLOITDB text WORKING POC
Joomla! com_joomladate 1.2 - SQL Injection
SQL injection vulnerability in the JoomlaDate (com_joomladate) component 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a viewProfile action to index.php.
CVE-2008-2633 EXPLOITDB text WORKING POC
Joomla Com Joomradio - SQL Injection
Multiple SQL injection vulnerabilities in the EXP JoomRadio (com_joomradio) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) show_radio or (2) show_video action to index.php.