Jason Geffner

11 exploits Active since Jun 2010
CVE-2020-8289 NOMISEC HIGH WORKING POC
Backblaze <7.0.1.433-7.0.1.434 - RCE
Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality.
11 stars
CVSS 7.8
CVE-2020-8289 GITHUB HIGH c WORKING POC
Backblaze <7.0.1.433-7.0.1.434 - RCE
Backblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality.
4 stars
CVSS 7.8
CVE-2020-8290 NOMISEC HIGH WORKING POC
Backblaze <7.0.0.439 - Privilege Escalation
Backblaze for Windows and Backblaze for macOS before 7.0.0.439 suffer from improper privilege management in `bztransmit` helper due to lack of permission handling and validation before creation of client update directories allowing for local escalation of privilege via rogue client update binary.
CVSS 7.8
CVE-2009-10006 EXPLOITDB CRITICAL ruby WORKING POC
UFO: Alien Invasion <2.2.1 - RCE
UFO: Alien Invasion versions up to and including 2.2.1 contain a buffer overflow vulnerability in its built-in IRC client component. When the client connects to an IRC server and receives a crafted numeric reply (specifically a 001 message), the application fails to properly validate the length of the response string. This results in a stack-based buffer overflow, which may corrupt control flow structures and allow arbitrary code execution. The vulnerability is triggered during automatic IRC connection handling and does not require user interaction beyond launching the game.
CVE-2009-10006 EXPLOITDB CRITICAL text WORKING POC
UFO: Alien Invasion <2.2.1 - RCE
UFO: Alien Invasion versions up to and including 2.2.1 contain a buffer overflow vulnerability in its built-in IRC client component. When the client connects to an IRC server and receives a crafted numeric reply (specifically a 001 message), the application fails to properly validate the length of the response string. This results in a stack-based buffer overflow, which may corrupt control flow structures and allow arbitrary code execution. The vulnerability is triggered during automatic IRC connection handling and does not require user interaction beyond launching the game.
CVE-2009-10006 METASPLOIT CRITICAL ruby WORKING POC
UFO: Alien Invasion <2.2.1 - RCE
UFO: Alien Invasion versions up to and including 2.2.1 contain a buffer overflow vulnerability in its built-in IRC client component. When the client connects to an IRC server and receives a crafted numeric reply (specifically a 001 message), the application fails to properly validate the length of the response string. This results in a stack-based buffer overflow, which may corrupt control flow structures and allow arbitrary code execution. The vulnerability is triggered during automatic IRC connection handling and does not require user interaction beyond launching the game.
CVE-2009-10006 METASPLOIT CRITICAL ruby WORKING POC
UFO: Alien Invasion <2.2.1 - RCE
UFO: Alien Invasion versions up to and including 2.2.1 contain a buffer overflow vulnerability in its built-in IRC client component. When the client connects to an IRC server and receives a crafted numeric reply (specifically a 001 message), the application fails to properly validate the length of the response string. This results in a stack-based buffer overflow, which may corrupt control flow structures and allow arbitrary code execution. The vulnerability is triggered during automatic IRC connection handling and does not require user interaction beyond launching the game.
EIP-2026-119232 EXPLOITDB ruby WORKING POC
UFO: Alien Invasion IRC Client (Windows) - Remote Buffer Overflow (Metasploit)
EIP-2026-104621 EXPLOITDB python WORKING POC
UFO: Alien Invasion 2.2.1 (OSX Snow Leopard) - IRC Client Remote Code Execution (ROP)
CVE-2010-2309 EXPLOITDB ruby WORKING POC
Evological Evocam - Memory Corruption
Buffer overflow in the web server for EvoLogical EvoCam 3.6.6 and 3.6.7 allows remote attackers to execute arbitrary code via a long GET request.
EIP-2026-104622 EXPLOITDB python WORKING POC
UFO: Alien Invasion 2.2.1 (OSX) - Remote Code Execution