Jean Pascal Pereira

26 exploits Active since Oct 2012
CVE-2012-10037 EXPLOITDB CRITICAL ruby WORKING POC
PhpTax 0.8 - Unauthenticated Remote Code Execution via drawimage.php pfilez Parameter
PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec() function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution under the web server's context. No authentication is required.
CVE-2012-10037 EXPLOITDB CRITICAL text WORKING POC
PhpTax 0.8 - Unauthenticated Remote Code Execution via drawimage.php pfilez Parameter
PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec() function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution under the web server's context. No authentication is required.
CVE-2012-6301 METASPLOIT ruby WORKING POC
Android 4.0.3 - Denial of Service via Crafted Market URI in IFRAME
The Browser application in Android 4.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted market: URI in the SRC attribute of an IFRAME element.
CVE-2012-10037 METASPLOIT CRITICAL ruby WORKING POC
PhpTax 0.8 - Unauthenticated Remote Code Execution via drawimage.php pfilez Parameter
PhpTax version 0.8 contains a remote code execution vulnerability in drawimage.php. The pfilez GET parameter is unsafely passed to the exec() function without sanitization. A remote attacker can inject arbitrary shell commands, leading to code execution under the web server's context. No authentication is required.
CVE-2012-5470 EXPLOITDB perl WORKING POC
VLC media player 2.0.3 - Denial of Service via Crafted PNG File
libpng_plugin in VideoLAN VLC media player 2.0.3 allows remote attackers to cause a denial of service (application crash) via a crafted PNG file.
CVE-2012-6303 EXPLOITDB python WORKING POC
Snack Sound Toolkit - Heap-based Buffer Overflow in GetWavHeader
Heap-based buffer overflow in the GetWavHeader function in generic/jkSoundFile.c in the Snack Sound Toolkit, as used in WaveSurfer 1.8.8p4, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large chunk size in a WAV file.
CVE-2012-6307 EXPLOITDB HIGH perl WORKING POC
JPEGsnoop 1.5.2 - Remote Code Execution in JPEG File Handling
A vulnerability exists in JPEGsnoop 1.5.2 due to an unspecified issue in JPEG file handling, which could let a malicious user execute arbitrary code
CVSS 8.8
EIP-2026-115732 EXPLOITDB php WORKING POC
Microsoft Internet Explorer 9 - Memory Corruption Crash (PoC)
EIP-2026-115730 EXPLOITDB text WORKING POC
Microsoft Internet Explorer 9 - Cross-Site Scripting Filter Bypass
CVE-2012-5672 EXPLOITDB perl WORKING POC
Microsoft Excel and Excel Viewer - Denial of Service via Crafted Spreadsheet File
Microsoft Excel Viewer (aka Xlview.exe) and Excel in Microsoft Office 2007 (aka Office 12) allow remote attackers to cause a denial of service (read access violation and application crash) via a crafted spreadsheet file, as demonstrated by a .xls file with battery voltage data.
EIP-2026-115385 EXPLOITDB perl WORKING POC
HCView - WriteAV Crash (PoC)
EIP-2026-115237 EXPLOITDB perl WORKING POC
FastStone Image Viewer 4.6 - ReadAVonIP Crash (PoC)
EIP-2026-114927 EXPLOITDB perl WORKING POC
Arctic Torrent 1.2.3 - Memory Corruption (Denial of Service)
EIP-2026-115146 EXPLOITDB python WORKING POC
DIMIN Viewer 5.4.0 - Crash (PoC)
EIP-2026-115163 EXPLOITDB perl WORKING POC
DomsHttpd 1.0 - Remote Denial of Service
EIP-2026-115304 EXPLOITDB python WORKING POC
FreeVimager 4.1.0 - Crash (PoC)
EIP-2026-109464 EXPLOITDB text WRITEUP
mieric AddressBook 1.0 - SQL Injection
EIP-2026-107198 EXPLOITDB text WRITEUP
Forum Oxalis 0.1.2 - SQL Injection
EIP-2026-106085 EXPLOITDB text WRITEUP
CommPort 1.01 - Multiple Vulnerabilities
EIP-2026-106079 EXPLOITDB text WORKING POC
Commentics 2.0 - Multiple Vulnerabilities
EIP-2026-106078 EXPLOITDB text WORKING POC
Commentics - 'index.php' Cross-Site Scripting
CVE-2012-6626 EXPLOITDB text WORKING POC
Brian Cabunac Browser TO Email Phone Message System - SQL Injection
SQL injection vulnerability in verify-user.php in b2ePMS 1.0 allows remote attackers to execute arbitrary SQL commands via the username field.
CVE-2013-6114 EXPLOITDB text WORKING POC
Apple Motion 5.0.7 - Denial of Service via OZDocument::parseElement Integer Overflow
Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service (application crash) via a (1) large or (2) small value in the subview attribute of a viewer element in a .motn file.
EIP-2026-103635 EXPLOITDB text WORKING POC
plow - '.plowrc' File Buffer Overflow
EIP-2026-103557 EXPLOITDB html WORKING POC
Mozilla Firefox - Remote Denial of Service