Jeremy Brown

76 exploits Active since Mar 2008
CVE-2008-4699 EXPLOITDB html WORKING POC
Peachtree Accounting 2004 - Remote Code Execution via PAWWeb11.ocx ExecutePreferredApplication Method
Insecure method vulnerability in the ActiveX control (PAWWeb11.ocx) in Peachtree Accounting 2004 allows remote attackers to execute arbitrary programs via the ExecutePreferredApplication method.
EIP-2026-118368 EXPLOITDB python WORKING POC
ClearSCADA - Remote Authentication Bypass
CVE-2011-1220 EXPLOITDB ruby WORKING POC
IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, 4.3.1 - Authenticated Stack-Based Buffer Overflow via Long opts Field
Stack-based buffer overflow in lcfd.exe in Tivoli Endpoint in IBM Tivoli Management Framework 3.7.1, 4.1, 4.1.1, and 4.3.1 allows remote authenticated users to execute arbitrary code via a long opts field.
EIP-2026-118669 EXPLOITDB python WORKING POC
IBM Tivoli Endpoint 4.1.1 - Remote SYSTEM
CVE-2011-5227 EXPLOITDB ruby WORKING POC
Enterasys NetSight < 4.1.0.79 - Remote Code Execution via Long PRIO Field in Syslog Message
Stack-based buffer overflow in the Syslog service (nssyslogd.exe) in Enterasys Network Management Suite (NMS) before 4.1.0.80 allows remote attackers to execute arbitrary code via a long PRIO field in a message to UDP port 514.
EIP-2026-117634 EXPLOITDB text WORKING POC
Mozilla Firefox 3.5.3 - Local Download Manager Temp File Creation
EIP-2026-116873 EXPLOITDB ruby WORKING POC
BACnet OPC Client - Local Buffer Overflow (Metasploit) (2)
CVE-2009-1586 EXPLOITDB perl WORKING POC
GrabIt < 1.7.2 Beta 3 - Stack-Based Buffer Overflow via NZB File DTD Reference
Stack-based buffer overflow in the NZB importer feature in GrabIt 1.7.2 Beta 3 and earlier allows remote attackers to execute arbitrary code via a crafted DTD reference in a DOCTYPE element in an NZB file.
EIP-2026-117228 EXPLOITDB ruby WORKING POC
gAlan 0.2.1 - Universal Buffer Overflow (Metasploit)
EIP-2026-116993 EXPLOITDB perl WORKING POC
CoolPlayer 2.19 - 'PlaylistSkin' Local Buffer Overflow
CVE-2014-7872 EXPLOITDB text WRITEUP
Comodo GeekBuddy < 4.18.120 - Unauthenticated Privilege Escalation via VNC Server
Comodo GeekBuddy before 4.18.121 does not restrict access to the VNC server, which allows local users to gain privileges by connecting to the server.
CVE-2010-4740 EXPLOITDB python WORKING POC
SCADA Engine BACnet OPC Client <1.0.25 - Buffer Overflow
Stack-based buffer overflow in WTclient.dll in SCADA Engine BACnet OPC Client before 1.0.25 allows user-assisted remote attackers to execute arbitrary code via a crafted .csv file, related to a status log message.
CVE-2009-2564 EXPLOITDB text WORKING POC
NOS Microsystems getPlus Download Manager - Privilege Escalation
NOS Microsystems getPlus Download Manager, as used in Adobe Reader 1.6.2.36 and possibly other versions, Corel getPlus Download Manager before 1.5.0.48, and possibly other products, installs NOS\bin\getPlus_HelperSvc.exe with insecure permissions (Everyone:Full Control), which allows local users to gain SYSTEM privileges by replacing getPlus_HelperSvc.exe with a Trojan horse program, as demonstrated by use of getPlus Download Manager within Adobe Reader. NOTE: within Adobe Reader, the scope of this issue is limited because the program is deleted and the associated service is not automatically launched after a successful installation and reboot.
CVE-2008-6175 EXPLOITDB perl WORKING POC
SilverSHielD 1.0.2.34 - Denial of Service via SFTP Opendir Command
SilverSHielD 1.0.2.34 allows remote attackers to cause a denial of service (application crash) via a crafted argument to the opendir SFTP command.
EIP-2026-116631 EXPLOITDB html WORKING POC
Yahoo Messenger 8.1 - ActiveX Remote Denial of Service
EIP-2026-115785 EXPLOITDB python WORKING POC
Microsoft Windows 10 (x86/x64) - WLAN AutoConfig Denial of Service (PoC)
CVE-2008-1311 EXPLOITDB perl WORKING POC
PacketTrap pt360 Tool Suite PRO <2.0.3901.0 - DoS
The TFTP server in PacketTrap pt360 Tool Suite PRO 2.0.3901.0 and earlier allows remote attackers to cause a denial of service (daemon hang) by uploading a file named (1) '|' (pipe), (2) '"' (quotation mark), or (3) "<>" (less than, greater than); or (4) a file with a long name. NOTE: the issue for vector 4 might exist because of an incomplete fix for CVE-2008-1312.
CVE-2011-0489 EXPLOITDB python WORKING POC
Objectivity/DB 10.0 - Unauthenticated Administrative Command Execution via Lock Server or Advanced Multithreaded Server
The server components in Objectivity/DB 10.0 do not require authentication for administrative commands, which allows remote attackers to modify data, obtain sensitive information, or cause a denial of service by sending requests over TCP to (1) the Lock Server or (2) the Advanced Multithreaded Server, as demonstrated by commands that are ordinarily sent by the (a) ookillls and (b) oostopams applications. NOTE: some of these details are obtained from third party information.
EIP-2026-115967 EXPLOITDB perl WORKING POC
Novell Netware 6.5 - 'ICEbrowser' Remote System Denial of Service
EIP-2026-115929 EXPLOITDB text WRITEUP
netsurf Web browser 1.2 - Multiple Vulnerabilities
CVE-2009-2953 EXPLOITDB perl WORKING POC
Mozilla Firefox 3.0.6-3.0.13 and 3.5.x - Denial of Service via Long Location Hash
Mozilla Firefox 3.0.6 through 3.0.13, and 3.5.x, allows remote attackers to cause a denial of service (CPU consumption) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.
CVE-2008-5232 EXPLOITDB html WORKING POC
Microsoft Windows Media Services <4.1.00.3917 - RCE
Buffer overflow in the CallHTMLHelp method in the Microsoft Windows Media Services ActiveX control in nskey.dll 4.1.00.3917 in Windows Media Services on Microsoft Windows NT and 2000, and Avaya Media and Message Application servers, allows remote attackers to execute arbitrary code via a long argument. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-4775 EXPLOITDB perl WORKING POC
Ipswitch WS_FTP Professional 12 - Denial of Service via HTTP Response Status Code Format String
Format string vulnerability in Ipswitch WS_FTP Professional 12 before 12.2 allows remote attackers to cause a denial of service (crash) via format string specifiers in the status code portion of an HTTP response.
EIP-2026-115427 EXPLOITDB python WORKING POC
IGSS 8 ODBC Server - Multiple Remote Uninitialized Pointer Free Denial of Service Vulnerabilities
CVE-2008-4071 EXPLOITDB html WORKING POC
Adobe Acrobat 9 - Denial of Service via Invalid acroie:// URL
A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL.