Jerome Athias

15 exploits Active since Aug 2004
CVE-2005-0338 EXPLOITDB python WORKING POC
Savant Web Server 3.1 - Remote Code Execution via Long HTTP Request
Buffer overflow in Savant Web Server 3.1 allows remote attackers to execute arbitrary code via a long HTTP request.
CVE-2008-4033 EXPLOITDB html WORKING POC
Microsoft XML Core Services 3.0-6.0 - Info Disclosure
Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."
CVE-2005-1903 EXPLOITDB c++ WORKING POC
SPA-PRO Mail @Solomon 4.00 - Authenticated Buffer Overflow via IMAP CREATE Command
Buffer overflow in the IMAP service for SPA-PRO Mail @Solomon 4.00 allows remote authenticated users to execute arbitrary code via a long CREATE command.
CVE-2006-3912 EXPLOITDB python WORKING POC
WinRAR - Stack-based Buffer Overflow in SFX Module
Stack-based buffer overflow in the SFX module in WinRAR before 3.60 beta 8 has unspecified vectors and impact.
CVE-2005-1371 EXPLOITDB c++ WORKING POC
BulletProof FTP Server 2.4.0.31 - Privilege Escalation
BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not properly drop privileges before opening files through the Help menu, which allows local users to gain privileges.
CVE-2006-6750 EXPLOITDB perl WORKING POC
XM Easy Personal FTP Server 5.0.1 - DoS
Format string vulnerability in XM Easy Personal FTP Server 5.0.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in a long PORT command. NOTE: this issue might be related to CVE-2006-2226.
CVE-2008-4255 EXPLOITDB perl WORKING POC
Microsoft Office Frontpage - Memory Corruption
Heap-based buffer overflow in mscomct2.ocx (aka Windows Common ActiveX control or Microsoft Animation ActiveX control) in Microsoft Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2, and Office Project 2003 SP3 and 2007 Gold and SP1 allows remote attackers to execute arbitrary code via an AVI file with a crafted stream length, which triggers an "allocation error" and memory corruption, aka "Windows Common AVI Parsing Overflow Vulnerability."
CVE-2007-3479 EXPLOITDB text WRITEUP
PCSoft WinDEV 11 (01F110053p) - Stack-Based Buffer Overflow via WDP Project File Used DLL Field
Stack-based buffer overflow in PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to execute arbitrary code via a long string in the "used DLL" field in a WDP project file.
CVE-2006-2180 EXPLOITDB perl WORKING POC
Golden FTP Server Pro 2.70 - Buffer Overflow via NLST or APPE Command
Buffer overflow in Golden FTP Server Pro 2.70 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long argument to the (1) NLST or (2) APPE commands, as demonstrated by the Infigo FTPStress Fuzzer.
EIP-2026-114929 EXPLOITDB perl WORKING POC
ArGoSoft FTP Server 1.4.3.5 - Remote Buffer Overflow (PoC)
CVE-2004-1535 EXPLOITDB perl WORKING POC
phpBB Cash Mod - Remote File Inclusion via phpbb_root_path Parameter
PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote web server that contains the code.
CVE-2008-1702 EXPLOITDB text WORKING POC
e107 my_gallery 2.3 - Absolute Path Traversal via dload.php file Parameter
Absolute path traversal vulnerability in dload.php in the my_gallery 2.3 plugin for e107 allows remote attackers to obtain sensitive information via a full pathname in the file parameter. NOTE: some of these details are obtained from third party information.
EIP-2026-101312 EXPLOITDB text WORKING POC
Huawei SmartAX MT880 - Multiple Cross-Site Request Forgery Vulnerabilities
CVE-2004-1742 EXPLOITDB text WRITEUP
WebAPP 0.9.9 - Directory Traversal via Viewcat Parameter
Directory traversal vulnerability in WebAPP 0.9.9 allows remote attackers to view arbitrary files via a .. (dot dot) in the viewcat parameter.
CVE-2004-2275 EXPLOITDB perl WORKING POC
i-mall.cgi - Remote Command Execution via p Parameter
i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbitrary commands via shell metacharacters via the p parameter.