Joe Testa

8 exploits Active since Jan 2001
CVE-2001-0113 EXPLOITDB perl WORKING POC
OmniHTTPd 2.07 - Command Injection
statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute arbitrary commands via the mostbrowsers parameter, whose value is used as part of a generated Perl script.
CVE-2020-24574 WRITEUP HIGH WORKING POC
GOG GALAXY <2.0.41 - Privilege Escalation
The client (aka GalaxyClientService.exe) in GOG GALAXY through 2.0.41 (as of 12:58 AM Eastern, 9/26/21) allows local privilege escalation from any authenticated user to SYSTEM by instructing the Windows service to execute arbitrary commands. This occurs because the attacker can inject a DLL into GalaxyClient.exe, defeating the TCP-based "trusted client" protection mechanism.
CVSS 7.8
CVE-2020-7352 METASPLOIT HIGH ruby WORKING POC
GOG Galaxy < 1.2.64 - Hard-coded Credentials
The GalaxyClientService component of GOG Galaxy runs with elevated SYSTEM privileges in a Windows environment. Due to the software shipping with embedded, static RSA private key, an attacker with this key material and local user permissions can effectively send any operating system command to the service for execution in this elevated context. The service listens for such commands on a locally-bound network port, localhost:9978. A Metasploit module has been published which exploits this vulnerability. This issue affects the 2.0.x branch of the software (2.0.12 and earlier) as well as the 1.2.x branch (1.2.64 and earlier). A fix was issued for the 2.0.x branch of the affected software.
CVSS 8.4
CVE-2001-0114 EXPLOITDB perl WORKING POC
OmniHTTPd 2.07 - File Overwrite
statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite arbitrary files via the cgidir parameter.
CVE-2001-0199 EXPLOITDB text WRITEUP
Guido Frassetto Sedum - Path Traversal
Directory traversal vulnerability in SEDUM HTTP Server 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the HTTP GET request.
CVE-2000-1093 EXPLOITDB text WORKING POC
AOL Instant Messenger <4.3.2229 - RCE
Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote attackers to execute arbitrary commands via a long "goim" command.
CVE-2003-1414 EXPLOITDB text WORKING POC
Apple Darwin Streaming Server - Path Traversal
Directory traversal vulnerability in parse_xml.cg Apple Darwin Streaming Server 4.1.2 and Apple Quicktime Streaming Server 4.1.1 allows remote attackers to read arbitrary files via a ... (triple dot) in the filename parameter.
CVE-2001-0200 EXPLOITDB text WRITEUP
HSWeb 2.0 - Info Disclosure
HSWeb 2.0 HTTP server allows remote attackers to obtain the physical path of the server via a request to the /cgi/ directory, which will list the path if directory browsing is enabled.