John Leitch

89 exploits Active since Jun 2010
CVE-2011-1714 EXPLOITDB text WORKING POC
QooxDoo 1.3 - XSS
Cross-site scripting (XSS) vulnerability in framework/source/resource/qx/test/jsonp_primitive.php in QooxDoo 1.3 and possibly other versions, as used in eyeOS 2.2 and 2.3, and possibly other products allows remote attackers to inject arbitrary web script or HTML via the callback parameter.
CVE-2010-10012 EXPLOITDB text WORKING POC
httpdasm 0.92 - Path Traversal
A path traversal vulnerability exists in httpdasm version 0.92, a lightweight Windows HTTP server, that allows unauthenticated attackers to read arbitrary files on the host system. By sending a specially crafted GET request containing a sequence of URL-encoded backslashes and directory traversal patterns, an attacker can escape the web root and access sensitive files outside of the intended directory.
CVE-2010-10012 METASPLOIT ruby WORKING POC
httpdasm 0.92 - Path Traversal
A path traversal vulnerability exists in httpdasm version 0.92, a lightweight Windows HTTP server, that allows unauthenticated attackers to read arbitrary files on the host system. By sending a specially crafted GET request containing a sequence of URL-encoded backslashes and directory traversal patterns, an attacker can escape the web root and access sensitive files outside of the intended directory.
CVE-2014-3789 METASPLOIT ruby WORKING POC
Cogentdatahub Cogent Datahub < 7.3.4 - Code Injection
GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.
EIP-2026-119381 EXPLOITDB python WORKING POC
InterPhoto Image Gallery 2.4.2 - 'IPLANG' Local File Inclusion
EIP-2026-119330 EXPLOITDB text WORKING POC
YelloSoft Pinky 1.0 - Directory Traversal
EIP-2026-119342 EXPLOITDB text WORKING POC
Abyss Web Server X1 - Cross-Site Request Forgery
EIP-2026-119156 EXPLOITDB python WORKING POC
Solar FTP Server 2.1.1 - 'PASV' Remote Buffer Overflow
EIP-2026-118984 EXPLOITDB text WRITEUP
OneHTTPD 0.6 - Directory Traversal
EIP-2026-119142 EXPLOITDB text WORKING POC
Simple Web Server 1.2 - Directory Traversal
EIP-2026-119055 EXPLOITDB text WRITEUP
Project Jug 1.0.0 - Directory Traversal
EIP-2026-119070 EXPLOITDB text WORKING POC
QuickPHP Web Server 1.9.1 - Directory Traversal
EIP-2026-118774 EXPLOITDB text WORKING POC
Mereo 1.9.1 - Directory Traversal
EIP-2026-118901 EXPLOITDB text WORKING POC
MinaliC WebServer 1.0 - Directory Traversal
EIP-2026-118636 EXPLOITDB python WORKING POC
Home FTP Server 1.10.2.143 - Directory Traversal
EIP-2026-118637 EXPLOITDB html WORKING POC
Home FTP Server 1.10.3 (build 144) - Cross-Site Request Forgery
CVE-2014-3789 EXPLOITDB ruby WORKING POC
Cogentdatahub Cogent Datahub < 7.3.4 - Code Injection
GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.
EIP-2026-118462 EXPLOITDB text WORKING POC
Easy File Sharing Web Server 5.8 - Multiple Vulnerabilities
EIP-2026-118306 EXPLOITDB python WORKING POC
Basic Web Server 1.0 - Directory Traversal / Denial of Service
EIP-2026-116173 EXPLOITDB python WORKING POC
RealVNC 4.1.3 - 'ClientCutText' Message Remote Denial of Service
EIP-2026-116237 EXPLOITDB text WORKING POC
serva32 1.2.00 rc1 - Multiple Vulnerabilities
EIP-2026-116111 EXPLOITDB text WORKING POC
Python 2.7 hotshot Module - 'pack_string' Heap Buffer Overflow (PoC)
EIP-2026-116112 EXPLOITDB text WRITEUP
Python 3.3 < 3.5 - 'product_setstate()' Out-of-Bounds Read
EIP-2026-115838 EXPLOITDB python WORKING POC
MinaliC WebServer 1.0 - Denial of Service
EIP-2026-116110 EXPLOITDB text WORKING POC
Python 2.7 - 'strop.replace()' Method Integer Overflow