Joseph Sheridan

9 exploits Active since Jul 2012
CVE-2012-2763 METASPLOIT ruby WORKING POC
GIMP < 2.6.13 - Remote Code Execution via Long String in Script-Fu Server Command
Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server.
CVE-2012-2763 EXPLOITDB ruby WORKING POC
GIMP < 2.6.13 - Remote Code Execution via Long String in Script-Fu Server Command
Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server.
CVE-2012-4988 EXPLOITDB text WRITEUP
XnView 1.99 and 1.99.1 - Remote Code Execution via Crafted JLS Image File
Heap-based buffer overflow in the xjpegls.dll (aka JLS, JPEG-LS, or JPEG lossless) format plugin in XnView 1.99 and 1.99.1 allows remote attackers to execute arbitrary code via a crafted JLS image file.
CVE-2012-2763 EXPLOITDB c WORKING POC
GIMP < 2.6.13 - Remote Code Execution via Long String in Script-Fu Server Command
Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server.
CVE-2012-3585 EXPLOITDB text WRITEUP
IrfanView PlugIns < 4.33 - Remote Code Execution via Crafted JLS File
Heap-based buffer overflow in jpeg_ls.dll in the Jpeg_LS (aka JLS) plugin in the formats plugins in IrfanView PlugIns before 4.34 allows remote attackers to execute arbitrary code via a crafted JLS file.
CVE-2013-2594 EXPLOITDB text WRITEUP
Hornbill Supportworks ITSM <3.4.14 - SQL Injection
SQL injection vulnerability in reports/calldiary.php in Hornbill Supportworks ITSM 1.0.0 through 3.4.14 allows remote attackers to execute arbitrary SQL commands via the callref parameter.
CVE-2012-4240 EXPLOITDB text WRITEUP
Group-Office < 4.0.90 - Authenticated SQL Injection via Calendar Sort Parameter
SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.
CVE-2012-4982 EXPLOITDB text WRITEUP
Forescout CounterACT <7.0 - Open Redirect
Open redirect vulnerability in assets/login on the Forescout CounterACT NAC device before 7.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the a parameter.
CVE-2012-3236 EXPLOITDB text WRITEUP
GIMP < 2.9.2 - Denial of Service via Malformed FITS File XTENSION Header
fits-io.c in GIMP before 2.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a malformed XTENSION header of a .fit file, as demonstrated using a long string.