Joxean Koret

31 exploits Active since Sep 2004
CVE-2017-7494 NOMISEC CRITICAL WORKING POC
Samba is_known_pipename() Arbitrary Module Load
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
260 stars
CVSS 9.8
CVE-2017-7494 GITLAB CRITICAL WORKING POC
Samba is_known_pipename() Arbitrary Module Load
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
CVSS 9.8
CVE-2017-7494 NOMISEC CRITICAL WORKING POC
Samba is_known_pipename() Arbitrary Module Load
Samba since version 3.5.0 and before 4.6.4, 4.5.10 and 4.4.14 is vulnerable to remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
CVSS 9.8
CVE-2014-125118 EXPLOITDB CRITICAL ruby WORKING POC
eScan Web Management Console <5.5-2 - Command Injection
A command injection vulnerability exists in the eScan Web Management Console version 5.5-2. The application fails to properly sanitize the 'pass' parameter when processing login requests to login.php, allowing an authenticated attacker with a valid username to inject arbitrary commands via a specially crafted password value. Successful exploitation results in remote code execution. Privilege escalation to root is possible by abusing the runasroot utility with mwconf-level privileges.
CVE-2014-125118 METASPLOIT CRITICAL ruby WORKING POC
eScan Web Management Console <5.5-2 - Command Injection
A command injection vulnerability exists in the eScan Web Management Console version 5.5-2. The application fails to properly sanitize the 'pass' parameter when processing login requests to login.php, allowing an authenticated attacker with a valid username to inject arbitrary commands via a specially crafted password value. Successful exploitation results in remote code execution. Privilege escalation to root is possible by abusing the runasroot utility with mwconf-level privileges.
EIP-2026-116984 EXPLOITDB text WORKING POC
Comodo Internet Security - HIPS/Sandbox Escape
CVE-2006-5789 EXPLOITDB python WORKING POC
WarFTPd 1.82.00-RC11 - Authenticated Denial of Service via Format String in FTP Commands
War FTP Daemon (WarFTPd) 1.82.00-RC11 allows remote authenticated users to cause a denial of service via a large number of "%s" format strings in (1) CWD, (2) CDUP, (3) DELE, (4) NLST, (5) LIST, (6) SIZE, and possibly other commands. NOTE: it is possible that vector 1 is an off-by-one variant or incomplete fix of CVE-2005-0312.
CVE-2006-5826 EXPLOITDB python WORKING POC
WFTPD Pro Server 3.23.1.1 - Authenticated Buffer Overflow via APPE Command
Buffer overflow in Texas Imperial Software WFTPD Pro Server 3.23.1.1 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via crafted APPE commands that contain "/" (slash) or "\" (backslash) characters.
EIP-2026-115803 EXPLOITDB html WORKING POC
Microsoft Windows Media Digital Rights Management - ActiveX Control Buffer Overflow (PoC)
CVE-2006-1240 EXPLOITDB text WORKING POC
Firebird <1.5.2.4731 - Buffer Overflow
Buffer overflow in inet_server.cpp in (1) fb_inet_server and (2) fbserver in Firebird 1.5.2.4731 allows local users to gain privileges via a long value of the -p argument.
EIP-2026-113253 EXPLOITDB text WORKING POC
webcalendar 0.9.x - Multiple Vulnerabilities
CVE-2004-2161 EXPLOITDB text WRITEUP
TUTOS 1.1 - SQL Injection via file_overview.php link_id Parameter
SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows remote attackers to execute arbitrary SQL commands via the link_id parameter.
CVE-2004-2162 EXPLOITDB text WORKING POC
TUTOS 1.1 - Cross-Site Scripting via Search Field or t Parameter
Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the search field of the Address Module or (2) the t parameter to app_new.php.
CVE-2004-1692 EXPLOITDB text WRITEUP
Mambo Open Source 4.5 (1.0.9) - Cross-Site Scripting via Itemid, mosmsg, or limit Parameters
Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1.0.9) allows remote attackers to inject arbitrary web script or HTML via the (1) Itemid, (2) mosmsg, or (3) limit parameters.
CVE-2004-1693 EXPLOITDB text WRITEUP
Mambo 4.5 (1.0.9) - Remote File Inclusion via mosConfig_absolute_path Parameter
PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 (1.0.9) allows remote attackers to execute arbitrary PHP code by modifying the mosConfig_absolute_path parameter to reference a URL on a remote web server that contains the code.
CVE-2004-1467 EXPLOITDB text WRITEUP
eGroupWare <= 1.0.00.003 - Cross-Site Scripting via Multiple Input Fields
Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.0.00.003 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) date or search text field in the calendar module, (2) Field parameter, Filter parameter, QField parameter, Start parameter or Search field in the address module, (3) Subject field in the message module or (4) Subject field in the Ticket module.
EIP-2026-104032 EXPLOITDB text WORKING POC
Oracle E-Business Suite Financials 12 - 'jtfwcpnt.jsp' SQL Injection
EIP-2026-104015 EXPLOITDB text WORKING POC
OpenWFE 1.4.x - Cross-Site Scripting / Connection Proxy
EIP-2026-104040 EXPLOITDB text WORKING POC
Oracle Secure Backup 10g - 'exec_qr()' Command Injection
EIP-2026-103799 EXPLOITDB text WORKING POC
Oracle 10g - SYS.DBMS_CDC_IMPDP.BUMP_SEQUENCE PL / SQL Injection
CVE-2008-2595 EXPLOITDB python WORKING POC
Oracle Internet Directory 9.0.4.3, 10.1.2.3, 10.1.4.2 - Denial of Service via Malformed LDAP Request
Unspecified vulnerability in the Oracle Internet Directory component in Oracle Application Server 9.0.4.3, 10.1.2.3, and 10.1.4.2 has unknown impact and remote attack vectors. NOTE: the previous information was obtained from the Oracle July 2008 CPU. Oracle has not commented on reliable researcher claims that this issue is a denial of service (crash) via a malformed LDAP request that triggers a NULL pointer dereference.
EIP-2026-103619 EXPLOITDB python WORKING POC
Oracle TimesTen - Remote Format String (PoC)
CVE-2006-3698 EXPLOITDB text WORKING POC
Oracle Database 10.1.0.5 - SQL Injection in Change Data Capture and Data Pump Metadata API
Multiple unspecified vulnerabilities in Oracle Database 10.1.0.5 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB01 for Change Data Capture (CDC) component and (2) DB03 for Data Pump Metadata API. NOTE: as of 20060719, Oracle has not disputed a claim by a reliable researcher that DB01 is related to multiple SQL injection vulnerabilities in SYS.DBMS_CDC_IMPDP using the (a) IMPORT_CHANGE_SET, (b) IMPORT_CHANGE_TABLE, (c) IMPORT_CHANGE_COLUMN, (d) IMPORT_SUBSCRIBER, (e) IMPORT_SUBSCRIBED_TABLE, (f) IMPORT_SUBSCRIBED_COLUMN, (g) VALIDATE_IMPORT, (h) VALIDATE_CHANGE_SET, (i) VALIDATE_CHANGE_TABLE, and (j) VALIDATE_SUBSCRIPTION procedures, and that DB03 is for SQL injection in the MAIN procedure for SYS.KUPW$WORKER.
CVE-2006-0586 EXPLOITDB text WORKING POC
Oracle 10g Release 1 - SQL Injection via Multiple Parameters in SYS.KUPV$FT and SYS.KUPV$FT_INT Packages
Multiple SQL injection vulnerabilities in Oracle 10g Release 1 before CPU Jan 2006 allow remote attackers to execute arbitrary SQL commands via multiple parameters in (1) ATTACH_JOB, (2) HAS_PRIVS, and (3) OPEN_JOB functions in the SYS.KUPV$FT package; and (4) UPDATE_JOB, (5) ACTIVE_JOB, (6) ATTACH_POSSIBLE, (7) ATTACH_TO_JOB, (8) CREATE_NEW_JOB, (9) DELETE_JOB, (10) DELETE_MASTER_TABLE, (11) DETACH_JOB, (12) GET_JOB_INFO, (13) GET_JOB_QUEUES, (14) GET_SOLE_JOBNAME, (15) MASTER_TBL_LOCK, and (16) VALID_HANDLE functions in the SYS.KUPV$FT_INT package. NOTE: due to the lack of relevant details from the Oracle advisory, a separate CVE is being created since it cannot be conclusively proven that these issues has been addressed by Oracle. It is unclear which, if any, Oracle Vuln# identifiers apply to these issues.
CVE-2005-3737 EXPLOITDB text WRITEUP
Inkscape 0.41-0.42.2 - Buffer Overflow in SVG Importer Style Property Handling
Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.