Juan Pablo Lopez Yacubian

20 exploits Active since Feb 2008
CVE-2009-1435 EXPLOITDB text WRITEUP
Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 Patch 1 - Denial of Service via Long Pathname
NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 Patch 1 allows local users to cause a denial of service (application crash) via directories with long pathnames. NOTE: some of these details are obtained from third party information.
CVE-2008-7009 EXPLOITDB text WORKING POC
Check Point ZoneAlarm Security Suite 7.0.483.000 and 8.0.020.000 - Local Buffer Overflow via Long Path
Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security Suite 7.0.483.000 and 8.0.020.000 allows local users to execute arbitrary code via a file or directory with a long path. NOTE: some of these details are obtained from third party information.
EIP-2026-115653 EXPLOITDB html WORKING POC
Microsoft Excel 2007 - JavaScript Code Remote Denial of Service
CVE-2009-0341 EXPLOITDB html WORKING POC
Microsoft Internet Explorer 7.0 - RCE
The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability.
CVE-2008-2069 EXPLOITDB text WORKING POC
Novell GroupWise 7 - Buffer Overflow via Long Argument in mailto: URI
Buffer overflow in Novell GroupWise 7 allows remote attackers to cause a denial of service or execute arbitrary code via a long argument in a mailto: URI.
CVE-2008-0872 EXPLOITDB text WORKING POC
SmarterTools SmarterMail Enterprise 4.3 - Stored Cross-Site Scripting via Email Subject STYLE Attribute
Cross-site scripting (XSS) vulnerability in SmarterTools SmarterMail Enterprise 4.3 allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute of an element in the Subject field of an e-mail message.
CVE-2017-15235 EXPLOITDB HIGH WRITEUP
Horde Groupware <5.2.21 - Auth Bypass
The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename.
CVSS 7.5
EIP-2026-104614 EXPLOITDB html WORKING POC
Apple Safari 3.1 - Window.setTimeout Variant Content Spoofing
EIP-2026-104527 EXPLOITDB text WRITEUP
Novell Groupwise 7.0 - HTML Injection / Denial of Service
EIP-2026-104045 EXPLOITDB text WRITEUP
Outpost Security Suite Pro 2009 - Filename Parsing Security Bypass
EIP-2026-103909 EXPLOITDB html WORKING POC
Google Chrome 2.0.172 - 'About:blank' Address Bar URI Spoofing 'About:blank' Address Bar URI Spoofing
EIP-2026-103643 EXPLOITDB text WORKING POC
QK SMTP Server - Malformed Commands Multiple Remote Denial of Service Vulnerabilities
EIP-2026-103858 EXPLOITDB html WORKING POC
Apple Safari 4.0.1 - Error Page Address Bar URI Spoofing
EIP-2026-103487 EXPLOITDB javascript WORKING POC
Google Chrome 0.2.149 - Malformed 'view-source' HTTP Header Remote Denial of Service
CVE-2009-2654 EXPLOITDB html WORKING POC
Mozilla Firefox <3.0.13, 3.5.x <3.5.2 - XSS
Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page.
EIP-2026-102607 EXPLOITDB html WORKING POC
GNOME Evolution 2.22.2 - 'html_engine_get_view_width()' Denial of Service
CVE-2008-2955 EXPLOITDB text WRITEUP
Pidgin 2.4.1 - Denial of Service via Long Filename in MSN Message
Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function.
CVE-2008-7185 EXPLOITDB text WORKING POC
GNOME Rhythmbox 0.11.5 - Denial of Service via Long Title Field in Playlist File
GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and crash) via a playlist (.pls) file with a long Title field, possibly related to the g_hash_table_lookup function in b-playlist-manager.c.
CVE-2009-0649 EXPLOITDB html WORKING POC
Nokia N95 Symbian S60 Browser - Denial of Service via JavaScript setAttributeNode Method
The web browser in Symbian OS on the Nokia N95 cell phone allows remote attackers to cause a denial of service (crash) via JavaScript code that calls the setAttributeNode method.
EIP-2026-101054 EXPLOITDB text WORKING POC
Nokia N95-8 - '.jpg' Remote Crash (PoC)