Juan Pablo Lopez Yacubian

20 exploits Active since Feb 2008
CVE-2009-1435 EXPLOITDB text WRITEUP
Trendmicro Officescan - Resource Management Error
NTRtScan.exe in Trend Micro OfficeScan Client 8.0 SP1 and 8.0 SP1 Patch 1 allows local users to cause a denial of service (application crash) via directories with long pathnames. NOTE: some of these details are obtained from third party information.
CVE-2008-7009 EXPLOITDB text WORKING POC
Checkpoint Zonealarm - Memory Corruption
Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security Suite 7.0.483.000 and 8.0.020.000 allows local users to execute arbitrary code via a file or directory with a long path. NOTE: some of these details are obtained from third party information.
EIP-2026-115653 EXPLOITDB html WORKING POC
Microsoft Excel 2007 - JavaScript Code Remote Denial of Service
CVE-2009-0341 EXPLOITDB html WORKING POC
Microsoft Internet Explorer 7.0 - RCE
The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability.
CVE-2008-2069 EXPLOITDB text WORKING POC
Novell Groupwise - Memory Corruption
Buffer overflow in Novell GroupWise 7 allows remote attackers to cause a denial of service or execute arbitrary code via a long argument in a mailto: URI.
CVE-2008-0872 EXPLOITDB text WORKING POC
Smartertools Smartermail Enterprise - XSS
Cross-site scripting (XSS) vulnerability in SmarterTools SmarterMail Enterprise 4.3 allows remote attackers to inject arbitrary web script or HTML via a STYLE attribute of an element in the Subject field of an e-mail message.
CVE-2017-15235 EXPLOITDB HIGH WRITEUP
Horde Groupware <5.2.21 - Auth Bypass
The File Manager (gollem) module 3.0.11 in Horde Groupware 5.2.21 allows remote attackers to bypass Horde authentication for file downloads via a crafted fn parameter that corresponds to the exact filename.
CVSS 7.5
EIP-2026-104614 EXPLOITDB html WORKING POC
Apple Safari 3.1 - Window.setTimeout Variant Content Spoofing
EIP-2026-104527 EXPLOITDB text WRITEUP
Novell Groupwise 7.0 - HTML Injection / Denial of Service
EIP-2026-104045 EXPLOITDB text WRITEUP
Outpost Security Suite Pro 2009 - Filename Parsing Security Bypass
EIP-2026-103909 EXPLOITDB html WORKING POC
Google Chrome 2.0.172 - 'About:blank' Address Bar URI Spoofing 'About:blank' Address Bar URI Spoofing
EIP-2026-103643 EXPLOITDB text WORKING POC
QK SMTP Server - Malformed Commands Multiple Remote Denial of Service Vulnerabilities
EIP-2026-103858 EXPLOITDB html WORKING POC
Apple Safari 4.0.1 - Error Page Address Bar URI Spoofing
EIP-2026-103487 EXPLOITDB javascript WORKING POC
Google Chrome 0.2.149 - Malformed 'view-source' HTTP Header Remote Denial of Service
CVE-2009-2654 EXPLOITDB html WORKING POC
Mozilla Firefox <3.0.13, 3.5.x <3.5.2 - XSS
Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page.
EIP-2026-102607 EXPLOITDB html WORKING POC
GNOME Evolution 2.22.2 - 'html_engine_get_view_width()' Denial of Service
CVE-2008-2955 EXPLOITDB text WRITEUP
Pidgin - Improper Input Validation
Pidgin 2.4.1 allows remote attackers to cause a denial of service (crash) via a long filename that contains certain characters, as demonstrated using an MSN message that triggers the crash in the msn_slplink_process_msg function.
CVE-2008-7185 EXPLOITDB text WORKING POC
GNOME Rhythmbox 0.11.5 - DoS
GNOME Rhythmbox 0.11.5 allows remote attackers to cause a denial of service (segmentation fault and crash) via a playlist (.pls) file with a long Title field, possibly related to the g_hash_table_lookup function in b-playlist-manager.c.
CVE-2009-0649 EXPLOITDB html WORKING POC
Symbian OS - DoS
The web browser in Symbian OS on the Nokia N95 cell phone allows remote attackers to cause a denial of service (crash) via JavaScript code that calls the setAttributeNode method.
EIP-2026-101054 EXPLOITDB text WORKING POC
Nokia N95-8 - '.jpg' Remote Crash (PoC)