Julien Ahrens

68 exploits Active since Jul 2012
CVE-2012-3845 EXPLOITDB python WORKING POC
Lan Messenger1.2.28 - Memory Corruption
Buffer overflow in LAN Messenger 1.2.28 and earlier allows remote attackers to cause a denial of service (crash) via a long string in an initiation request.
CVE-2012-6042 EXPLOITDB python WORKING POC
Geopainting Gpsmapedit - Memory Corruption
GPSMapEdit 1.1.73.2 allows user-assisted remote attackers to cause a denial of service (crash) via a long string in a lst file.
EIP-2026-115013 EXPLOITDB text WORKING POC
BulletProof FTP Client 2010 - Buffer Overflow (PoC)
CVE-2014-2087 EXPLOITDB text WORKING POC
Free Download Manager <3.9.3-3.0 - Buffer Overflow
Stack-based buffer overflow in the CDownloads_Deleted::UpdateDownload function in Downloads_Deleted.cpp in Free Download Manager 3.9.3 build 1360, 3.8 build 1173, 3.0 build 852, and earlier allows user-assisted remote attackers to execute arbitrary code via a long file name, which is then deleted from the download queue by the user.
EIP-2026-115129 EXPLOITDB python WORKING POC
DAMN Hash Calculator 1.5.1 - Local Heap Overflow (PoC)
CVE-2013-6356 EXPLOITDB text WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue because of dependency on the victim's direct involvement in modifying the Windows registry to enable the attack. Notes: none
CVE-2017-14955 EXPLOITDB MEDIUM python WORKING POC
Checkmk - Information Disclosure
Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report.
CVSS 5.9
EIP-2026-114419 EXPLOITDB text WRITEUP
XenAPI 1.4.1 for XenForo - Multiple SQL Injections
CVE-2018-7841 EXPLOITDB CRITICAL text WORKING POC
U.motion Builder <1.3.4 - SQL Injection
A SQL Injection (CWE-89) vulnerability exists in U.motion Builder software version 1.3.4 which could cause unwanted code execution when an improper set of characters is entered.
CVSS 9.8
EIP-2026-106404 EXPLOITDB python WORKING POC
Dell KACE Systems Management Appliance (K1000) 6.4.120756 - Unauthenticated Remote Code Execution
CVE-2017-14956 EXPLOITDB MEDIUM text WORKING POC
Alienvault Unified Security Management < 5.4.2 - CSRF
AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. Besides offering an export via a local download, the script also offers the possibility to send out any report via email to a given address (either in PDF or XLS format). Since there is no anti-CSRF token protecting this functionality, it is vulnerable to Cross-Site Request Forgery attacks.
CVSS 5.7
EIP-2026-105188 EXPLOITDB text WRITEUP
aoop CMS 0.3.6 - Multiple Vulnerabilities
CVE-2020-16171 EXPLOITDB MEDIUM python WRITEUP
Acronis Cyber Backup < 12.5 - SSRF
An issue was discovered in Acronis Cyber Backup before 12.5 Build 16342. Some API endpoints on port 9877 under /api/ams/ accept an additional custom Shard header. The value of this header is afterwards used in a separate web request issued by the application itself. This can be abused to conduct SSRF attacks against otherwise unreachable Acronis services that are bound to localhost such as the NotificationService on 127.0.0.1:30572.
CVSS 6.5
EIP-2026-102359 EXPLOITDB text WRITEUP
Atlassian Confluence AppFusions Doxygen 1.3.0 - Directory Traversal
EIP-2026-102485 EXPLOITDB text WORKING POC
Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
EIP-2026-102448 EXPLOITDB text WORKING POC
Ubiquiti Networks UniFi 3.2.10 - Cross-Site Request Forgery
EIP-2026-102376 EXPLOITDB text WORKING POC
HP Intelligent Management Center - 'topoContent.jsf' Cross-Site Scripting
EIP-2026-102358 EXPLOITDB text WRITEUP
AppFusions Doxygen for Atlassian Confluence 1.3.2 - Cross-Site Scripting