Kristian Hermansen

9 exploits Active since May 2005
CVE-2007-2356 EXPLOITDB c WORKING POC
Gimp 2.2.14 - Stack-Based Buffer Overflow in SUNRAS Plugin via RAS File
Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file.
CVE-2007-1531 EXPLOITDB python WORKING POC
Microsoft Windows XP and Vista - Denial of Service via Gratuitous ARP
Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host.
CVE-2007-1531 EXPLOITDB python WORKING POC
Microsoft Windows XP and Vista - Denial of Service via Gratuitous ARP
Microsoft Windows XP and Vista overwrites ARP table entries included in gratuitous ARP, which allows remote attackers to cause a denial of service (loss of network access) by sending a gratuitous ARP for the address of the Vista host.
EIP-2026-103576 EXPLOITDB text WORKING POC
Mozilla Firefox/Evince/EOG/Gimp - '.SVG' Denial of Service (PoC)
EIP-2026-103590 EXPLOITDB text WORKING POC
MySQL 5.0.45 - 'Alter' Denial of Service
CVE-2006-1183 EXPLOITDB perl WORKING POC
Ubuntu Linux 5.10 - Unprotected Password Exposure via Installer Log File
The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges.
EIP-2026-102587 EXPLOITDB text WRITEUP
Firefox / Evince / EoG / GIMP - '.SVG' File Processing Denial of Service
CVE-2006-7098 EXPLOITDB c WORKING POC
Debian apache - Local Privilege Escalation via TIOCSTI ioctl in CGI Program
The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
CVE-2005-1059 EXPLOITDB text WRITEUP
Linksys WET11 1.5.4 - Unauthenticated Password Change via changepw.html Data Parameter
Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html.