Krystian Kloskowski (h07)

26 exploits Active since May 2007
CVE-2007-4031 EXPLOITDB html WORKING POC
Nessus Vulnerability Scanner <3.0.6 - Path Traversal
Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via a .. (dot dot) in the argument to the deleteReport method, probably related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll.
CVE-2008-0623 EXPLOITDB php WORKING POC
Yahoo! Music Jukebox 2.2.2.056 - Stack-Based Buffer Overflow via AddImage Method
Stack-based buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! Music Jukebox 2.2.2.056 allows remote attackers to execute arbitrary code via a long argument to the AddImage method.
CVE-2008-0623 EXPLOITDB html WORKING POC
Yahoo! Music Jukebox 2.2.2.056 - Stack-Based Buffer Overflow via AddImage Method
Stack-based buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! Music Jukebox 2.2.2.056 allows remote attackers to execute arbitrary code via a long argument to the AddImage method.
CVE-2007-4061 EXPLOITDB html WORKING POC
Nessus Vulnerability Scanner <3.0.6 - Path Traversal
Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the saveNessusRC method, which writes text specified by the addsetConfig method, possibly related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll. NOTE: this can be leveraged for code execution by writing to a Startup folder.
CVE-2007-5067 EXPLOITDB python WORKING POC
iMatix Xitami Web Server 2.5c2 - Remote Code Execution via Long If-Modified-Since Header
Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remote attackers to execute arbitrary code via a long If-Modified-Since header to (1) xigui32.exe or (2) xitami.exe.
CVE-2008-0624 EXPLOITDB php WORKING POC
Yahoo! Music Jukebox 2.2.2.56 - Buffer Overflow via Datagrid ActiveX AddButton Method
Buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! JukeBox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddButton method, a different vulnerability than CVE-2008-0623.
CVE-2007-3612 EXPLOITDB python WORKING POC
Visual IRC 2.0 - Remote Code Execution via Long JOIN Response
Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC servers to execute arbitrary code via a long response to a JOIN command.
CVE-2007-4031 EXPLOITDB html WORKING POC
Nessus Vulnerability Scanner <3.0.6 - Path Traversal
Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via a .. (dot dot) in the argument to the deleteReport method, probably related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll.
CVE-2007-4062 EXPLOITDB html WORKING POC
Nessus Vulnerability Scanner <3.0.6 - Path Traversal
The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via unspecified vectors involving the deleteNessusRC method, probably a directory traversal vulnerability.
CVE-2007-4983 EXPLOITDB html WORKING POC
JetAudio 7.0.3 Basic and 7.0.3.3016 - Path Traversal and Arbitrary File Write via DownloadFromMusicStore Method
Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX control in JetFlExt.dll in jetAudio 7.0.3 Basic and 7.0.3.3016 allows remote attackers to create or overwrite arbitrary local files via a ..\ (dot dot backslash) in the second argument to the DownloadFromMusicStore method. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for code execution by overwriting JetAudio.exe, which is launched by the control after completion of the method call.
CVE-2007-4336 EXPLOITDB html WORKING POC
Microsoft DirectX Media 6.0 - Buffer Overflow
Buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX control in DXTLIPI.DLL 6.0.2.827, as packaged in Microsoft DirectX Media 6.0 SDK, allows remote attackers to execute arbitrary code via a long SourceUrl property value.
CVE-2007-3166 EXPLOITDB python WORKING POC
Qualcomm Eudora 7.1.0.9 - Buffer Overflow via Long IMAP FLAGS Response
Buffer overflow in Qualcomm Eudora 7.1.0.9 allows user-assisted, remote IMAP servers to execute arbitrary code via a long FLAGS response to a SELECT INBOX command.
CVE-2008-1472 EXPLOITDB html WORKING POC
ListCtrl ActiveX Control - Buffer Overflow
Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method.
CVE-2008-0470 EXPLOITDB html WORKING POC
Comodo AntiVirus 2.0 - Command Injection
A certain ActiveX control in Comodo AntiVirus 2.0 allows remote attackers to execute arbitrary commands via the ExecuteStr method.
CVE-2007-2770 EXPLOITDB python WORKING POC
Eudora 7.1 - Remote Code Execution via Long SMTP Reply
Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote SMTP servers to execute arbitrary code via a long SMTP reply. NOTE: the user must click through a warning about a possible buffer overflow exploit to trigger this issue.
CVE-2008-4321 EXPLOITDB perl WORKING POC
FlashGet FTP 1.9 - Remote Code Execution via Long PWD Response
Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FTP servers to execute arbitrary code via a long response to the PWD command.
CVE-2010-1939 EXPLOITDB html WORKING POC
Apple Safari 4.0.5 - Use-After-Free via Popup Window Close Method
Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object.
CVE-2007-6166 EXPLOITDB perl WORKING POC
Apple QuickTime <7.3.1 - Buffer Overflow
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.
CVE-2007-6166 EXPLOITDB python WORKING POC
Apple QuickTime <7.3.1 - Buffer Overflow
Stack-based buffer overflow in Apple QuickTime before 7.3.1, as used in QuickTime Player on Windows XP and Safari on Mac OS X, allows remote Real Time Streaming Protocol (RTSP) servers to execute arbitrary code via an RTSP response with a long Content-Type header.
CVE-2008-3182 EXPLOITDB c WORKING POC
Download Accelerator Plus <8.6.6.3 - Buffer Overflow
Stack-based buffer overflow in DAP.exe in Download Accelerator Plus (DAP) 7.0.1.3, 8.6.6.3, and other 8.x versions allows user-assisted remote attackers to execute arbitrary code via an M3U (.m3u) file containing a long MP3 URL.
CVE-2007-5487 EXPLOITDB python WORKING POC
jetAudio Basic 7.0.3 - Stack-Based Buffer Overflow via Long URL in EXTM3U Section
Stack-based buffer overflow in COWON America jetAudio Basic 7.0.3 allows user-assisted remote attackers to execute arbitrary code via a long URL in an EXTM3U section of a .m3u file.
CVE-2008-3182 EXPLOITDB python WORKING POC
Download Accelerator Plus <8.6.6.3 - Buffer Overflow
Stack-based buffer overflow in DAP.exe in Download Accelerator Plus (DAP) 7.0.1.3, 8.6.6.3, and other 8.x versions allows user-assisted remote attackers to execute arbitrary code via an M3U (.m3u) file containing a long MP3 URL.
CVE-2008-0624 EXPLOITDB html WORKING POC
Yahoo! Music Jukebox 2.2.2.56 - Buffer Overflow via Datagrid ActiveX AddButton Method
Buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! JukeBox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddButton method, a different vulnerability than CVE-2008-0623.
EIP-2026-115780 EXPLOITDB python WORKING POC
Microsoft Windows - DCE-RPC svcctl ChangeServiceConfig2A() Memory Corruption
CVE-2008-4321 EXPLOITDB python WORKING POC
FlashGet FTP 1.9 - Remote Code Execution via Long PWD Response
Buffer overflow in FlashGet (formerly JetCar) FTP 1.9 allows remote FTP servers to execute arbitrary code via a long response to the PWD command.