Laurent Gaffié

24 exploits Active since Nov 2006
CVE-2010-0269 EXPLOITDB python WORKING POC
Microsoft Windows - Remote Code Execution via Crafted SMB Response
The SMB client in Microsoft Windows 2000 SP4, Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly allocate memory for SMB responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Memory Allocation Vulnerability."
CVE-2010-0270 EXPLOITDB python WORKING POC
Windows 7 and Windows Server 2008 - Remote Code Execution via Crafted SMB Transaction Response
The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly validate fields in SMB transaction responses, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted (1) SMBv1 or (2) SMBv2 response, aka "SMB Client Transaction Vulnerability."
CVE-2010-0476 EXPLOITDB python WORKING POC
Microsoft Windows SMB Client - Remote Code Execution via Crafted SMB Transaction Response
The SMB client in Microsoft Windows Server 2003 SP2, Vista Gold, SP1, and SP2, and Windows Server 2008 Gold and SP2 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code or cause a denial of service (memory corruption and reboot) via a crafted SMB transaction response that uses (1) SMBv1 or (2) SMBv2, aka "SMB Client Response Parsing Vulnerability."
CVE-2006-5975 EXPLOITDB text WRITEUP
BlogMe 3.0 - Stored Cross-Site Scripting via Name URL or Comments Field
Multiple cross-site scripting (XSS) vulnerabilities in comments.asp in BlogMe 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) URL, or (3) Comments field.
CVE-2006-5863 EXPLOITDB text WORKING POC
otterware letterit2 - Remote File Inclusion via lang Parameter
PHP remote file inclusion vulnerability in inc/session.php for LetterIt 2 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter.
CVE-2009-1830 EXPLOITDB text WORKING POC
Soulseek 156 and 157 NS - Stack-Based Buffer Overflow via Long Search Query
Stack-based buffer overflow in Soulseek 156 and 157 NS allows remote attackers to execute arbitrary code via a long search query.
CVE-2009-1830 EXPLOITDB text WORKING POC
Soulseek 156 and 157 NS - Stack-Based Buffer Overflow via Long Search Query
Stack-based buffer overflow in Soulseek 156 and 157 NS allows remote attackers to execute arbitrary code via a long search query.
CVE-2016-7237 EXPLOITDB MEDIUM text WRITEUP
Microsoft Windows - Authenticated Denial of Service via LSASS Crafted Request
Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote authenticated users to cause a denial of service (system hang) via a crafted request, aka "Local Security Authority Subsystem Service Denial of Service Vulnerability."
CVSS 6.5
CVE-2009-3103 EXPLOITDB python WORKING POC
Windows Vista and Server 2008 - Remote Code Execution via SMBv2 Negotiate Protocol Request
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
CVE-2010-0477 EXPLOITDB python WORKING POC
Windows 7 and Windows Server 2008 - Remote Code Execution via Crafted SMB Response Packet
The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."
CVE-2009-3103 EXPLOITDB text WORKING POC
Windows Vista and Server 2008 - Remote Code Execution via SMBv2 Negotiate Protocol Request
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
CVE-2008-0778 EXPLOITDB text WORKING POC
Apple QuickTime < 7.4.1 - Stack-Based Buffer Overflow via QTPlugin.ocx ActiveX Methods
Multiple stack-based buffer overflows in an ActiveX control in QTPlugin.ocx for Apple QuickTime 7.4.1 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long arguments to the (1) SetBgColor, (2) SetHREF, (3) SetMovieName, (4) SetTarget, and (5) SetMatrix methods.
CVE-2008-0747 EXPLOITDB text WORKING POC
jetAudio Basic < 7.0.5 - Stack-based Buffer Overflow via Long URL in ASX File
Stack-based buffer overflow in COWON America jetAudio 7.0.5 and earlier allows user-assisted remote attackers to execute arbitrary code via a long URL in a .asx file, a different vulnerability than CVE-2007-5487.
CVE-2008-5406 EXPLOITDB text WORKING POC
Apple QuickTime Player 7.5.5-8.0.2.20 - Buffer Overflow
Stack-based buffer overflow in Apple QuickTime Player 7.5.5 and iTunes 8.0.2.20 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a MOV file with "long arguments," related to an "off by one overflow."
CVE-2009-2762 EXPLOITDB text WRITEUP
WordPress < 2.8.3 - Unauthenticated Password Reset via Array Parameter Bypass
wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to force a password reset for the first user in the database, possibly the administrator, via a key[] array variable in a resetpass (aka rp) action, which bypasses a check that assumes that $key is not an array.
CVE-2007-0699 EXPLOITDB text WORKING POC
Guernion Sylvain Portail Web Php <2.5.1.1 - RCE
PHP remote file inclusion vulnerability in includes/includes.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) before 2.5.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter.
CVE-2006-6084 EXPLOITDB text WORKING POC
aBitWhizzy - Directory Traversal via f Parameter
Directory traversal vulnerability in abitwhizzy.php in aBitWhizzy allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter. NOTE: some of these details are obtained from third party information.
CVE-2010-2351 EXPLOITDB text WORKING POC
Novell Netware < 6.5 - Remote Code Execution via SMB Sessions Setup AndX Packet
Stack-based buffer overflow in the CIFS.NLM driver in Netware SMB 1.0 for Novell Netware 6.5 SP8 and earlier allows remote attackers to execute arbitrary code via a Sessions Setup AndX packet with a long AccountName.
CVE-2009-0177 EXPLOITDB text WORKING POC
VMware Workstation/Player/ACE/Server/Fusion DoS via Long USER/PASS Command
vmwarebase.dll, as used in the vmware-authd service (aka vmware-authd.exe), in VMware Workstation 6.5.1 build 126130, 6.5.1 and earlier; VMware Player 2.5.1 build 126130, 2.5.1 and earlier; VMware ACE 2.5.1 and earlier; VMware Server 2.0.x before 2.0.1 build 156745; and VMware Fusion before 2.0.2 build 147997 allows remote attackers to cause a denial of service (daemon crash) via a long (1) USER or (2) PASS command.
CVE-2008-3443 EXPLOITDB text WORKING POC
Ruby <=1.8.5, 1.8.6-1.8.6-p286, 1.8.7-1.8.7-p71, 1.9-r18423 DoS via Regex
The regular expression engine (regex.c) in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows remote attackers to cause a denial of service (infinite loop and crash) via multiple long requests to a Ruby socket, related to memory allocation failure, and as demonstrated against Webrick.
CVE-2009-3641 EXPLOITDB text WORKING POC
Snort < 2.8.5.1 - Denial of Service via Crafted IPv6 Packet
Snort before 2.8.5.1, when the -v option is enabled, allows remote attackers to cause a denial of service (application crash) via a crafted IPv6 packet that uses the (1) TCP or (2) ICMP protocol.
EIP-2026-102736 EXPLOITDB text WORKING POC
Samba 3.4.7/3.5.1 - Denial of Service
CVE-2006-5962 EXPLOITDB text WORKING POC
Hpecs Shopping Cart - SQL Injection via Username, Password, or Search Parameter
Multiple SQL injection vulnerabilities in Hpecs Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields in the (a) login screen, and (3) searchstring parameter in (b) insearch_list.asp.
CVE-2006-5976 EXPLOITDB text WRITEUP
BlogMe 3.0 - SQL Injection via Username or Password Field
Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. NOTE: some of these details are obtained from third party information.