Leon Juranic

14 exploits Active since Oct 2004
CVE-2008-0838 EXPLOITDB text WRITEUP
Sophos ES1000 and ES4000 2.1.0.0 - Cross-Site Scripting via Error and Go Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the web administration interface in Sophos ES1000 and ES4000 Email Security Appliance 2.1.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) error and (2) go parameters to the login page.
CVE-2005-2310 EXPLOITDB text WRITEUP
Winamp < 5.093 - Buffer Overflow via Long ID3v2 Tag
Buffer overflow in Winamp 5.03a, 5.09 and 5.091, and other versions before 5.094, allows remote attackers to execute arbitrary code via an MP3 file with a long ID3v2 tag such as (1) ARTIST or (2) TITLE.
CVE-2005-1873 EXPLOITDB c WORKING POC
Crob FTP 3.6.1 - Remote Code Execution via Long FTP Command or Globbing Character
Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier versions, allow remote attackers to execute arbitrary code via (1) an FTP command with a large string followed by the RMD command with a long string or (2) a globbing ("*") character followed by a long string.
EIP-2026-116355 EXPLOITDB perl WORKING POC
Surgemail 3.8 - IMAP LSUB Command Remote Stack Buffer Overflow
CVE-2008-1920 EXPLOITDB text WORKING POC
ICQ 6.0 build 6043 - Buffer Overflow
Heap-based buffer overflow in the boxelyRenderer module in the Personal Status Manager feature in ICQ 6.0 build 6043 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted personal status message.
CVE-2006-4364 EXPLOITDB perl WORKING POC
MDaemon < 9.0.6 - Heap-Based Buffer Overflow via Long USER or APOP Command
Multiple heap-based buffer overflows in the POP3 server in Alt-N Technologies MDaemon before 9.0.6 allow remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via long strings that contain '@' characters in the (1) USER and (2) APOP commands.
CVE-2005-0739 EXPLOITDB c++ WORKING POC
Ethereal 0.9.1-0.10.9 - Buffer Overflow in IAPP Dissector
The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values that are not properly handled by the dissect_pdus and pduval_to_str functions.
CVE-2007-2059 EXPLOITDB text WRITEUP
eIQnetworks Enterprise Security Analyzer 2.5 - Remote Code Execution via Long Parameter to ESA Protocol Command
Multiple buffer overflows in the ESA protocol implementation in eIQnetworks Enterprise Security Analyzer (ESA) 2.5 allow remote attackers to execute arbitrary code via a long parameter to the (1) DELETESEARCHFOLDER, (2) DELTASK, (3) HMGR_CHECKHOSTSCSV, (4) TASKUPDATEDUSER, (5) VERIFYUSERKEY, or (6) VERIFYPWD command.
CVE-2005-1870 EXPLOITDB text WRITEUP
Popper <= 1.41-r2 - Remote File Inclusion via childwindow.inc.php Form Parameter
PHP remote file inclusion vulnerability in childwindow.inc.php in Popper 1.41-r2 and earlier allows remote attackers to execute arbitrary PHP code via the form parameter.
CVE-2008-0127 EXPLOITDB perl WORKING POC
McAfee E-Business Server <= 8.5.2 - Remote Code Execution via Long Authentication Packet
The administration interface in McAfee E-Business Server 8.5.2 and earlier allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a long initial authentication packet.
CVE-2017-1297 EXPLOITDB HIGH python WORKING POC
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, 11.1 - Stack-based Buffer Overflow
IBM DB2 for Linux, UNIX and Windows 9.2, 10.1, 10.5, and 11.1 (includes DB2 Connect Server) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking which could allow a local attacker to execute arbitrary code. IBM X-Force ID: 125159.
CVSS 7.3
EIP-2026-103462 EXPLOITDB c WORKING POC
Ethereal 0.10.9 - Denial of Service
EIP-2026-103413 EXPLOITDB text WRITEUP
Apple Safari 4.0.2 - WebKit Parsing of Floating Point Numbers Buffer Overflow (PoC)
CVE-2004-1602 EXPLOITDB c WORKING POC
ProFTPD 1.2.0-1.2.10 - Username Enumeration via Timing Discrepancy
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response.