Luca Carettoni

15 exploits Active since Jan 2006
CVE-2011-2461 NOMISEC SCANNER
Adobe Flex SDK 3.x and 4.x < 4.6 - Cross-Site Scripting via Module Loading
Cross-site scripting (XSS) vulnerability in the Adobe Flex SDK 3.x and 4.x before 4.6 allows remote attackers to inject arbitrary web script or HTML via vectors related to the loading of modules from different domains.
48 stars
CVE-2011-0404 METASPLOIT ruby WORKING POC
NetSupport Manager Agent <=11.00 Remote Code Execution via Long Control Hostname
Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.00, for Solaris 9.50, and for Mac OS X 11.00 allows remote attackers to execute arbitrary code via a long control hostname to TCP port 5405, probably a different vulnerability than CVE-2007-5252.
EIP-2026-107662 EXPLOITDB text WRITEUP
HPSystem Management Homepage (SMH) 2.1.12 - 'message.php' Cross-Site Scripting
EIP-2026-104140 EXPLOITDB java WORKING POC
Zend Java Bridge - Remote Code Execution
CVE-2011-0404 EXPLOITDB perl WORKING POC
NetSupport Manager Agent <=11.00 Remote Code Execution via Long Control Hostname
Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.00, for Solaris 9.50, and for Mac OS X 11.00 allows remote attackers to execute arbitrary code via a long control hostname to TCP port 5405, probably a different vulnerability than CVE-2007-5252.
CVE-2010-1748 EXPLOITDB text WRITEUP
CUPS < 1.4.4 - Information Disclosure via Malformed Percent-Encoded URI Parameter
The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs.
CVE-2011-0404 EXPLOITDB ruby WORKING POC
NetSupport Manager Agent <=11.00 Remote Code Execution via Long Control Hostname
Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.00, for Solaris 9.50, and for Mac OS X 11.00 allows remote attackers to execute arbitrary code via a long control hostname to TCP port 5405, probably a different vulnerability than CVE-2007-5252.
CVE-2007-4915 EXPLOITDB python WORKING POC
Boa Webserver 0.93.15 - Remote Admin Password Change via Long Username in HTTP Basic Authentication
The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent stack writes from entering memory locations used for string constants, which allows remote attackers to change the admin password stored in memory via a long username in an HTTP Basic Authentication request.
EIP-2026-102382 EXPLOITDB java WORKING POC
JBoss JMXInvokerServlet JMXInvoker 0.3 - Remote Command Execution
CVE-2009-0545 EXPLOITDB text WORKING POC
ZeroShell <1.0beta11 - Command Injection
cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.
EIP-2026-101145 EXPLOITDB text WRITEUP
3Com OfficeConnect Wireless Cable/DSL Router - Authentication Bypass
EIP-2026-101058 EXPLOITDB text WORKING POC
Nokia Web Browser for S60 - Infinite Array Sort Denial of Service
EIP-2026-101053 EXPLOITDB text WORKING POC
Nokia Mini Map Browser - 'Array Sort' Silent Crash
CVE-2006-0174 EXPLOITDB text WRITEUP
Hummingbird Collaboration <5.21 - Info Disclosure
Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to obtain sensitive information (intranet IP addresses and enumerations of valid parameter values) via a direct request to hc, which reveals the information in an error message or a cookie.
CVE-2006-0173 EXPLOITDB text WRITEUP
Hummingbird Collaboration <5.21 - XSS
Hummingbird Collaboration (aka Hummingbird Enterprise Collaboration) 5.21 and earlier allows remote attackers to misrepresent the type and name of a file via modified doc_ext and id parameters, which might trick a user into downloading dangerous or unexpected content.