Luigi Auriemma

568 exploits Active since Feb 2002
EIP-2026-104058 EXPLOITDB text WRITEUP
RDM Embedded Lock Manager < 9.x - 'lm_tcp' Service Buffer Overflow
EIP-2026-104048 EXPLOITDB text SUSPICIOUS
People Can Fly Painkiller Gamespy 1.3 - CD-Key Hash Remote Buffer Overflow
EIP-2026-104012 EXPLOITDB text WRITEUP
NullLogic Null HTTPd 0.5.1 - Error Page Long HTTP Request Cross-Site Scripting
EIP-2026-104002 EXPLOITDB text WRITEUP
netkar-PRO 1.1 - Remote Stack Buffer Overflow
EIP-2026-103922 EXPLOITDB text WRITEUP
HLDS WebMod 0.48 - Multiple Remote Vulnerabilities
CVE-2005-1401 EXPLOITDB text SUSPICIOUS
mtp-target 1.2.2 - Remote Code Execution via Format String Vulnerability
Format string vulnerability in the client for Mtp-Target 1.2.2 and earlier allows remote attackers to execute arbitrary code via game messages or other text.
CVE-2004-1500 EXPLOITDB c WORKING POC
Freeform Interactive Purge Jihad - Denial of Service
Format string vulnerability in the Lithtech engine, as used in multiple games, allows remote authenticated users to cause a denial of service (application crash) via format string specifiers in (1) a nickname or (2) a message.
EIP-2026-103972 EXPLOITDB c WORKING POC
lionmax software www file share pro 2.4x - Multiple Vulnerabilities (2)
EIP-2026-103971 EXPLOITDB c WORKING POC
lionmax software www file share pro 2.4x - Multiple Vulnerabilities (1)
EIP-2026-103956 EXPLOITDB text SUSPICIOUS
JoWood Chaser 1.0/1.50 - Remote Buffer Overflow
EIP-2026-103954 EXPLOITDB text WRITEUP
Jenkins Software RakNet 3.72 - Remote Integer Underflow
EIP-2026-103942 EXPLOITDB text SUSPICIOUS
id Software id Tech 4 Engine - 'key' Packet Remote Code Execution
EIP-2026-103925 EXPLOITDB text WRITEUP
HP OpenView Network Node Manager 7.53 - Multiple Vulnerabilities
CVE-2007-5248 EXPLOITDB c WORKING POC
Doom 3 < 1.3.1, Quake 4 < 1.4.2, Prey < 1.3 - Remote Code Execution via Format String in PB_Y/PB_U Packets
Multiple format string vulnerabilities in the ID Software Doom 3 engine, as used by Doom 3 1.3.1 and earlier, Quake 4 1.4.2 and earlier, and Prey 1.3 and earlier, when Punkbuster (PB) is enabled, allow remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via format string specifiers in (1) a PB_Y packet to the YPG server or (2) a PB_U packet to UCON. NOTE: this issue might be in Punkbuster itself, but there are insufficient details to be certain.
CVE-2007-6533 EXPLOITDB php WORKING POC
Zoom Player 6.00 beta 2 - Buffer Overflow via Crafted ZPL File
Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows user-assisted remote attackers to execute arbitrary code via an HTTP link to a PLS file in a crafted ZPL file, which causes an overflow in Unicode handling when generating an error message.
EIP-2026-104136 EXPLOITDB text WRITEUP
xinkaa Web station 1.0.3 - Directory Traversal
CVE-2007-6041 EXPLOITDB text WRITEUP
Rigs of Rods <0.33d SP1 - Buffer Overflow
Buffer overflow in the Sequencer::queueMessage function in sequencer.cpp in the server in Rigs of Rods (RoR) before 0.33d SP1 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code by sending a nickname, then a vehicle name in a MSG2_USE_VEHICLE message, in which the combined length triggers the overflow.
CVE-2007-4444 EXPLOITDB text WRITEUP
Image Space rFactor <1.250 - Buffer Overflow
Multiple buffer overflows in Image Space rFactor 1.250 and earlier allow remote attackers to execute arbitrary code via a packet with ID (1) 0x80 or (2) 0x88 to UDP port 34297, related to the buffer containing the server version number.
CVE-2004-0290 EXPLOITDB text WRITEUP
Purge Jihad <= 2.0.1 - Remote Code Execution via Large Battle Type or Map Name Fields
Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game servers to execute arbitrary code via an information packet that contains large (1) battle type and (2) map name fields.
CVE-2007-6630 EXPLOITDB text WRITEUP
LScube Feng < 0.1.15 - Denial of Service via Malformed URI
The Url_init function in utils/url.c in Netembryo 0.0.4, when used by LScube Feng, allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a malformed URI containing a "/:" sequence, as demonstrated by a "DESCRIBE /: RTSP/1.0" request.
CVE-2004-1958 EXPLOITDB c WORKING POC
Unreal Engine - Directory Traversal and Arbitrary File Write via UMOD File
Directory traversal vulnerability in manifest.ini in Unreal engine allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in a UMOD (Unreal MOD) file.
EIP-2026-103897 EXPLOITDB text SUSPICIOUS
Epic Games Unreal Engine 436 - Multiple Format String Vulnerabilities
CVE-2007-5264 EXPLOITDB text WRITEUP
Battlefront Dropteam <= 1.3.3 - Unauthenticated Exposure of Sensitive Information via Game Server
Battlefront Dropteam 1.3.3 and earlier sends the client's online account name and password to the game server, which allows malicious game servers to steal account information.
CVE-2006-4125 EXPLOITDB text WRITEUP
dconnect_daemon <= 0.7.0 - Remote Code Execution via Large Nickname in listen_thread_udp
Stack-based buffer overflow in main.c in DConnect Daemon 0.7.0 and earlier allows remote attackers to execute arbitrary code via a large nickname, which is not properly handled by the listen_thread_udp function.
CVE-2008-6737 EXPLOITDB text WRITEUP
Crysis < 1.21 - Unauthenticated Exposure of Sensitive Player Information via Keyexchange Packet
Crysis 1.21 and earlier allows remote attackers to obtain sensitive player information such as real IP addresses by sending a keyexchange packet without a previous join packet, which causes Crysis to send a disconnect packet that includes unrelated log information.