Luigi Auriemma

568 exploits Active since Feb 2002
CVE-2008-7015 EXPLOITDB text WRITEUP
Epic Games Unreal Tournament < 1.1.1 - Memory Corruption
Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines: Fuel of War 1.1.1, and other products, allows remote attackers to cause a denial of service (server exit) via a packet with a large length value that triggers a memory allocation failure.
CVE-2008-5280 EXPLOITDB text WRITEUP
Zilab Chat and Instant Messaging (ZIM) Server <2.2 - DoS
The Local ZIM Server in Zilab Chat and Instant Messaging (ZIM) Server 2.0 and 2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted requests without required parameters.
CVE-2008-6737 EXPLOITDB text WRITEUP
EA Crysis < 1.21 - Information Disclosure
Crysis 1.21 and earlier allows remote attackers to obtain sensitive player information such as real IP addresses by sending a keyexchange packet without a previous join packet, which causes Crysis to send a disconnect packet that includes unrelated log information.
EIP-2026-103648 EXPLOITDB text WRITEUP
S.T.A.L.K.E.R. Clear Sky 1.0010 - Remote Denial of Service
CVE-2004-2449 EXPLOITDB text WRITEUP
Roger Wilco <1.4.1.6-0.30a - DoS
Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and earlier allows remote attackers to cause a denial of service (application crash) via a long, malformed UDP datagram.
CVE-2008-2748 EXPLOITDB text WRITEUP
Skulltag - Improper Input Validation
Skulltag 0.97d2-RC2 and earlier allows remote attackers to cause a denial of service (daemon hang) via a series of long, malformed connect packets, related to these packets being "parsed multiple times."
CVE-2007-6630 EXPLOITDB text WRITEUP
Netembryo 0.0.4 - DoS
The Url_init function in utils/url.c in Netembryo 0.0.4, when used by LScube Feng, allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a malformed URI containing a "/:" sequence, as demonstrated by a "DESCRIBE /: RTSP/1.0" request.
CVE-2008-6713 EXPLOITDB text WRITEUP
Massive Entertainment Wic < 1.008 - Resource Management Error
World in Conflict (WIC) 1.008 and earlier allows remote attackers to cause a denial of service (access violation and crash) via a zero-byte data block to TCP port 48000, which triggers a NULL pointer dereference.
CVE-2008-6670 EXPLOITDB text WRITEUP
Vertex4 Sunage < 1.08.1 - Numeric Error
Integer overflow in Vertex4 SunAge 1.08.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted packet to UDP port 27960.
CVE-2010-4557 EXPLOITDB text WORKING POC
Invensys Wonderware Inbatch - Memory Corruption
Buffer overflow in the lm_tcp service in Invensys Wonderware InBatch 8.1 and 9.0, as used in Invensys Foxboro I/A Series Batch 8.1 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted request to port 9001.
CVE-2008-7011 EXPLOITDB text WRITEUP
Digital Extreme Pariah - Resource Management Error
The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Man's Hand, Pariah, WarPath, Postal2, and Shadow Ops, allows remote authenticated users to cause a denial of service (server exit) via multiple file downloads from the server, which triggers an assertion failure when the Closing flag in UnChan.cpp is set.
EIP-2026-103897 EXPLOITDB text SUSPICIOUS
Epic Games Unreal Engine 436 - Multiple Format String Vulnerabilities
CVE-2007-4535 EXPLOITDB text WRITEUP
Vavoom <1.24 - DoS
The VStr::Resize function in str.cpp in Vavoom 1.24 and earlier allows remote attackers to cause a denial of service (daemon crash) via a string with a negative NewLen value within a certain UDP packet that triggers an assertion error.
CVE-2006-1593 EXPLOITDB text WRITEUP
Zdaemon/X-Doom <1.08.01 - DoS
The (1) ZD_MissingPlayer, (2) ZD_UseItem, and (3) ZD_LoadNewClientLevel functions in sv_main.cpp for (a) Zdaemon 1.08.01 and (b) X-Doom allows remote attackers to cause a denial of service (crash) via an invalid player slot or item number, which causes an invalid memory access, possibly due to an invalid array index.
CVE-2004-2360 EXPLOITDB text WRITEUP
Targem Battle Mages 1.0 - DoS
Targem Battle Mages 1.0 allows remote attackers to cause a denial of service (infinite loop) via a UDP packet with incomplete data, which causes the server to enter an infinite loop while waiting to read the rest of the data that is not sent.
EIP-2026-103654 EXPLOITDB text WRITEUP
Sniper Elite 1.0 - Null Pointer Dereference Denial of Service
CVE-2004-2451 EXPLOITDB text WRITEUP
Roger Wilco <1.4.1.6 - RCE
Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station 0.30a or earlier, allows remote attackers to send audio to arbitrary channels, aka the "Voices from the deep" bug.
CVE-2007-6537 EXPLOITDB c WORKING POC
WinUAE 1.4.4 - Buffer Overflow
Stack-based buffer overflow in the zfile_gunzip function in zfile.c in WinUAE 1.4.4 and earlier allows user-assisted remote attackers to execute arbitrary code via a long filename in a gzipped archive, such as a (1) gz, (2) adz, (3) roz, or (4) hdz archive in a compressed floppy disk image.
CVE-2004-1958 EXPLOITDB c WORKING POC
Epic Games Unreal Engine - Path Traversal
Directory traversal vulnerability in manifest.ini in Unreal engine allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in a UMOD (Unreal MOD) file.
CVE-2007-5264 EXPLOITDB text WRITEUP
Battlefront Dropteam < 1.3.3 - Information Disclosure
Battlefront Dropteam 1.3.3 and earlier sends the client's online account name and password to the game server, which allows malicious game servers to steal account information.
CVE-2010-2621 EXPLOITDB text WRITEUP
Digia QT < 4.6.3 - Improper Input Validation
The QSslSocketBackendPrivate::transmit function in src_network_ssl_qsslsocket_openssl.cpp in Qt 4.6.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a malformed request.
CVE-2008-3396 EXPLOITDB text WRITEUP
Unreal Tournament 2004 <3369 - DoS
Unreal Tournament 2004 (UT2004) 3369 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain sequence of malformed packets.
CVE-2008-0132 EXPLOITDB text WRITEUP
Pragmasys Fortress SSH < 5.0 - Denial of Service
Pragma FortressSSH 5.0 Build 4 Revision 293 and earlier handles long input to sshd.exe by creating an error-message window and waiting for the administrator to click in this window before terminating the sshd.exe process, which allows remote attackers to cause a denial of service (connection slot exhaustion) via a flood of SSH connections with long data objects, as demonstrated by (1) a long list of keys and (2) a long username.
CVE-2007-4534 EXPLOITDB text WRITEUP
Vavoom <1.24 - RCE
Buffer overflow in the VThinker::BroadcastPrintf function in p_thinker.cpp in Vavoom 1.24 and earlier allows remote attackers to execute arbitrary code via (1) a long string in a chat message and possibly (2) a long name field.
EIP-2026-103637 EXPLOITDB text WORKING POC
presto! pagemanager 9.01 - Multiple Vulnerabilities