Luigi Auriemma

568 exploits Active since Feb 2002
CVE-2006-4089 EXPLOITDB text WRITEUP
AlsaPlayer <= 0.99.76 - Multiple Buffer Overflow via HTTP Location Field, URL, and CDDB Response
Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service (application crash), or have other unknown impact, via (1) a long Location field sent by a web server, which triggers an overflow in the reconnect function in reader/http/http.c; (2) a long URL sent by a web server when AlsaPlayer is seeking a media file for the playlist, which triggers overflows in new_list_item and CbUpdated in interface/gtk/PlaylistWindow.cpp; and (3) a long response sent by a CDDB server, which triggers an overflow in cddb_lookup in input/ccda/cdda_engine.c.
EIP-2026-102602 EXPLOITDB text SUSPICIOUS
Gamespy Software Development Kit - Remote Denial of Service
EIP-2026-102601 EXPLOITDB text WRITEUP
Gamespy Software Development Kit - CD-Key Validation Buffer Overflow
CVE-2006-4197 EXPLOITDB text WRITEUP
libmusicbrainz < 2.1.2 and libmusicbrainz_svn < 8406 - Buffer Overflow via HTTP Location Header or RDF URL
Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c.
EIP-2026-102600 EXPLOITDB text WRITEUP
Gamespy 3d 2.62/2.63 - IRC Client Remote Buffer Overflow
CVE-2007-1371 EXPLOITDB text WORKING POC
Conquest < 8.2a - Multiple Buffer Overflow via Metaserver Query and SP_CLIENTSTAT Packet
Multiple buffer overflows in Conquest 8.2a and earlier (1) allow local users to gain privileges by querying a metaserver that sends a long server entry processed by metaGetServerList and allow remote metaservers to execute arbitrary code via a long server entry processed by metaGetServerList; (2) allow attackers to have an unknown impact by exceeding the configured number of metaservers; and allow remote attackers to corrupt memory via a SP_CLIENTSTAT packet with certain values of (3) unum or (4) snum, different vulnerabilities than CVE-2003-0933.
CVE-2008-0225 EXPLOITDB text WORKING POC
xine-lib < 1.1.9 - Remote Code Execution via RTSP SDP Abstract Attribute
Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header function and related to disregarding the max field. NOTE: some of these details are obtained from third party information.
CVE-2007-1804 EXPLOITDB text WRITEUP
PulseAudio 0.9.5 - Denial of Service via Malformed Packets on TCP/UDP Ports
PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p->export assertion failure in do_read; (2) a PA_PSTREAM_DESCRIPTOR_LENGTH value of 0 sent on TCP port 9875, which triggers a length assertion failure in pa_memblock_new; or (3) an empty packet on UDP port 9875, which triggers a t assertion failure in pa_sdp_parse; and allows remote authenticated users to cause a denial of service (daemon crash) via a crafted packet on TCP port 9875 that (4) triggers a maxlength assertion failure in pa_memblockq_new, (5) triggers a size assertion failure in pa_xmalloc, or (6) plays a certain sound file.
CVE-2007-6454 EXPLOITDB text WRITEUP
PeerCast < 0.1217 - Heap-Based Buffer Overflow via Long SOURCE Request
Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.
EIP-2026-102690 EXPLOITDB text WRITEUP
Mumble Murmur 1.2 - Denial of Service
CVE-2007-6036 EXPLOITDB text WRITEUP
LIVE555 Media Server <2007.11.01 - DoS
The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation.
CVE-2008-0852 EXPLOITDB text WRITEUP
freeSSHd < 1.2 - Denial of Service via SSH2_MSG_NEWKEYS Packet
freeSSHd 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a SSH2_MSG_NEWKEYS packet to TCP port 22, which triggers a NULL pointer dereference.
CVE-2012-2277 EXPLOITDB text WRITEUP
EMC Documentum Information Rights Management 4.x-5.x - Denial of Service via Newline in Batch Begin Untethered Command
The IRM Server in EMC Documentum Information Rights Management 4.x before 4.7.0100 and 5.x before 5.0.1030 allows remote attackers to cause a denial of service (pvcontrol.exe process hang) via \n (line feed) characters in the Id fields of many "batch begin untethered" commands.
CVE-2008-0767 EXPLOITDB text WRITEUP
ExtremeZ-IP File and Print Server < 5.1.2 - Denial of Service via SLP Packet Length Mismatch
ExtremeZ-IP.exe in ExtremeZ-IP File and Print Server 5.1.2x15 and earlier does not verify that a certain "number of URLs" field is consistent with the packet length, which allows remote attackers to cause a denial of service (daemon crash) via a large integer in this field in a packet to the Service Location Protocol (SLP) service on UDP port 427, triggering an out-of-bounds read.
CVE-2012-4330 EXPLOITDB text WRITEUP
Samsung D6000 Firmware - Denial of Service via Long MAC Address Field
The Samsung D6000 TV and possibly other products allows remote attackers to cause a denial of service (crash) via a long string in certain fields, as demonstrated by the MAC address field, possibly a buffer overflow.
CVE-2004-1854 EXPLOITDB text WRITEUP
Picophone internet_telephone 1.63 - Buffer Overflow via Large Packet
Buffer overflow in the logging function in Picophone 1.63 and earlier allows remote attackers to execute arbitrary code via a large packet.
CVE-2012-0407 EXPLOITDB text WORKING POC
EMC Data Protection Advisor 5.5-5.8 SP1 - Denial of Service via Integer Overflow in DPA_Utilities Library
Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value in a certain size field.
CVE-2008-5692 EXPLOITDB text WRITEUP
Ipswitch WS_FTP Server Manager <6.1.1 - Auth Bypass
Ipswitch WS_FTP Server Manager before 6.1.1, and possibly other Ipswitch products, allows remote attackers to bypass authentication and read logs via a logLogout action to FTPLogServer/login.asp followed by a request to FTPLogServer/LogViewer.asp with the localhostnull account name.