Luigi Auriemma

568 exploits Active since Feb 2002
CVE-2008-1321 EXPLOITDB text WRITEUP
ASG-Sentry Network Manager <7.0.0 - DoS
The FxIAList service in ASG-Sentry Network Manager 7.0.0 and earlier does require authentication, which allows remote attackers to cause a denial of service (service termination) via the exit command to TCP port 6162, or have other impacts via other commands.
CVE-2008-1320 EXPLOITDB text WRITEUP
ASG-Sentry Network Manager <7.0.0 - Buffer Overflow
Multiple buffer overflows in ASG-Sentry Network Manager 7.0.0 and earlier allow remote attackers to execute arbitrary code or cause a denial of service (crash) via (1) a long request to FxIAList on TCP port 6162, or (2) an SNMP request with a long community string to FxAgent on UDP port 6161.
CVE-2007-6404 EXPLOITDB text WRITEUP
Sergey Lyubka Simple HTTPD <1.38 - Path Traversal
Directory traversal vulnerability in Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI.
CVE-2008-1410 EXPLOITDB text WRITEUP
Acronis Snap Deploy <2.0.0.1076 - Path Traversal
Directory traversal vulnerability in the PXE Server (pxesrv.exe) in Acronis Snap Deploy 2.0.0.1076 and earlier allows remote attackers to read arbitrary files via directory traversal sequences to the TFTP service.
CVE-2008-1401 EXPLOITDB text WRITEUP
MG-SOFT Net Inspector <6.5.0.828 - RCE
Format string vulnerability in the Net Inspector HTTP server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to execute arbitrary code via format string specifiers in the URI, which is recorded in a log file.
CVE-2008-1400 EXPLOITDB text WRITEUP
MG-SOFT Net Inspector <6.5.0.828 - Path Traversal
Directory traversal vulnerability in the Net Inspector HTTP Server (mghttpd) in MG-SOFT Net Inspector 6.5.0.828 and earlier for Windows allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) or "../" (dot dot slash) in the URI.
CVE-2008-1281 EXPLOITDB text WORKING POC
Argon Technology CMS <1.31 - Path Traversal
Directory traversal vulnerability in TFTPsrvs.exe 2.5.3.1 and earlier, as used in Argon Technology Client Management Services (CMS) 1.31 and earlier, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2006-1652 EXPLOITDB c WORKING POC
UltraVNC and tabbed_viewer - Buffer Overflow via Long String on TCP Port 5900
Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and earlier and (b) tabbed_viewer 1.29 (1) allow user-assisted remote attackers to execute arbitrary code via a malicious server that sends a long string to a client that connects on TCP port 5900, which triggers an overflow in Log::ReallyPrint; and (2) allow remote attackers to cause a denial of service (server crash) via a long HTTP GET request to TCP port 5800, which triggers an overflow in VNCLog::ReallyPrint.
CVE-2006-1652 EXPLOITDB c WORKING POC
UltraVNC and tabbed_viewer - Buffer Overflow via Long String on TCP Port 5900
Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and earlier and (b) tabbed_viewer 1.29 (1) allow user-assisted remote attackers to execute arbitrary code via a malicious server that sends a long string to a client that connects on TCP port 5900, which triggers an overflow in Log::ReallyPrint; and (2) allow remote attackers to cause a denial of service (server crash) via a long HTTP GET request to TCP port 5800, which triggers an overflow in VNCLog::ReallyPrint.
CVE-2011-2750 METASPLOIT ruby WORKING POC
Novell File Reporter <= 1.0.4.2 - Arbitrary File Deletion via SRS OPERATION 4 CMD 5 Request
NFRAgent.exe in Novell File Reporter 1.0.4.2 and earlier allows remote attackers to delete arbitrary files via a full pathname in an SRS OPERATION 4 CMD 5 request to /FSF/CMD.
CVE-2011-3486 METASPLOIT ruby WORKING POC
Beckhoff TwinCAT <2.11.0.2004 - DoS
Beckhoff TwinCAT 2.11.0.2004 and earlier allows remote attackers to cause a denial of service via a crafted request to UDP port 48899, which triggers an out-of-bounds read.
CVE-2012-0002 METASPLOIT ruby WORKING POC
Windows RDP - Remote Code Execution via Crafted RDP Packets
The Remote Desktop Protocol (RDP) implementation in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly process packets in memory, which allows remote attackers to execute arbitrary code by sending crafted RDP packets triggering access to an object that (1) was not properly initialized or (2) is deleted, aka "Remote Desktop Protocol Vulnerability."
CVE-2012-1465 METASPLOIT ruby WORKING POC
NetMechanica NetDecision < 4.5.1 - Denial of Service via Long URL
Stack-based buffer overflow in the HTTP Server in NetMechanica NetDecision before 4.6.1 allows remote attackers to cause a denial of service (application crash) via a long URL in an HTTP request. NOTE: some of these details are obtained from third party information.
CVE-2012-10061 METASPLOIT HIGH ruby WORKING POC
Sockso Music Host Server <=1.5 - Path Traversal
Sockso Music Host Server versions <= 1.5 are vulnerable to a path traversal flaw that allows unauthenticated remote attackers to read arbitrary files from the server’s filesystem. The vulnerability exists in the HTTP interface on port 4444, where the endpoint /file/ fails to properly sanitize user-supplied input. Attackers can traverse directories and access sensitive files outside the intended web root.
CVE-2012-2215 METASPLOIT ruby WORKING POC
Novell ZENworks Configuration Management 11.1-11.1a - Unauthenticated Path Traversal via Preboot Service Opcode 0x21
Directory traversal vulnerability in the Preboot Service in Novell ZENworks Configuration Management (ZCM) 11.1 and 11.1a allows remote attackers to read arbitrary files via an opcode 0x21 request.
CVE-2012-4356 METASPLOIT ruby WORKING POC
Winlog Pro < 2.07.17 - Unauthenticated Path Traversal via TCP Port 46824 File Operations
Multiple directory traversal vulnerabilities in Sielco Sistemi Winlog Pro SCADA before 2.07.17 and Winlog Lite SCADA before 2.07.17 allow remote attackers to read arbitrary files via port-46824 TCP packets specifying a file-open operation with opcode 0x78 and a .. (dot dot) in a pathname, followed by a file-read operation with opcode (1) 0x96, (2) 0x97, or (3) 0x98.
CVE-2011-5001 METASPLOIT ruby WORKING POC
Trend Micro Control Manager < 5.5 - Remote Code Execution via Crafted IPC Packet
Stack-based buffer overflow in the CGenericScheduler::AddTask function in cmdHandlerRedAlertController.dll in CmdProcessor.exe in Trend Micro Control Manager 5.5 before Build 1613 allows remote attackers to execute arbitrary code via a crafted IPC packet to TCP port 20101.
CVE-2012-2020 METASPLOIT ruby WORKING POC
HP Operations Agent <11.03.12 - RCE
Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1326.
CVE-2012-2019 METASPLOIT ruby WORKING POC
HP Operations Agent <11.03.12 - RCE
Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1325.
CVE-2011-4135 METASPLOIT ruby WORKING POC
Flexera FlexNet Publisher <11.10 - Path Traversal
Multiple directory traversal vulnerabilities in lmgrd in Flexera FlexNet Publisher 11.10 (aka FlexNet License Server Manager) allow remote attackers to execute arbitrary code via vectors related to save, rename, and load operations on log files. NOTE: this might overlap CVE-2011-1389.
CVE-2004-1561 METASPLOIT ruby WORKING POC
Icecast <= 2.0.1 - Remote Code Execution via HTTP Header Overflow
Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a large number of headers.
CVE-2012-10058 METASPLOIT CRITICAL ruby WORKING POC
RabidHamster R4 v1.25 - Buffer Overflow
RabidHamster R4 v1.25 contains a stack-based buffer overflow vulnerability due to unsafe use of sprintf() when logging malformed HTTP requests. A remote attacker can exploit this flaw by sending a specially crafted URI, resulting in arbitrary code execution under the context of the web server process.
CVE-2012-2288 METASPLOIT ruby WORKING POC
EMC NetWorker 7.6.3-7.6.4 and 8.0 - Remote Code Execution via nsrd RPC Service Format String
Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message.
CVE-2011-4044 METASPLOIT ruby WORKING POC
ARC Informatique PcVue 6.0-10.0 FrontVue and PlantVue - Arbitrary File Write via SVUIGrd.ocx ActiveX Control
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods.
CVE-2011-3400 METASPLOIT ruby WORKING POC
Microsoft Windows XP <SP2-SP3 & Server 2003 <SP2 - RCE
Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."