Maksymilian Arciemowicz

82 exploits Active since Feb 2005
CVE-2006-5178 EXPLOITDB php WORKING POC
PHP < 5.1.6 - Race Condition in Symlink Function
Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before the file is opened by the underlying system, as demonstrated by symlinking a symlink into a subdirectory, to point to a parent directory via .. (dot dot) sequences, and then unlinking the resulting symlink.
CVE-2006-3011 EXPLOITDB WRITEUP
PHP < 4.4.4 and 5.x < 5.1.5 - Safe Mode Bypass via error_log Scheme Injection
The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode.
CVE-2011-4153 EXPLOITDB text WRITEUP
PHP 5.3.8 - Denial of Service via zend_strndup Return Value Mismanagement
PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.
CVE-2010-4052 EXPLOITDB c WORKING POC
glibc 2.11.3/2.12.x-2.12.2 DoS via Adjacent Repetition in Regex
Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.
CVE-2011-0762 METASPLOIT ruby WORKING POC
vsftpd < 2.3.3 - Authenticated Denial of Service via Glob Expression in STAT Command
The vsf_filename_passes_filter function in ls.c in vsftpd before 2.3.3 allows remote authenticated users to cause a denial of service (CPU consumption and process slot exhaustion) via crafted glob expressions in STAT commands in multiple FTP sessions, a different vulnerability than CVE-2010-2632.
CVE-2009-0689 EXPLOITDB perl WRITEUP
K-Meleon 1.5.3 - Heap-Based Buffer Overflow via Large Precision Value in printf Format Argument
Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.
EIP-2026-114715 EXPLOITDB text WORKING POC
Sun Solaris 10 - Nested Directory Tree Local Denial of Service
CVE-2008-4247 EXPLOITDB text WORKING POC
FreeBSD NetBSD OpenBSD - Cross-Site Request Forgery via Long FTP URI
ftpd in OpenBSD 4.3, FreeBSD 7.0, NetBSD 4.0, Solaris, and possibly other operating systems interprets long commands from an FTP client as multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks and execute arbitrary FTP commands via a long ftp:// URI that leverages an existing session from the FTP client implementation in a web browser.
EIP-2026-114714 EXPLOITDB text WORKING POC
Sun Solaris 10 - 'in.ftpd' Long Command Handling Security
EIP-2026-111441 EXPLOITDB text WORKING POC
PostNuke Phoenix 0.7x - 'SHOW' SQL Injection
CVE-2005-2689 EXPLOITDB text WORKING POC
PostNuke 0.760-RC4b - Cross-Site Scripting via Comments Moderate Parameter or User HTML Text
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via (1) the moderate parameter to the Comments module or (2) htmltext parameter to html/user.php.
EIP-2026-111440 EXPLOITDB text WORKING POC
PostNuke Phoenix 0.7x - 'CATID' SQL Injection
CVE-2006-0801 EXPLOITDB text WRITEUP
PostNuke < 0.761 - SQL Injection via NS-Languages Module Language Parameter
SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php.
CVE-2005-0870 EXPLOITDB text WRITEUP
phpSysInfo 2.3 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php.
CVE-2005-2690 EXPLOITDB text WRITEUP
PostNuke <0.760-RC4b - SQL Injection
SQL injection vulnerability in the Downloads module in PostNuke 0.760-RC4b allows PostNuke administrators to execute arbitrary SQL commands via the show parameter to dl-viewdownload.php.
CVE-2006-0800 EXPLOITDB text WRITEUP
PostNuke <= 0.761 - Cross-Site Scripting via HTML Tag Trailing '<' Bypass
Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">" character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInput function in pnAntiCracker.php, and (3) the htmltext parameter in an edituser operation to user.php.
CVE-2005-2689 EXPLOITDB text WRITEUP
PostNuke 0.760-RC4b - Cross-Site Scripting via Comments Moderate Parameter or User HTML Text
Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via (1) the moderate parameter to the Comments module or (2) htmltext parameter to html/user.php.
CVE-2005-0870 EXPLOITDB text WORKING POC
phpSysInfo 2.3 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php.
CVE-2005-3299 EXPLOITDB perl WORKING POC
phpMyAdmin 2.6.4 and 2.6.4-pl1 - Remote File Inclusion via $__redirect Parameter
PHP file inclusion vulnerability in grab_globals.lib.php in phpMyAdmin 2.6.4 and 2.6.4-pl1 allows remote attackers to include local files via the $__redirect parameter, possibly involving the subform array.
CVE-2005-0543 EXPLOITDB text WRITEUP
phpMyAdmin 2.6.1 - Cross-Site Scripting via Multiple Parameters
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php.
CVE-2005-0543 EXPLOITDB text WORKING POC
phpMyAdmin 2.6.1 - Cross-Site Scripting via Multiple Parameters
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php.
CVE-2005-0543 EXPLOITDB text WRITEUP
phpMyAdmin 2.6.1 - Cross-Site Scripting via Multiple Parameters
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php.
CVE-2005-0791 EXPLOITDB text WRITEUP
phpAdsNew 2.0.4-pr1 - Cross-Site Scripting via Refresh Parameter
Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew 2.0.4-pr1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the refresh parameter.
CVE-2005-0543 EXPLOITDB text WORKING POC
phpMyAdmin 2.6.1 - Cross-Site Scripting via Multiple Parameters
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary HTML and web script via (1) the strServer, cfg[BgcolorOne], or strServerChoice parameters in select_server.lib.php, (2) the bg_color or row_no parameters in display_tbl_links.lib.php, the left_font_family parameter in theme_left.css.php, or the right_font_family parameter in theme_right.css.php.
EIP-2026-111135 EXPLOITDB text WORKING POC
phpMyAdmin 2.6 - Multiple Local File Inclusions