Marc Schoenefeld

25 exploits Active since Oct 2002
CVE-2003-1516 EXPLOITDB text WORKING POC
Java Plug-in 1.4.2_01 - Info Disclosure
The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.2_01 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet.
EIP-2026-119172 EXPLOITDB xml WORKING POC
Sun J2EE/RI 1.4 / Sun JDK 1.4.2 - JDBC Database Insecure Default Policy
CVE-2003-1521 EXPLOITDB java WORKING POC
Sun Java Plug-In 1.4-1.4.2_02 - Unauthenticated Floppy Drive Access via XmlDocument.createXmlDocument
Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
EIP-2026-115995 EXPLOITDB text WORKING POC
OpenOffice 1.0.1 - Remote Access Denial of Service
CVE-2003-1397 EXPLOITDB text STUB
Opera Browser 6.05 and 7.0 - Denial of Service via Long String in ShowDocument Method
The PluginContext object of Opera 6.05 and 7.0 allows remote attackers to cause a denial of service (crash) via an HTTP request containing a long string that gets passed to the ShowDocument method.
CVE-2002-0937 EXPLOITDB WORKING POC
JRun - Denial of Service via WPrinterJob.pageSetup()
The Java Server Pages (JSP) engine in JRun allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null).
CVE-2008-5304 EXPLOITDB text WRITEUP
TWiki < 4.2.4 - Cross-Site Scripting via %URLPARAM{}% Variable
Cross-site scripting (XSS) vulnerability in TWiki before 4.2.4 allows remote attackers to inject arbitrary web script or HTML via the %URLPARAM{}% variable.
CVE-2010-2544 EXPLOITDB text WORKING POC
Cacti < 0.8.7g - Cross-Site Scripting via Filter Parameter
Cross-site scripting (XSS) vulnerability in utilities.php in Cacti before 0.8.7g, as used in Red Hat High Performance Computing (HPC) Solution and other products, allows remote attackers to inject arbitrary web script or HTML via the filter parameter.
EIP-2026-104088 EXPLOITDB text WRITEUP
Sun Java System Application Server 7.0/8.0 - Remote Installation Full Path Disclosure
CVE-2003-0845 EXPLOITDB text WORKING POC
JBoss 3.0.8 and 3.2.1 - SQL Injection via HSQLDB Component
Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 on Java 1.4.x platforms, when running in the default configuration, allows remote attackers to conduct unauthorized activities and possibly execute arbitrary code via certain SQL statements to (1) TCP port 1701 in JBoss 3.2.1, and (2) port 1476 in JBoss 3.0.8.
CVE-2005-2006 EXPLOITDB text WORKING POC
JBOSS 3.2.2-4.0.2 - Info Disclosure
JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a "%." (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file.
CVE-2003-1134 EXPLOITDB java WORKING POC
Sun Java 1.3.1, 1.4.1, 1.4.2 - Denial of Service via ClassDepth Null Parameter
Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating a null pointer exception.
EIP-2026-103666 EXPLOITDB java WORKING POC
Sun Java Runtime Environment 1.3/1.4/1.5 - Nested Array Objects Denial of Service
EIP-2026-103667 EXPLOITDB java WORKING POC
Sun Java Runtime Environment 1.4.x - Font Object Assertion Failure Denial of Service
EIP-2026-103670 EXPLOITDB WORKING POC
Sun JDK/SDK 1.3/1.4 / IBM JDK 1.3.1 / BEA Systems WebLogic 5/6/7 - java.util.zip Null Value Denial of Service (1)
EIP-2026-103671 EXPLOITDB WORKING POC
Sun JDK/SDK 1.3/1.4 / IBM JDK 1.3.1 / BEA Systems WebLogic 5/6/7 - java.util.zip Null Value Denial of Service (2)
EIP-2026-103672 EXPLOITDB java WORKING POC
Sun JDK/SDK 1.3/1.4 / IBM JDK 1.3.1 / BEA Systems WebLogic 5/6/7 - java.util.zip Null Value Denial of Service (3)
CVE-2003-1123 EXPLOITDB java WORKING POC
Sun Java Runtime Environment <1.4.0.01 - Info Disclosure
Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows untrusted applets to access certain information within trusted applets, which allows attackers to bypass the restrictions of the Java security model.
EIP-2026-103554 EXPLOITDB text WORKING POC
Mozilla 1.x / Opera 7.0 - LiveConnect JavaScript Denial of Service
EIP-2026-102938 EXPLOITDB java WORKING POC
Opera Web browser 7.54 java implementation - Multiple Vulnerabilities (4)
EIP-2026-102937 EXPLOITDB java WORKING POC
opera Web browser 7.54 java implementation - Multiple Vulnerabilities (3)
EIP-2026-102712 EXPLOITDB java WORKING POC
Opera Web browser 7.54 java implementation - Multiple Vulnerabilities (2)
EIP-2026-102711 EXPLOITDB java WORKING POC
Opera Web browser 7.54 java implementation - Multiple Vulnerabilities (1)
CVE-2002-0936 EXPLOITDB WORKING POC
Apache Tomcat - Denial of Service via JSP WPrinterJob.pageSetup()
The Java Server Pages (JSP) engine in Tomcat allows web page owners to cause a denial of service (engine crash) on the web server via a JSP page that calls WPrinterJob().pageSetup(null,null).
CVE-2006-2426 EXPLOITDB java WORKING POC
Sun JDK and JRE <= 1.5.0_6 - Denial of Service via Font.createFont Temporary File Creation
Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory.