Mark Litchfield

14 exploits Active since Jun 2002
CVE-2007-3607 EXPLOITDB html WORKING POC
EnjoySAP - Denial of Service via ActiveX Control
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to cause a denial of service (process crash) via unspecified vectors.
CVE-2007-3607 EXPLOITDB html WORKING POC
EnjoySAP - Denial of Service via ActiveX Control
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to cause a denial of service (process crash) via unspecified vectors.
CVE-2007-3606 EXPLOITDB html WORKING POC
SAP EnjoySAP - Heap-Based Buffer Overflow via LaunchGui Function
Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX control in the EnjoySAP SAP GUI, on systems using ASCII versions, allows remote attackers to execute arbitrary code via a long first argument to the LaunchGui function.
CVE-2007-3605 EXPLOITDB html WORKING POC
EnjoySAP SAP GUI - Stack-Based Buffer Overflow via PrepareToPostHTML Function
Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX control in FrontEnd\SapGui\kwedit.dll in the EnjoySAP SAP GUI allows remote attackers to execute arbitrary code via a long argument to the PrepareToPostHTML function.
CVE-2007-3614 EXPLOITDB c WORKING POC
SAP DB - Remote Code Execution via Stack-Based Buffer Overflow in waHTTP.exe
Multiple stack-based buffer overflows in waHTTP.exe (aka the SAP DB Web Server) in SAP DB, possibly 7.3 through 7.5, allow remote attackers to execute arbitrary code via (1) a certain cookie value; (2) a certain additional parameter, related to sapdbwa_GetQueryString; and other unspecified vectors related to "numerous other fields."
CVE-2002-0647 EXPLOITDB text WORKING POC
Internet Explorer 5.01-6.0 - Remote Code Execution via Legacy Text Formatting ActiveX Control
Buffer overflow in a legacy ActiveX control used to display specially formatted text in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code, aka "Buffer Overrun in Legacy Text Formatting ActiveX Control".
CVE-2003-0471 EXPLOITDB c WORKING POC
Alt-N WebAdmin - Buffer Overflow via USER Argument
Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers to execute arbitrary code via an HTTP request to WebAdmin.dll with a long USER argument.
CVE-2003-0471 EXPLOITDB c WORKING POC
Alt-N WebAdmin - Buffer Overflow via USER Argument
Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers to execute arbitrary code via an HTTP request to WebAdmin.dll with a long USER argument.
CVE-2002-0595 EXPLOITDB text WRITEUP
WebTrends Reporting Center 4.0d - Buffer Overflow via Long HTTP GET Request
Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends Reporting Center 4.0d allows remote attackers to execute arbitrary code via a long HTTP GET request to the /reports/ directory.
CVE-2007-3608 EXPLOITDB html WORKING POC
EnjoySAP SAP GUI - Unspecified Vuln
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors.
CVE-2007-3608 EXPLOITDB html WORKING POC
EnjoySAP SAP GUI - Unspecified Vuln
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors.
CVE-2007-3624 EXPLOITDB text WORKING POC
SAP Message Server - Remote Code Execution via Long Group Parameter
Heap-based buffer overflow in the Message HTTP Server in SAP Message Server allows remote attackers to execute arbitrary code via a long string in the group parameter to /msgserver/html/group.
CVE-2007-3613 EXPLOITDB text WORKING POC
SAP Internet Graphics Server - Cross-Site Scripting via ADM:GETLOGFILE PARAMS Parameter
Cross-site scripting (XSS) vulnerability in ADM:GETLOGFILE in SAP Internet Graphics Service (IGS) allows remote attackers to inject arbitrary web script or HTML via the PARAMS parameter.
CVE-2002-1865 EXPLOITDB text WORKING POC
D-Link DI-804 4.68 and DL-704 V2.56b5-V2.56b6 - Denial of Service via Long HTTP Header
Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI-804 4.68, Dl-704 V2.56b6, and Dl-704 V2.56b5 and (2) Linksys Etherfast BEFW11S4 Wireless AP + Cable/DSL Router 1.37.2 through 1.42.7 and Linksys WAP11 1.3 and 1.4, allows remote attackers to cause a denial of service (crash) via a long header, as demonstrated using the Host header.