Mati Aharoni

21 exploits Active since May 2005
CVE-2007-1910 EXPLOITDB text WRITEUP
Microsoft Word 2007 - Buffer Overflow via Crafted Document
Buffer overflow in wwlib.dll in Microsoft Word 2007 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted document, as demonstrated by file789-1.doc.
CVE-2008-1611 METASPLOIT ruby WORKING POC
TFTP Server SP 1.4 - Buffer Overflow
Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows remote attackers to cause a denial of service or execute arbitrary code via a long filename in a read or write request.
CVE-2005-1415 METASPLOIT ruby WORKING POC
GlobalSCAPE Secure FTP Server 3.0.2 - RCE
Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote authenticated users to execute arbitrary code via a long FTP command.
CVE-2005-0338 EXPLOITDB python WORKING POC
Savant Web Server 3.1 - Remote Code Execution via Long HTTP Request
Buffer overflow in Savant Web Server 3.1 allows remote attackers to execute arbitrary code via a long HTTP request.
CVE-2008-1611 EXPLOITDB ruby WORKING POC
TFTP Server SP 1.4 - Buffer Overflow
Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows remote attackers to cause a denial of service or execute arbitrary code via a long filename in a read or write request.
CVE-2008-1611 EXPLOITDB python WORKING POC
TFTP Server SP 1.4 - Buffer Overflow
Stack-based buffer overflow in TFTP Server SP 1.4 for Windows allows remote attackers to cause a denial of service or execute arbitrary code via a long filename in a read or write request.
CVE-2008-1610 EXPLOITDB python WORKING POC
TallSoft Quick TFTP Server Pro 2.1 - Buffer Overflow
Stack-based buffer overflow in TallSoft Quick TFTP Server Pro 2.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long mode field in a read or write request.
CVE-2005-0338 EXPLOITDB python WORKING POC
Savant Web Server 3.1 - Remote Code Execution via Long HTTP Request
Buffer overflow in Savant Web Server 3.1 allows remote attackers to execute arbitrary code via a long HTTP request.
CVE-2007-1675 EXPLOITDB python WORKING POC
IBM Lotus Domino - Denial of Service via CRAM-MD5 Authentication Buffer Overflow
Buffer overflow in the CRAM-MD5 authentication mechanism in the IMAP server (nimap.exe) in IBM Lotus Domino before 6.5.6 and 7.x before 7.0.2 FP1 allows remote attackers to cause a denial of service via a long username.
CVE-2005-1415 EXPLOITDB ruby WORKING POC
GlobalSCAPE Secure FTP Server 3.0.2 - RCE
Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote authenticated users to execute arbitrary code via a long FTP command.
CVE-2008-1697 EXPLOITDB python WORKING POC
HP OpenView Network Node Manager <7.53-7.51 - Buffer Overflow
Stack-based buffer overflow in ovwparser.dll in HP OpenView Network Node Manager (OV NNM) 7.53, 7.51, and earlier allows remote attackers to execute arbitrary code via a long URI in an HTTP request processed by ovas.exe, as demonstrated by a certain topology/homeBaseView request. NOTE: some of these details are obtained from third party information.
CVE-2007-6204 EXPLOITDB python WORKING POC
HP OpenView Network Node Manager <7.51 - RCE
Multiple stack-based buffer overflows in HP OpenView Network Node Manager (OV NNM) 6.41, 7.01, and 7.51 allow remote attackers to execute arbitrary code via unspecified long arguments to (1) ovlogin.exe, (2) OpenView5.exe, (3) snmpviewer.exe, and (4) webappmon.exe, as demonstrated via a long Action parameter to OpenView5.exe.
EIP-2026-118670 EXPLOITDB python WORKING POC
IBM Tivoli Provisioning Manager - Remote Overflow (Egghunter)
CVE-2007-4880 EXPLOITDB python WORKING POC
IBM Tivoli Storage Manager Client 5.1-5.4 - Remote Code Execution via Crafted HTTP Headers
Buffer overflow in the Client Acceptor Daemon (CAD), dsmcad.exe, in certain IBM Tivoli Storage Manager (TSM) clients 5.1 before 5.1.8.1, 5.2 before 5.2.5.2, 5.3 before 5.3.5.3, and 5.4 before 5.4.1.2 allows remote attackers to execute arbitrary code via crafted HTTP headers, aka IC52905.
EIP-2026-117064 EXPLOITDB python WORKING POC
DivX Player 6.6.0 - '.srt' File Buffer Overflow (SEH)
EIP-2026-116031 EXPLOITDB python WORKING POC
PacketTrap Networks pt360 2.0.39 TFTPD - Remote Denial of Service
EIP-2026-115958 EXPLOITDB python WORKING POC
Novel eDirectory HTTP - Denial of Service
CVE-2007-1911 EXPLOITDB text WRITEUP
Microsoft Word 2007 - Denial of Service via Crafted Document
Multiple unspecified vulnerabilities in Microsoft Word 2007 allow remote attackers to cause a denial of service (CPU consumption) via crafted documents, as demonstrated by (1) file798-1.doc and (2) file613-1.doc, possibly related to a buffer overflow.
CVE-2005-0804 EXPLOITDB python WORKING POC
MailEnable Standard 1.8 - Denial of Service via Format String in Mailto Field
Format string vulnerability in MailEnable 1.8 allows remote attackers to cause a denial of service (application crash) via format string specifiers in the mailto field.
CVE-2008-1855 EXPLOITDB python WORKING POC
McAfee CMA 3.6.0.574 - Memory Corruption
FrameworkService.exe in McAfee Common Management Agent (CMA) 3.6.0.574 Patch 3 and earlier, as used by ePolicy Orchestrator (ePO) and ProtectionPilot (PrP), allows remote attackers to corrupt memory and cause a denial of service (CMA Framework service crash) via a long invalid method in requests for the /spin//AVClient//AVClient.csp URI, a different vulnerability than CVE-2006-5274.
CVE-2018-1160 EXPLOITDB CRITICAL python WORKING POC
netatalk < 3.1.12 - Unauthenticated Out-of-bounds Write in dsi_opensess.c
Netatalk before 3.1.12 is vulnerable to an out of bounds write in dsi_opensess.c. This is due to lack of bounds checking on attacker controlled data. A remote unauthenticated attacker can leverage this vulnerability to achieve arbitrary code execution.
CVSS 9.8