Matthew Murphy

51 exploits Active since Aug 2002
CVE-2003-1266 EXPLOITDB perl WORKING POC
etype eserv 2.92-2.98 - Denial of Service via Large Data Input
The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 through 2.97, and possibly 2.98, allow remote attackers to cause a denial of service (crash) via a large amount of data.
CVE-2003-0132 EXPLOITDB c WORKING POC
Apache HTTP Server 2.0.0-2.0.44 - Denial of Service via Large Linefeed Character Chunks
A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to cause a denial of service (memory consumption) via large chunks of linefeed characters, which causes Apache to allocate 80 bytes for each linefeed.
CVE-2003-1266 EXPLOITDB perl WORKING POC
etype eserv 2.92-2.98 - Denial of Service via Large Data Input
The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 through 2.97, and possibly 2.98, allow remote attackers to cause a denial of service (crash) via a large amount of data.
CVE-2003-0290 EXPLOITDB perl WORKING POC
eServ 2.9x - Denial of Service via Memory Leak
Memory leak in eServ 2.9x allows remote attackers to cause a denial of service (memory exhaustion) via a large number of connections, whose memory is not freed when the connection is terminated.
CVE-2003-1266 EXPLOITDB perl WORKING POC
etype eserv 2.92-2.98 - Denial of Service via Large Data Input
The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 through 2.97, and possibly 2.98, allow remote attackers to cause a denial of service (crash) via a large amount of data.
CVE-2003-1266 EXPLOITDB perl WORKING POC
etype eserv 2.92-2.98 - Denial of Service via Large Data Input
The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 through 2.97, and possibly 2.98, allow remote attackers to cause a denial of service (crash) via a large amount of data.
CVE-2002-2309 EXPLOITDB c WORKING POC
PHP 3.0-4.2.2 - Denial of Service via Direct Request Without Arguments
php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not terminate properly, which allows remote attackers to cause a denial of service via a direct request without arguments.
CVE-2002-2424 EXPLOITDB text WORKING POC
PHP(Reactor) 1.2.7 pl1 - Cross-Site Scripting via Style Attribute
Cross-site scripting (XSS) vulnerability in PHP(Reactor) 1.2.7 pl1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the style attribute of an HTML tag.
EIP-2026-110842 EXPLOITDB text WORKING POC
PHP-Nuke 5.x/6.0/6.5 Beta 1 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-110628 EXPLOITDB text WORKING POC
PHP 4.2.3 - Header Function Script Injection
CVE-2002-1954 EXPLOITDB text WRITEUP
PHP 4.2.3 phpinfo - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php.
CVE-2002-1457 EXPLOITDB text WRITEUP
L-Forum 2.40 - SQL Injection via Search Parameter
SQL injection vulnerability in search.php for L-Forum 2.40 allows remote attackers to execute arbitrary SQL statements via the search parameter.
CVE-2002-1986 EXPLOITDB perl WORKING POC
Perception LiteServe <2.0.1 - Info Disclosure
Perception LiteServe 2.0 through 2.0.1 allows remote attackers to obtain the source code of CGI scripts via an HTTP request with a trailing dot (".").
CVE-2002-1497 EXPLOITDB text WORKING POC
Null HTTP Server < 0.5.0 - Cross-Site Scripting in 404 Error Page
Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and earlier allows remote attackers to insert arbitrary HTML into a "404 Not Found" response.
EIP-2026-103550 EXPLOITDB text WORKING POC
Mod_NTLM 0.x - Authorisation Format String
EIP-2026-103551 EXPLOITDB text WRITEUP
Mod_NTLM 0.x - Authorisation Heap Overflow
CVE-2002-2258 EXPLOITDB text WORKING POC
Moby NetSuite - Denial of Service via Malformed Content-Length Header
Moby NetSuite allows remote attackers to cause a denial of service (crash) via an HTTP POST request with a (1) large integer or (2) non-numeric value in the Content-Length header, which causes an access violation after a failed atoi function call.
EIP-2026-102556 EXPLOITDB perl WORKING POC
Apache Web Server 2.0.x - MS-DOS Device Name Denial of Service
CVE-2002-2295 EXPLOITDB text WORKING POC
pico_server 2.0 beta 1-5 - Buffer Overflow via Long TCP Stream or HTTP Request
Buffer overflow in Pico Server (pServ) 2.0 beta 1 through beta 5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a 1024-byte TCP stream message, which triggers an off-by-one buffer overflow, or (2) a long method name in an HTTP request, (3) a long version number in an HTTP request, (4) a long User-Agent header, or (5) a long file path.
EIP-2026-102720 EXPLOITDB perl WORKING POC
Pserv 2.0 - HTTP Request Parsing Buffer Overflow
EIP-2026-102683 EXPLOITDB perl WORKING POC
Monkey HTTP Daemon 0.4/0.5/0.6 - Excessive POST Data Buffer Overflow
CVE-2003-0245 EXPLOITDB perl WORKING POC
Apache HTTP Server 2.0.37-2.0.45 - Denial of Service and Possible Remote Code Execution via Long Strings in apr_psprintf
Vulnerability in the apr_psprintf function in the Apache Portable Runtime (APR) library for Apache 2.0.37 through 2.0.45 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long strings, as demonstrated using XML objects to mod_dav, and possibly other vectors.
CVE-2002-1493 EXPLOITDB text WRITEUP
Lycos HTMLGear guestbook - Cross-Site Scripting via IMG Tag Attributes
Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook allows remote attackers to inject arbitrary script via (1) STYLE attributes or (2) SRC attributes in an IMG tag.
EIP-2026-100937 EXPLOITDB text WORKING POC
Working Resources BadBlue 1.7.1 - Search Page Cross-Site Scripting
CVE-2002-0731 EXPLOITDB text WORKING POC
vqserver - Cross-Site Scripting via Demo Script Arguments
Cross-site scripting vulnerability in demonstration scripts for vqServer allows remote attackers to execute arbitrary script via a link that contains the script in arguments to demo scripts such as respond.pl.