Michal Zalewski

41 exploits Active since Dec 1997
CVE-2007-0981 EXPLOITDB html WORKING POC
Mozilla based browsers <2.0.0.2 - CSRF
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the hostname (location.hostname) DOM property, due to interactions with DNS resolver code.
EIP-2026-118893 EXPLOITDB text WRITEUP
Microsoft Windows XP - TCP Packet Information Leakage
CVE-2001-0348 EXPLOITDB bash WORKING POC
Microsoft Windows 2000 - Denial of Service via Long Telnet Logon Command with Backspace
Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
CVE-2006-1245 EXPLOITDB text WORKING POC
Microsoft Internet Explorer 6.0.2900.2180 - Buffer Overflow
Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability."
CVE-2005-1988 EXPLOITDB text WRITEUP
Internet Explorer <6.0 - RCE
Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".
CVE-2005-2308 EXPLOITDB text WRITEUP
Microsoft Internet Explorer - Denial of Service via Crafted JPEG Images
The JPEG decoder in Microsoft Internet Explorer allows remote attackers to cause a denial of service (CPU consumption or crash) and possibly execute arbitrary code via certain crafted JPEG images, as demonstrated using (1) mov_fencepost.jpg, (2) cmp_fencepost.jpg, (3) oom_dos.jpg, or (4) random.jpg.
EIP-2026-115709 EXPLOITDB html WORKING POC
Microsoft Internet Explorer 6 - Script Action Handlers 'mshtml.dll' Denial of Service
CVE-2006-1992 EXPLOITDB text WORKING POC
Internet Explorer - Denial of Service via Nested OBJECT Tags
mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally theorized, but Microsoft has stated that this issue is non-exploitable.
CVE-2001-1162 EXPLOITDB text WORKING POC
Samba - Directory Traversal via NETBIOS Name in %m Macro
Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.
CVE-2001-0144 EXPLOITDB c WORKING POC
OpenSSH - Remote Code Execution via CRC-32 Compensation Attack
CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow.
CVE-2000-0976 EXPLOITDB text WORKING POC
XFree86 xlib - Buffer Overflow via Long DISPLAY Environment Variable or -display Parameter
Buffer overflow in xlib in XFree 3.3.x possibly allows local users to execute arbitrary commands via a long DISPLAY environment variable or a -display command line parameter.
CVE-2008-2321 EXPLOITDB html WORKING POC
CoreGraphics - Remote Code Execution or Denial of Service via Argument Processing
Unspecified vulnerability in CoreGraphics in Apple Mac OS X 10.4.11 and 10.5.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via unknown vectors involving "processing of arguments."
CVE-2000-0257 EXPLOITDB bash WORKING POC
Novell NetWare - Buffer Overflow via Long URL
Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL.
CVE-2014-1564 EXPLOITDB javascript WORKING POC
Mozilla Firefox <32 - Info Disclosure
Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 do not properly initialize memory for GIF rendering, which allows remote attackers to obtain sensitive information from process memory via crafted web script that interacts with a CANVAS element associated with a malformed GIF image.
CVE-2009-1684 EXPLOITDB html WORKING POC
Safari < 4.0 - Cross-Site Scripting via Event Handler
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document.
EIP-2026-103974 EXPLOITDB text WRITEUP
Lynx 2.8 - Remote Buffer Overflow
EIP-2026-103765 EXPLOITDB text WORKING POC
Browsers Browsers - Navigation Download Trick
EIP-2026-103862 EXPLOITDB text WRITEUP
Ascom COLTSOHO / Brocade Fabric OS / MatchBox / Win98/NT4 / Solaris / Xyplex - SNMP World Writeable Community
CVE-1999-0107 EXPLOITDB text WRITEUP
Apache HTTP Server - Denial of Service via Excessive Slash Characters in GET Requests
Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker to cause a denial of service with a large number of GET requests containing a large number of / characters.
CVE-2000-0472 EXPLOITDB c WORKING POC
INN 2.2.2 - Remote Code Execution via Long Message ID in Cancel Request
Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID.
CVE-2000-0992 EXPLOITDB bash WORKING POC
OpenSSH - Directory Traversal via Malicious SCP Server
Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack.
EIP-2026-102830 EXPLOITDB c WORKING POC
Eric Allman Sendmail 8.8.x - Socket Hijack
CVE-2000-1096 EXPLOITDB bash WORKING POC
vixie_cron - Arbitrary Command Execution via Predictable Temporary File
crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file.
CVE-2001-0559 EXPLOITDB bash WORKING POC
Vixie cron <3.0.1 - Privilege Escalation
crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local attacker to gain additional privileges when an editor is called to correct the error.
CVE-2000-0703 EXPLOITDB bash WORKING POC
perl - Local Privilege Escalation via suidperl Escape Sequence Injection
suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.