Muris Kurgas a.k.a. j0rgan

7 exploits Active since Jan 2008
CVE-2007-6681 EXPLOITDB python WORKING POC
VLC 0.8.6d - Buffer Overflow
Stack-based buffer overflow in modules/demux/subtitle.c in VideoLAN VLC 0.8.6d allows remote attackers to execute arbitrary code via a long subtitle in a (1) MicroDvd, (2) SSA, and (3) Vplayer file.
CVE-2008-0073 EXPLOITDB python WORKING POC
Xine-lib - Numeric Error
Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter.
CVE-2008-0295 EXPLOITDB python WORKING POC
Videolan Vlc Media Player < 0.8.6d - Memory Corruption
Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data.
CVE-2008-0296 EXPLOITDB python WORKING POC
Videolan Vlc Media Player < 0.8.6d - Memory Corruption
Heap-based buffer overflow in the libaccess_realrtsp plugin in VideoLAN VLC Media Player 0.8.6d and earlier on Windows might allow remote RTSP servers to cause a denial of service (application crash) or execute arbitrary code via a long string.
CVE-2008-0984 EXPLOITDB python WORKING POC
Miro Player < 1.1 - Resource Management Error
The MP4 demuxer (mp4.c) for VLC media player 0.8.6d and earlier, as used in Miro Player 1.1 and earlier, allows remote attackers to overwrite arbitrary memory and execute arbitrary code via a malformed MP4 file.
CVE-2008-1489 EXPLOITDB python WORKING POC
VLC 0.8.6e - Buffer Overflow
Integer overflow in the MP4_ReadBox_rdrf function in libmp4.c for VLC 0.8.6e allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted MP4 RDRF box that triggers a heap-based buffer overflow, a different vulnerability than CVE-2008-0984.
CVE-2008-1769 EXPLOITDB python WORKING POC
VLC <0.8.6f - DoS
VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption.