Noam Rathaus

22 exploits Active since Dec 2000
CVE-2004-2563 EXPLOITDB perl WORKING POC
Serena TeamTrack 6.1.1 - Info Disclosure & XSS
Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive information such as user names, versions, and database information, and conduct cross-site scripting (XSS) attacks, via a direct request to tmtrack.dll with modified LoginPage and Template parameters.
CVE-2002-1179 EXPLOITDB perl WORKING POC
Microsoft Outlook Express <6.0 - RCE
Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message.
EIP-2026-117437 EXPLOITDB perl WORKING POC
Mailtraq 2.1.0.1302 - User Password Encoding
CVE-2000-1035 EXPLOITDB perl WORKING POC
TYPSoft FTP Server <0.78 - Buffer Overflow
Buffer overflows in TYPSoft FTP Server 0.78 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER, PASS, or CWD command.
EIP-2026-115583 EXPLOITDB text WRITEUP
Mailtraq 2.1.0.1302 - Remote Format String SMTP Resource Consumption
EIP-2026-112192 EXPLOITDB perl WORKING POC
Siteman 1.1.10 - Remote Administrative Account Addition
CVE-2005-0305 EXPLOITDB perl WORKING POC
Siteman <= 1.1.10 - CRLF Injection via Users.php Line Parameter
CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation.
CVE-2004-2218 EXPLOITDB perl WORKING POC
PHPMyWebHosting <0.3.4 - SQL Injection
SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and earlier allows remote attackers to modify SQL statements via the password parameter.
CVE-2004-2551 EXPLOITDB text WRITEUP
Layton HelpBox 3.0.1 - SQL Injection
Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the sys_comment_id parameter in editcommentenduser.asp, (2) the sys_suspend_id parameter in editsuspensionuser.asp, (3) the table parameter in export_data.asp, (4) the sys_analgroup parameter in manageanalgrouppreference.asp, (5) the sys_asset_id parameter in quickinfoassetrequests.asp, (6) the sys_eusername parameter in quickinfoenduserrequests.asp, and the sys_request_id parameter in (7) requestauditlog.asp, (8) requestcommentsenduser.asp, (9) selectrequestapplytemplate.asp, and (10) selectrequestlink.asp, resulting in an ability to create a new HelpBox user account and read, modify, or delete data from the backend database.
CVE-2006-4343 EXPLOITDB perl WORKING POC
OpenSSL 0.9.7-0.9.7k and 0.9.8-0.9.8c - Denial of Service via Null Pointer Dereference in SSLv2 Client
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.
CVE-2006-5444 EXPLOITDB perl WORKING POC
Asterisk 1.0.x-1.0.11 and 1.2.x-1.2.12 - Remote Code Execution via Skinny Channel Driver Integer Overflow
Integer overflow in the get_input function in the Skinny channel driver (chan_skinny.c) in Asterisk 1.0.x before 1.0.12 and 1.2.x before 1.2.13, as used by Cisco SCCP phones, allows remote attackers to execute arbitrary code via a certain dlen value that passes a signed integer comparison and leads to a heap-based buffer overflow.
EIP-2026-103464 EXPLOITDB perl WORKING POC
EveryBuddy 0.4.3 - Long Message Denial of Service
CVE-2006-4343 EXPLOITDB perl WORKING POC
OpenSSL 0.9.7-0.9.7k and 0.9.8-0.9.8c - Denial of Service via Null Pointer Dereference in SSLv2 Client
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.
CVE-2002-2360 EXPLOITDB perl WORKING POC
Webmin 0.21-0.99 - Unauthenticated Arbitrary File Read/Write and Remote Code Execution via RPC Module
The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests.
CVE-2004-0600 EXPLOITDB perl WORKING POC
Samba 3.0.2-3.0.4 - Remote Code Execution via SWAT HTTP Basic Authentication Buffer Overflow
Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3.0.2 to 3.0.4 allows remote attackers to execute arbitrary code via an invalid base-64 character during HTTP basic authentication.
CVE-2004-2263 EXPLOITDB perl WORKING POC
PlaySMS 0.7 and earlier - SQL Injection via vc2 Cookie
SQL injection vulnerability in the valid function in fr_left.php in PlaySMS 0.7 and earlier allows remote attackers to modify SQL statements via the vc2 cookie.
CVE-2005-0404 EXPLOITDB perl WORKING POC
KMail 1.7.1 in KDE 3.3.2 - Email Spoofing via HTML Formatted Email
KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email.
CVE-2004-1939 EXPLOITDB text WRITEUP
Zaep AntiSpam 2.0 - Cross-Site Scripting via Double Encoded Slashes in Key Parameter
Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows remote attackers to inject arbitrary web script or HTML via double encoded slashes (%252F) in the key parameter.
CVE-2004-2562 EXPLOITDB perl WORKING POC
LBE Web Helpdesk <4.0.0.81 - SQL Injection
SQL injection vulnerability in jobedit.asp in Leigh Business Enterprises (LBE) Web Helpdesk before 4.0.0.81 allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2004-2736 EXPLOITDB perl WORKING POC
Polar HelpDesk 3.0 - Unauthenticated Authentication Bypass via Cookie Manipulation
Polar HelpDesk 3.0 allows remote attackers to bypass authentication by setting the UserId and UserType values in a cookie.
CVE-2004-2737 EXPLOITDB perl WORKING POC
NetSupport DNA HelpDesk 1.01 - SQL Injection via problist.asp where Parameter
SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk 1.01 allows remote attackers to execute arbitrary SQL commands via the where parameter.
CVE-2004-2561 EXPLOITDB perl WORKING POC
Internet Software Sciences Web+Center 4.0.1 - SQL Injection
Multiple SQL injection vulnerabilities in Internet Software Sciences Web+Center 4.0.1 allow remote attackers to execute arbitrary SQL commands via (1) the ISS_TECH_CENTER_LOGIN cookie in search.asp and (2) one or more cookies in DoCustomerOptions.asp.