Patrick Webster

24 exploits Active since Jul 2000
CVE-2007-2048 EXPLOITDB text WORKING POC
webMethods Glue <= 6.5.1 - Directory Traversal via Resource Parameter
Directory traversal vulnerability in /console in the Management Console in webMethods Glue 6.5.1 and earlier allows remote attackers to read arbitrary system files via a .. (dot dot) in the resource parameter.
CVE-2008-1724 EXPLOITDB html WORKING POC
SecureTransport Server <4.6.1 - Buffer Overflow
Stack-based buffer overflow in the IActiveXTransfer.FileTransfer method in the SecureTransport FileTransfer ActiveX control in vcst_en.dll 1.0.0.5 in Tumbleweed SecureTransport Server before 4.6.1 Hotfix 20 allows remote attackers to execute arbitrary code via a long remoteFile parameter.
CVE-2004-1638 EXPLOITDB ruby WORKING POC
MailCarrier 2.51 - Buffer Overflow via EHLO Command
Buffer overflow in MailCarrier 2.51 allows remote attackers to execute arbitrary code via a long (1) EHLO and possibly (2) HELO command.
CVE-2003-0558 EXPLOITDB ruby WORKING POC
LeapFTP 2.7.3.600 - Buffer Overflow
Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to execute arbitrary code via a long IP address response to a PASV request.
CVE-2006-4900 EXPLOITDB text WRITEUP
CA eTrust Security Command Center < SP1 CR2 - Path Traversal
Directory traversal vulnerability in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, allows remote authenticated users to read and delete arbitrary files via ".." sequences in the eSCCAdHocHtmlFile parameter to eSMPAuditServlet, which is not properly handled by the getadhochtml function.
CVE-2006-4901 EXPLOITDB text WRITEUP
Computer Associates (CA) eTrust Security Command Center <r8-SP1 CR2...
Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, and eTrust Audit 1.5 and r8, allows remote attackers to spoof alerts and conduct replay attacks by invoking eTSAPISend.exe with the desired arguments.
CVE-2000-0665 EXPLOITDB ruby WORKING POC
GAMSoft TelSrv <= 1.5 - Denial of Service via Long Username
GAMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to cause a denial of service via a long username.
CVE-2004-2685 EXPLOITDB ruby WORKING POC
YoungZSoft CCProxy < 6.2 - Remote Code Execution via Long Ping Command
Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote attackers to execute arbitrary code via a long address in a ping (p) command to the Telnet proxy service, a different vector than CVE-2004-2416.
CVE-2006-4899 EXPLOITDB text WRITEUP
CA eTrust Security Command Center <SP1 CR2 - Info Disclosure
The ePPIServlet script in Computer Associates (CA) eTrust Security Command Center 1.0 and r8 up to SP1 CR2, when running on Windows, allows remote attackers to obtain the web server path via a "'" (single quote) in the PIProfile function, which leaks the path in an error message.
CVE-2004-2074 EXPLOITDB ruby WORKING POC
Dream FTP 1.02 - Denial of Service via Format String in PASS or RETR Commands
Format string vulnerability in Dream FTP 1.02 allows local users to cause a denial of service (crash) via format string specifiers in the (1) PASS or (2) RETR commands.
CVE-2006-6184 EXPLOITDB ruby WORKING POC
Allied Telesyn AT-TFTP < 1.9 - Stack-Based Buffer Overflow via Long Filename in GET or PUT Command
Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a (1) GET or (2) PUT command.
CVE-2004-0313 EXPLOITDB ruby WORKING POC
PSOProxy 0.91 - Buffer Overflow via Long HTTP Request
Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP request, as demonstrated using a long (1) GET argument or (2) method name.
EIP-2026-112415 EXPLOITDB text WORKING POC
Squiz Matrix 4 - 'colour_picker.php' Cross-Site Scripting
EIP-2026-109792 EXPLOITDB text WRITEUP
mysource 2.14.8/2.16 - Multiple Vulnerabilities
EIP-2026-109217 EXPLOITDB ruby WORKING POC
Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion / Remote Code Execution (Metasploit)
CVE-2006-5019 EXPLOITDB text WRITEUP
Google Mini <4.4.102.M.36 - Info Disclosure
Google Mini 4.4.102.M.36 and earlier allows remote attackers to obtain sensitive information via a direct request for /search with an invalid client parameter, which reveals the path in an error message.
EIP-2026-106318 EXPLOITDB text WORKING POC
Cyberoam UTM - Multiple Cross-Site Scripting Vulnerabilities
CVE-2005-2594 EXPLOITDB html WORKING POC
Apple Safari 1.3 (132) - Denial of Service via JavaScript Handler
Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to cause a denial of service (crash) via certain Javascript, possibly involving a function that defines a handler for itself within the function body.
CVE-2009-2936 EXPLOITDB ruby WORKING POC
Varnish < 2.1.0 - Unauthenticated Remote Code Execution via CLI vcl.inline Directive
The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is "fundamentally misguided and pointless.
EIP-2026-102390 EXPLOITDB text WRITEUP
LANSA aXes Web Terminal TN5250 - 'axes_default.css' Cross-Site Scripting
EIP-2026-102418 EXPLOITDB text WORKING POC
PRTG Traffic Grapher 6.2.1 - 'url' Cross-Site Scripting
EIP-2026-101458 EXPLOITDB text WRITEUP
SonicWALL SSL-VPN - 'cgi-bin/welcome/VirtualOffice' Remote Format String
EIP-2026-100920 EXPLOITDB text WRITEUP
Ultra Electronics 7.2.0.19/7.4.0.7 - Multiple Vulnerabilities
EIP-2026-100112 EXPLOITDB text WRITEUP
Asbru Web Content Management 6.5/6.6.9 - SQL Injection / Cross-Site Scripting