Paul Craig

14 exploits Active since Aug 2004
CVE-2010-0679 METASPLOIT ruby WORKING POC
Hyleos ChemView 1.9.5.1 - Remote Code Execution via HyleosChemView ActiveX Control
Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ActiveX control (HyleosChemView.ocx) in Hyleos ChemView 1.9.5.1 allow remote attackers to execute arbitrary code via a large number of white space characters in the filename argument to the (1) SaveasMolFile and (2) ReadMolFile methods.
CVE-2014-7288 EXPLOITDB text WRITEUP
Symantec PGP Universal Server & Encryption Management Server <3.3.2...
Symantec PGP Universal Server and Encryption Management Server before 3.3.2 MP7 allow remote authenticated administrators to execute arbitrary shell commands via a crafted command line in a database-backup restore action.
EIP-2026-119146 EXPLOITDB text WRITEUP
Skype - URI Handler Input Validation
CVE-2007-0042 EXPLOITDB text WRITEUP
Microsoft .NET Framework 1.0, 1.1, 2.0 - Unauthorized Sensitive Information Exposure via Null Byte Injection
Interpretation conflict in ASP.NET in Microsoft .NET Framework 1.0, 1.1, and 2.0 for Windows 2000, XP, Server 2003, and Vista allows remote attackers to access configuration files and obtain sensitive information, and possibly bypass security mechanisms that try to constrain the final substring of a string, via %00 characters, related to use of %00 as a string terminator within POSIX functions but a data character within .NET strings, aka "Null Byte Termination Vulnerability."
CVE-2010-0679 EXPLOITDB ruby WORKING POC
Hyleos ChemView 1.9.5.1 - Remote Code Execution via HyleosChemView ActiveX Control
Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ActiveX control (HyleosChemView.ocx) in Hyleos ChemView 1.9.5.1 allow remote attackers to execute arbitrary code via a large number of white space characters in the filename argument to the (1) SaveasMolFile and (2) ReadMolFile methods.
CVE-2004-1714 EXPLOITDB HIGH text WRITEUP
BlackICE PC and Server Protection - Incorrect Permission Assignment for Critical Resource
BlackICE PC Protection and Server Protection installs (1) firewall.ini, (2) blackice.ini, (3) sigs.ini and (4) protect.ini with Everyone Full Control permissions, which allows local users to cause a denial of service (crash) or modify configuration, as demonstrated by modifying firewall.ini to contain a large firewall rule.
CVSS 7.1
CVE-2007-1029 EXPLOITDB html WORKING POC
Quiksoft EasyMail <6.5 - Buffer Overflow
Stack-based buffer overflow in the Connect method in the IMAP4 component in Quiksoft EasyMail Objects before 6.5 allows remote attackers to execute arbitrary code via a long host name.
CVE-2007-5659 EXPLOITDB HIGH text WORKING POC
Adobe Acrobat and Reader < 8.1.2 - Remote Code Execution via Long JavaScript Method Arguments
Multiple buffer overflows in Adobe Reader and Acrobat 8.1.1 and earlier allow remote attackers to execute arbitrary code via a PDF file with long arguments to unspecified JavaScript methods. NOTE: this issue might be subsumed by CVE-2008-0655.
CVSS 7.8
CVE-2004-1661 EXPLOITDB text WRITEUP
MailWorks Professional - Auth Bypass
MailWorks Professional allows remote attackers to bypass authentication and gain privileges via a cookie that contains "auth=1" and "uId=1."
EIP-2026-103117 EXPLOITDB text WRITEUP
glFTPd 1.x/2.0 'ZIP' Plugins - Multiple Directory Traversal Vulnerabilities
EIP-2026-100896 EXPLOITDB text WORKING POC
SiteInteractive Subscribe Me - 'Setup.pl' Arbitrary Command Execution
EIP-2026-100821 EXPLOITDB text WORKING POC
ImageFolio 2.2x/3.0/3.1 - 'Admin.cgi' Directory Traversal
CVE-2007-5253 EXPLOITDB text WORKING POC
Cart32 < 6.3 - Arbitrary File Read via ImageName Parameter
c32web.exe in McMurtrey/Whitaker Cart32 before 6.4 allows remote attackers to read arbitrary files via the ImageName parameter in a GetImage action, by appending a NULL byte (%00) sequence followed by an image file extension, as demonstrated by a request for a ".txt%00.gif" file. NOTE: this might be a directory traversal vulnerability.
EIP-2026-100632 EXPLOITDB text WORKING POC
Xpressions Interactive - Multiple SQL Injections