Praveen Darshanam

34 exploits Active since May 2008
CVE-2007-5962 NOMISEC WORKING POC
Red Hat Enterprise Linux 5 and Fedora 6-8 - Denial of Service via CWD Command Memory Leak
Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.
1 stars
CVE-2010-2091 EXPLOITDB text WRITEUP
Microsoft Exchange Server - Cross-Site Scripting via OWA Folder IPF.Note id Parameter
Microsoft Outlook Web Access (OWA) 8.2.254.0, when Internet Explorer 7 on Windows Server 2003 is used, does not properly handle the id parameter in a Folder IPF.Note action to the default URI, which might allow remote attackers to obtain sensitive information or conduct cross-site scripting (XSS) attacks via an invalid value.
CVE-2015-2097 EXPLOITDB html WORKING POC
WebGate Embedded Standard Protocol SDK - Buffer Overflows in LoadImage, LoadImageEx, ChangePassword, Connect, and AddID
Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control, (3) ChangePassword function in the WESPCONFIGLib.UserItem control, Connect function in the (4) WESPSerialPort.WESPSerialPortCtrl.1 or (5) WESPPLAYBACKLib.WESPPlaybackCtrl control, or (6) AddID function in the WESPCONFIGLib.IDList control or a (7) long string to the second argument to the ConnectEx3 function in the WESPPLAYBACKLib.WESPPlaybackCtrl control.
CVE-2015-2098 EXPLOITDB HIGH html WORKING POC
WebGate eDVR Manager - Remote Code Execution via Stack-Based Buffer Overflow
Multiple stack-based buffer overflows in WebGate eDVR Manager allow remote attackers to execute arbitrary code via unspecified vectors to the (1) Connect, (2) ConnectEx, or (3) ConnectEx2 function in the WESPEvent.WESPEventCtrl.1 control; (4) AudioOnlySiteChannel function in the WESPPlayback.WESPPlaybackCtrl.1 control; (5) Connect or (6) ConnectEx function in the WESPPTZ.WESPPTZCtrl.1 control; (7) SiteChannel property in the WESPPlayback.WESPPlaybackCtrl.1 control; (8) SiteName property in the WESPPlayback.WESPPlaybackCtrl.1 control; or (9) OpenDVrSSite function in the WESPPTZ.WESPPTZCtrl.1 control.
CVSS 8.8
CVE-2015-2097 EXPLOITDB text WORKING POC
WebGate Embedded Standard Protocol SDK - Buffer Overflows in LoadImage, LoadImageEx, ChangePassword, Connect, and AddID
Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control, (3) ChangePassword function in the WESPCONFIGLib.UserItem control, Connect function in the (4) WESPSerialPort.WESPSerialPortCtrl.1 or (5) WESPPLAYBACKLib.WESPPlaybackCtrl control, or (6) AddID function in the WESPCONFIGLib.IDList control or a (7) long string to the second argument to the ConnectEx3 function in the WESPPLAYBACKLib.WESPPlaybackCtrl control.
CVE-2015-2099 EXPLOITDB HIGH html WORKING POC
WebGate Control Center RCE via Buffer Overflow in FileConverter/LoginController/WESPPlayback
Multiple buffer overflows in WebGate Control Center allow remote attackers to execute arbitrary code via unspecified vectors to the (1) GetRecFileInfo function in the FileConverter.FileConverterCtrl.1 control, (2) Login function in the LoginContoller.LoginControllerCtrl.1 control, or (3) GetThumbnail function in the WESPPlayback.WESPPlaybackCtrl.1 control.
CVSS 8.8
CVE-2015-2094 EXPLOITDB html WORKING POC
WebGate WinRDS - Stack-Based Buffer Overflow in WESPPlaybackCtrl
Stack-based buffer overflow in the WESPPlayback.WESPPlaybackCtrl.1 control in WebGate WinRDS allows remote attackers to execute arbitrary code via unspecified vectors to the (1) PrintSiteImage, (2) PlaySiteAllChannel, (3) StopSiteAllChannel, or (4) SaveSiteImage function.
CVE-2015-2094 EXPLOITDB html WORKING POC
WebGate WinRDS - Stack-Based Buffer Overflow in WESPPlaybackCtrl
Stack-based buffer overflow in the WESPPlayback.WESPPlaybackCtrl.1 control in WebGate WinRDS allows remote attackers to execute arbitrary code via unspecified vectors to the (1) PrintSiteImage, (2) PlaySiteAllChannel, (3) StopSiteAllChannel, or (4) SaveSiteImage function.
CVE-2015-2097 EXPLOITDB html WORKING POC
WebGate Embedded Standard Protocol SDK - Buffer Overflows in LoadImage, LoadImageEx, ChangePassword, Connect, and AddID
Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control, (3) ChangePassword function in the WESPCONFIGLib.UserItem control, Connect function in the (4) WESPSerialPort.WESPSerialPortCtrl.1 or (5) WESPPLAYBACKLib.WESPPlaybackCtrl control, or (6) AddID function in the WESPCONFIGLib.IDList control or a (7) long string to the second argument to the ConnectEx3 function in the WESPPLAYBACKLib.WESPPlaybackCtrl control.
CVE-2015-2098 EXPLOITDB HIGH html WORKING POC
WebGate eDVR Manager - Remote Code Execution via Stack-Based Buffer Overflow
Multiple stack-based buffer overflows in WebGate eDVR Manager allow remote attackers to execute arbitrary code via unspecified vectors to the (1) Connect, (2) ConnectEx, or (3) ConnectEx2 function in the WESPEvent.WESPEventCtrl.1 control; (4) AudioOnlySiteChannel function in the WESPPlayback.WESPPlaybackCtrl.1 control; (5) Connect or (6) ConnectEx function in the WESPPTZ.WESPPTZCtrl.1 control; (7) SiteChannel property in the WESPPlayback.WESPPlaybackCtrl.1 control; (8) SiteName property in the WESPPlayback.WESPPlaybackCtrl.1 control; or (9) OpenDVrSSite function in the WESPPTZ.WESPPTZCtrl.1 control.
CVSS 8.8
CVE-2015-2098 EXPLOITDB HIGH html WORKING POC
WebGate eDVR Manager - Remote Code Execution via Stack-Based Buffer Overflow
Multiple stack-based buffer overflows in WebGate eDVR Manager allow remote attackers to execute arbitrary code via unspecified vectors to the (1) Connect, (2) ConnectEx, or (3) ConnectEx2 function in the WESPEvent.WESPEventCtrl.1 control; (4) AudioOnlySiteChannel function in the WESPPlayback.WESPPlaybackCtrl.1 control; (5) Connect or (6) ConnectEx function in the WESPPTZ.WESPPTZCtrl.1 control; (7) SiteChannel property in the WESPPlayback.WESPPlaybackCtrl.1 control; (8) SiteName property in the WESPPlayback.WESPPlaybackCtrl.1 control; or (9) OpenDVrSSite function in the WESPPTZ.WESPPTZCtrl.1 control.
CVSS 8.8
CVE-2015-0555 EXPLOITDB html WORKING POC
Samsung iPOLiS Device Manager 1.12.2 - Remote Code Execution via ReadConfigValue or WriteConfigValue Function
Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote attackers to execute arbitrary code via a long string in the first argument to the (1) ReadConfigValue or (2) WriteConfigValue function.
CVE-2014-9265 EXPLOITDB html WORKING POC
Samsung SmartViewer - Buffer Overflow
Stack-based buffer overflow in the BackupToAvi method in the CNC_Ctrl ActiveX control in Samsung SmartViewer allows remote attackers to execute arbitrary code via unspecified vectors.
EIP-2026-118557 EXPLOITDB python WORKING POC
Free Download Manager 2.5/3.0 - Control Server Remote Buffer Overflow
EIP-2026-117613 EXPLOITDB python WORKING POC
Mini-stream RM-MP3 Converter/WMDownloader/ASX to MP3 Converter - Local Stack Buffer Overflow
CVE-2009-4962 EXPLOITDB python WORKING POC
Fat Player 0.6b - Remote Code Execution via Long String in WAV File
Stack-based buffer overflow in Fat Player 0.6b allows remote attackers to execute arbitrary code via a long string in a .wav file. NOTE: some of these details are obtained from third party information.
EIP-2026-116591 EXPLOITDB python WORKING POC
Xilisoft Video Converter 3.1.8.0720b - '.ogg' Buffer Overflow
CVE-2015-0555 EXPLOITDB html WORKING POC
Samsung iPOLiS Device Manager 1.12.2 - Remote Code Execution via ReadConfigValue or WriteConfigValue Function
Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote attackers to execute arbitrary code via a long string in the first argument to the (1) ReadConfigValue or (2) WriteConfigValue function.
CVE-2007-5962 EXPLOITDB perl WORKING POC
Red Hat Enterprise Linux 5 and Fedora 6-8 - Denial of Service via CWD Command Memory Leak
Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.
EIP-2026-116540 EXPLOITDB python WORKING POC
Winamp 5.571 - '.avi' Denial of Service
EIP-2026-116075 EXPLOITDB python WORKING POC
PlayPad Music Player 1.12 - '.mp3' Denial of Service
CVE-2009-0410 EXPLOITDB perl WORKING POC
Novell GroupWise 6.5x-8.0 - Remote Code Execution via Malformed RCPT Command
Off-by-one error in the SMTP daemon in GroupWise Internet Agent (GWIA) in Novell GroupWise 6.5x, 7.0, 7.01, 7.02, 7.03, 7.03HP1a, and 8.0 allows remote attackers to execute arbitrary code via a long e-mail address in a malformed RCPT command, leading to a buffer overflow.
CVE-2009-0192 EXPLOITDB perl WORKING POC
Novell eDirectory 8.8 SP3 - Remote Code Execution via iMonitor Accept-Language Header
Off-by-one error in the iMonitor component in Novell eDirectory 8.8 SP3, 8.8 SP3 FTF3, and possibly other versions allows remote attackers to execute arbitrary code via an HTTP request with a crafted Accept-Language header, which triggers a stack-based buffer overflow.
EIP-2026-115597 EXPLOITDB text WORKING POC
Media Player Classic - Heap Overflow / Denial of Service
CVE-2008-5180 EXPLOITDB MEDIUM perl WORKING POC
Microsoft Office Communicator - Denial of Service via SIP INVITE Request Flood
Microsoft Communicator, and Communicator in Microsoft Office 2010 beta, allows remote attackers to cause a denial of service (memory consumption) via a large number of SIP INVITE requests, which trigger the creation of many sessions.
CVSS 5.3