Preddy

19 exploits Active since Dec 2005
CVE-2006-3439 EXPLOITDB c WORKING POC
Microsoft Windows <2003 - Buffer Overflow
Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
CVE-2006-2379 EXPLOITDB c WORKING POC
Microsoft Windows 2000, Windows XP, and Windows Server 2003 - Remote Code Execution via IP Source Routing
Buffer overflow in the TCP/IP Protocol driver in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows remote attackers to execute arbitrary code via unknown vectors related to IP source routing.
CVE-2006-7210 EXPLOITDB c WORKING POC
Microsoft Windows 2000, XP, and Server 2003 - Denial of Service via Crafted PNG IHDR Block
Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
CVE-2006-7210 EXPLOITDB c WORKING POC
Microsoft Windows 2000, XP, and Server 2003 - Denial of Service via Crafted PNG IHDR Block
Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
CVE-2006-7210 EXPLOITDB perl WORKING POC
Microsoft Windows 2000, XP, and Server 2003 - Denial of Service via Crafted PNG IHDR Block
Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block.
CVE-2006-2242 EXPLOITDB perl WORKING POC
acFTP 1.4 - Denial of Service via Long USER Command String
acFTP 1.4 allows remote attackers to cause a denial of service (application crash) via a long string with "{" (brace) characters to the USER command.
CVE-2005-4196 EXPLOITDB text WRITEUP
Scout Portal Toolkit < 1.3.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the ss parameter in SPT--QuickSearch.php; (2) ParentId parameter in SPT--BrowseResources.php; (3) the ResourceId parameter in SPT--FullRecord.php; (4) ResourceOffset parameter in SPT--Home.php, (5) F_SearchString parameter in SPT--QuickSearch.php; (6) F_UserName and (7) F_Password parameters in SPT--UserLogin.php; (8) F_SearchCat1, (9) F_TextField1, (10) F_SearchCat2, (11) F_TextField2, (12) F_SearchCat3, (13) F_TextField3, (14) F_SearchCat4, (15) F_TextField4, (16) ResourceType, (17) Language, (18) Audience, (19) Format parameters in SPT--AdvancedSearch.php.
CVE-2006-0317 EXPLOITDB text WRITEUP
RedKernel Referrer Tracker 1.1.0-3 - Stored Cross-Site Scripting via Query String
Cross-site scripting (XSS) vulnerability in rkrt_stats.php in RedKernel Referrer Tracker 1.1.0-3 allows remote attackers to inject arbitrary web script or HTML via a query string value as a GET, which is stored in the $QUERY_STRING variable. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.
CVE-2005-4196 EXPLOITDB text WORKING POC
Scout Portal Toolkit < 1.3.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the ss parameter in SPT--QuickSearch.php; (2) ParentId parameter in SPT--BrowseResources.php; (3) the ResourceId parameter in SPT--FullRecord.php; (4) ResourceOffset parameter in SPT--Home.php, (5) F_SearchString parameter in SPT--QuickSearch.php; (6) F_UserName and (7) F_Password parameters in SPT--UserLogin.php; (8) F_SearchCat1, (9) F_TextField1, (10) F_SearchCat2, (11) F_TextField2, (12) F_SearchCat3, (13) F_TextField3, (14) F_SearchCat4, (15) F_TextField4, (16) ResourceType, (17) Language, (18) Audience, (19) Format parameters in SPT--AdvancedSearch.php.
CVE-2005-4196 EXPLOITDB text WORKING POC
Scout Portal Toolkit < 1.3.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the ss parameter in SPT--QuickSearch.php; (2) ParentId parameter in SPT--BrowseResources.php; (3) the ResourceId parameter in SPT--FullRecord.php; (4) ResourceOffset parameter in SPT--Home.php, (5) F_SearchString parameter in SPT--QuickSearch.php; (6) F_UserName and (7) F_Password parameters in SPT--UserLogin.php; (8) F_SearchCat1, (9) F_TextField1, (10) F_SearchCat2, (11) F_TextField2, (12) F_SearchCat3, (13) F_TextField3, (14) F_SearchCat4, (15) F_TextField4, (16) ResourceType, (17) Language, (18) Audience, (19) Format parameters in SPT--AdvancedSearch.php.
CVE-2005-4195 EXPLOITDB text WRITEUP
Scout Portal Toolkit <= 1.3.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the ParentId parameter in SPT--BrowseResources.php, (2) ResourceId parameter in SPT--FullRecord.php, (3) ResourceOffset parameter in SPT--Home.php, and (4) F_UserName and (5) F_Password in SPT--UserLogin.php. NOTE: it was later reported that vector 1 is also present in 1.4.0.
CVE-2006-1501 EXPLOITDB text WRITEUP
OneOrZero 1.6.3.0 - SQL Injection via id Parameter
SQL injection vulnerability in index.php in OneOrZero 1.6.3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in the kans action.
CVE-2006-0237 EXPLOITDB text WRITEUP
GTP iCommerce - Cross-Site Scripting via cat and subcat Parameters
Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce allows remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) subcat parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-103607 EXPLOITDB c WORKING POC
Opera 9 - IRC Client Remote Denial of Service
EIP-2026-103608 EXPLOITDB python WORKING POC
Opera 9 IRC Client - Remote Denial of Service
CVE-2006-0251 EXPLOITDB text WRITEUP
faq-o-matic < 2.711 - Cross-Site Scripting via _duration, file, or cmd Parameters
Cross-site scripting (XSS) vulnerability in fom.cgi in Faq-O-Matic 2.711 allows remote attackers to inject arbitrary web script or HTML via the (1) _duration, (2) file, and (3) cmd parameters.
CVE-2006-0115 EXPLOITDB text WRITEUP
OnePlug CMS - SQL Injection via Press_Release_ID, Service_ID, or Product_ID Parameter
Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the (1) Press_Release_ID parameter in press/details.asp, (2) Service_ID parameter in services/details.asp, and (3) Product_ID parameter in products/details.asp.
CVE-2006-0115 EXPLOITDB text WRITEUP
OnePlug CMS - SQL Injection via Press_Release_ID, Service_ID, or Product_ID Parameter
Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the (1) Press_Release_ID parameter in press/details.asp, (2) Service_ID parameter in services/details.asp, and (3) Product_ID parameter in products/details.asp.
CVE-2006-0115 EXPLOITDB text WRITEUP
OnePlug CMS - SQL Injection via Press_Release_ID, Service_ID, or Product_ID Parameter
Multiple SQL injection vulnerabilities in OnePlug Solutions OnePlug CMS allow remote attackers to execute arbitrary SQL commands via the (1) Press_Release_ID parameter in press/details.asp, (2) Service_ID parameter in services/details.asp, and (3) Product_ID parameter in products/details.asp.