Rafel Ivgi The-Insider

35 exploits Active since Apr 2004
CVE-2004-0337 EXPLOITDB text WRITEUP
602Pro LAN Suite Web Mail - Cross-Site Scripting via Index.html URL Parameter
Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro allows remote attackers to execute arbitrary script or HTML as other users via a URL to index.html, followed by a / (slash) and the desired script. NOTE: the vendor states that this bug could not be reproduced, so this issue may be REJECTed in the future.
CVE-2004-1947 EXPLOITDB html WORKING POC
BitDefender Scan Online - Info Disclosure
The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an object codebase that uses bitdefender.cab.
CVE-2004-1947 EXPLOITDB text WORKING POC
BitDefender Scan Online - Info Disclosure
The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an object codebase that uses bitdefender.cab.
EIP-2026-118841 EXPLOITDB text WORKING POC
Microsoft Internet Explorer 6 - URL Local Resource Access
CVE-2004-2749 EXPLOITDB html WORKING POC
2Wire HomePortal - Path Traversal via Return Parameter
Directory traversal vulnerability in wra/public/wralogin in 2Wire Gateway, possibly as used in HomePortal and other product lines, allows remote attackers to read arbitrary files via a .. (dot dot) in the return parameter. NOTE: this issue was reported as XSS, but this might be a terminology error.
CVE-2004-2121 EXPLOITDB text WORKING POC
Borland Web Server <1.0b3 - Path Traversal
Multiple directory traversal vulnerabilities in Borland Web Server (BWS) 1.0b3 and earlier allow remote attackers to read and download arbitrary files via (1) multi-dot "......" sequences, or (2) "%5c%2e%2e" (encoded "\..") sequences, in the URL.
CVE-2004-2745 EXPLOITDB text WORKING POC
Anteco Visual Technologies OwnServer < 1.0 - Path Traversal via URL
Directory traversal vulnerability in Anteco Visual Technologies OwnServer 1.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in a URL.
EIP-2026-116634 EXPLOITDB text WORKING POC
Yahoo! Messenger 5.6 - 'YInsthelper.dll' Multiple Buffer Overflow Vulnerabilities
CVE-2004-1910 EXPLOITDB text WORKING POC
Symantec Virus Detection - Denial of Service via Long String to GetPrivateProfileString
rufsi.dll in Symantec Virus Detection allows remote attackers to cause a denial of service (crash) via a long string to the GetPrivateProfileString function. NOTE: this issue was originally reported as a buffer overflow, but that specific claim is disputed by the vendor, although a crash is acknowledged.
EIP-2026-116035 EXPLOITDB text WORKING POC
Panda ActiveScan 5.0 - 'ascontrol.dll' Denial of Service
EIP-2026-115823 EXPLOITDB text WRITEUP
Microsoft Windows XP - 'explorer.exe' Remote Denial of Service
CVE-2004-1904 EXPLOITDB text WORKING POC
Panda ActiveScan 5.0 - Remote Code Execution via Internacional Property Buffer Overflow
Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to execute arbitrary code via the Internacional property followed by a long string.
EIP-2026-115701 EXPLOITDB text WORKING POC
Microsoft Internet Explorer 6 - HREF Save As Denial of Service
CVE-2004-1906 EXPLOITDB text WORKING POC
Mcafee FreeScan - DoS/Buffer Overflow
Mcafee FreeScan allows remote attackers to cause a denial of service and possibly arbitrary code via a long string in the ScanParam property of a COM object, which may trigger a buffer overflow.
EIP-2026-115705 EXPLOITDB text WORKING POC
Microsoft Internet Explorer 6 - MSWebDVD Object Denial of Service
EIP-2026-115712 EXPLOITDB text WORKING POC
Microsoft Internet Explorer 6.0 Macromedia Flash Player Plugin - Remote Denial of Service
EIP-2026-115710 EXPLOITDB text WORKING POC
Microsoft Internet Explorer 6 - XML Parsing Denial of Service
EIP-2026-115218 EXPLOITDB perl WORKING POC
EMule Web 0.42 Control Panel - Denial of Service
EIP-2026-114864 EXPLOITDB text WORKING POC
Adobe Photoshop 8.0 - COM Objects Denial of Service
CVE-2004-1903 EXPLOITDB text WORKING POC
blaxxun contact_3d 7.0 - Buffer Overflow via Long URL Property in Object Tag
Buffer overflow in blaxxun 3D 7.0 allows remote attackers to execute arbitrary code via a long URL property inside an object tag.
CVE-2004-0358 EXPLOITDB text WORKING POC
VirtuaNews Admin Panel Pro 1.0.3 - XSS
Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro 1.0.3 allows remote attackers to execute arbitrary script as other users via (1) the mainnews parameter in admin.php, (2) the expand parameter in admin.php, (3) the id parameter in admin.php, (4) the catid parameter in admin.php, or (5) an unnamed parameter during the newslogo_upload action in admin.php.
CVE-2004-2076 EXPLOITDB text WORKING POC
vBulletin 3.0.0 RC4 - Cross-Site Scripting via Search Query Parameter
Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBulletin 3.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
EIP-2026-107909 EXPLOITDB text WORKING POC
Invision Power Board (IP.Board) 1.3 - 'Pop' Cross-Site Scripting
EIP-2026-107910 EXPLOITDB text WORKING POC
Invision Power Board (IP.Board) 1.3 - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-104523 EXPLOITDB text WORKING POC
Novell Netware Enterprise Web Server 5.1/6.0 - Multiple Cross-Site Scripting Vulnerabilities