Roozbeh Afrasiabi

10 exploits Active since May 2004
CVE-2004-2289 EXPLOITDB text WORKING POC
Microsoft Windows XP Explorer - RCE
Microsoft Windows XP Explorer allows local users to execute arbitrary code via a system folder with a Desktop.ini file containing a .ShellClassInfo specifier with a CLSID value that is associated with an executable file.
CVE-2004-0380 EXPLOITDB text WRITEUP
Microsoft Outlook Express <6 - Auth Bypass
The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 through Outlook Express 6 SP1 allows remote attackers to bypass domain restrictions and execute arbitrary code, as demonstrated on Internet Explorer using script in a compiled help (CHM) file that references the InfoTech Storage (ITS) protocol handlers such as (1) ms-its, (2) ms-itss, (3) its, or (4) mk:@MSITStore, aka the "MHTML URL Processing Vulnerability."
CVE-2004-0474 EXPLOITDB text WRITEUP
Help Center - Info Disclosure
Help Center (HelpCtr.exe) may allow remote attackers to read or execute arbitrary files via an "http://" or "file://" argument to the topic parameter in an hcp:// URL. NOTE: since the initial report of this problem, several researchers have been unable to reproduce this issue.
EIP-2026-118825 EXPLOITDB text WRITEUP
Microsoft Internet Explorer 6 - Codebase Double Backslash Local Zone File Execution
CVE-2006-0875 EXPLOITDB text WRITEUP
Runcms - XSS
Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote attackers to inject arbitrary web script or HTML via the lid parameter.
CVE-2006-1216 EXPLOITDB text WRITEUP
Runcms 1.x - XSS
Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x allows remote attackers to inject arbitrary web script or HTML via the id parameter.
EIP-2026-109754 EXPLOITDB text WRITEUP
MyBulletinBoard (MyBB) 1.x - 'usercp.php' Directory Traversal
CVE-2006-0442 EXPLOITDB text WORKING POC
Mybb - XSS
Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notepad action and (2) signature parameter in an editsig action. NOTE: These are different attack vectors, and probably a different vulnerability, than CVE-2006-0218 and CVE-2006-0219.
CVE-2006-1121 EXPLOITDB text WRITEUP
CuteNews 1.4.1 - XSS
Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the query string to index.php.
CVE-2006-0407 EXPLOITDB text WORKING POC
Azbb AZ Bulletin Board - XSS
Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin Board (AZbb) 1.1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) nickname parameter and (2) an iframe tag in the topic parameter. NOTE: the original disclosure specified the name parameter, but a correction was later provided. NOTE: followup posts have both disputed and confirmed the original claim.