SNS Research

8 exploits Active since Feb 2001
CVE-2001-0276 EXPLOITDB text WORKING POC
BadBlue 1.02.07 Personal Edition - Information Disclosure via ext.dll
ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote attackers to determine the physical path of the server by directly calling ext.dll without any arguments, which produces an error message that contains the path.
CVE-2001-0037 EXPLOITDB text WRITEUP
HomeSeer - Directory Traversal via URL
Directory traversal vulnerability in HomeSeer before 1.4.29 allows remote attackers to read arbitrary files via a URL containing .. (dot dot) specifiers.
CVE-2001-0255 EXPLOITDB text WORKING POC
FaSTream FTP++ Server 2.0 - Path Traversal
FaSTream FTP++ Server 2.0 allows remote attackers to list arbitrary directories by using the "ls" command and including the drive letter name (e.g. C:) in the requested pathname.
CVE-2001-0788 EXPLOITDB text WRITEUP
Air Messenger LAN Server <3.4.2 - Info Disclosure
Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 allows remote attackers to obtain an absolute path for the server directory by viewing the Location header.
CVE-2001-0189 EXPLOITDB text WORKING POC
LocalWEB2000 - Directory Traversal via Dot-Dot Attack
Directory traversal vulnerability in LocalWEB2000 HTTP server allows remote attackers to read arbitrary commands via a .. (dot dot) attack in an HTTP GET request.
CVE-2001-0277 EXPLOITDB text WRITEUP
BadBlue 1.02.07 Personal Edition - Buffer Overflow via Long HTTP GET Request
Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request.
CVE-2001-0097 EXPLOITDB text WORKING POC
Infinite Interchange 3.6.1 - Denial of Service via Large POST Request
The Web interface for Infinite Interchange 3.6.1 allows remote attackers to cause a denial of service (application crash) via a large POST request.
CVE-2001-1202 EXPLOITDB text WRITEUP
DeleGate 7.7.0 and 7.7.1 - Cross-Site Scripting via Error Page
Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does not quote scripting commands within a "403 Forbidden" error page, which allows remote attackers to execute arbitrary Javascript on other clients via a URL that generates an error.