SarBoT511

11 exploits Active since Sep 2008
CVE-2011-0900 EXPLOITDB perl WORKING POC
Terminal Server Client 0.150 - Stack-based Buffer Overflow via Long Hostname in .RDP File
Stack-based buffer overflow in the tsc_launch_remote function (src/support.c) in Terminal Server Client (tsclient) 0.150, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a .RDP file with a long hostname argument.
CVE-2009-4863 EXPLOITDB perl WORKING POC
UltraPlayer Media Player 2.112 - Stack-Based Buffer Overflow via .usk File
Stack-based buffer overflow in UltraPlayer Media Player 2.112 allows remote attackers to execute arbitrary code via a long string in a .usk file.
EIP-2026-116517 EXPLOITDB perl WORKING POC
VSO Medoa Player 1.0.2.2 - Local Denial of Service (PoC)
EIP-2026-115791 EXPLOITDB html WORKING POC
Microsoft Windows Defender - ActiveX Heap Overflow (PoC)
EIP-2026-115802 EXPLOITDB html WORKING POC
Microsoft Windows Live Messenger 2009 - ActiveX Heap Overflow (PoC)
EIP-2026-115874 EXPLOITDB perl WORKING POC
MP4 Player 4.0 - Local Crash (PoC)
EIP-2026-115344 EXPLOITDB perl WORKING POC
GOM player 2.1.9 - Local Crash (PoC)
CVE-2009-3150 EXPLOITDB text WORKING POC
Multi Website 1.5 - SQL Injection via Browse Parameter
SQL injection vulnerability in index.php in Multi Website 1.5 allows remote attackers to execute arbitrary SQL commands via the Browse parameter in a vote action.
EIP-2026-106456 EXPLOITDB text WORKING POC
DirectAdmin 1.34.0 - Cross-Site Request Forgery (Add Admin)
CVE-2008-4150 EXPLOITDB text WORKING POC
Diesel Joke Site - SQL Injection via picture_category.php id Parameter
SQL injection vulnerability in picture_category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3763.
CVE-2011-0901 EXPLOITDB perl WORKING POC
Terminal Server Client 0.150 - Stack-Based Buffer Overflow via Long RDP File Arguments
Multiple stack-based buffer overflows in the tsc_launch_remote function (src/support.c) in Terminal Server Client (tsclient) 0.150, and possibly other versions, allow user-assisted remote attackers to execute arbitrary code via a .RDP file with a long (1) username, (2) password, or (3) domain argument. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.