Sebastian Pipping

13 exploits Active since Jul 2017
CVE-2011-4919 NOMISEC HIGH WORKING POC
mpack 1.6 - Unauthorized Information Exposure via Mail Eavesdropping
mpack 1.6 has information disclosure via eavesdropping on mails sent by other users
1 stars
CVSS 7.5
CVE-2013-4175 NOMISEC MEDIUM WORKING POC
MySecureShell 1.31 - Local Denial of Service via Uncontrolled Resource Consumption
MySecureShell 1.31 has a Local Denial of Service Vulnerability
CVSS 5.5
CVE-2018-19198 WRITEUP CRITICAL WRITEUP
uriparser < 0.9.0 - Out-of-bounds Write via Query Composition Function
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an out-of-bounds write via a uriComposeQuery* or uriComposeQueryEx* function because the '&' character is mishandled in certain contexts.
CVSS 9.8
CVE-2024-8176 WRITEUP HIGH WRITEUP
Red Hat Enterprise Linux 10 - Denial of Service via Recursive Entity Expansion in libexpat
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.
CVSS 7.5
CVE-2025-68463 WRITEUP MEDIUM WRITEUP
Biopython < 1.86 - XML External Entity Injection in Bio.Entrez
Bio.Entrez in Biopython through 186 allows doctype XXE.
CVSS 4.9
CVE-2017-9233 WRITEUP HIGH WRITEUP
libexpat < 2.2.0 - XML External Entity Injection via Malformed External Entity Definition
XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.
CVSS 7.5
CVE-2018-19199 WRITEUP CRITICAL WRITEUP
uriparser < 0.9.0 - Integer Overflow in UriQuery.c
An issue was discovered in uriparser before 0.9.0. UriQuery.c allows an integer overflow via a uriComposeQuery* or uriComposeQueryEx* function because of an unchecked multiplication.
CVSS 9.8
CVE-2018-19200 WRITEUP HIGH WRITEUP
uriparser < 0.9.0 - NULL Pointer Dereference via uriResetUri Function
An issue was discovered in uriparser before 0.9.0. UriCommon.c allows attempted operations on NULL input via a uriResetUri* function.
CVSS 7.5
CVE-2018-20721 WRITEUP CRITICAL WRITEUP
uriparser < 0.9.1 - Out-of-bounds Read in URI_FUNC
URI_FUNC() in UriParse.c in uriparser before 0.9.1 has an out-of-bounds read (in uriParse*Ex* functions) for an incomplete URI with an IPv6 address containing an embedded IPv4 address, such as a "//[::44.1" address.
CVSS 9.8
CVE-2019-15903 WRITEUP HIGH WRITEUP
libexpat < 2.2.8 - XML External Entity Injection via DTD Parsing
In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early; a consecutive call to XML_GetCurrentLineNumber (or XML_GetCurrentColumnNumber) then resulted in a heap-based buffer over-read.
CVSS 7.5
CVE-2023-52426 WRITEUP MEDIUM WRITEUP
libexpat < 2.5.0 - XML Entity Expansion via Recursive Entity References
libexpat through 2.5.0 allows recursive XML Entity Expansion if XML_DTD is undefined at compile time.
CVSS 5.5
CVE-2025-59375 WRITEUP HIGH WRITEUP
libexpat < 2.7.2 - Denial of Service via Large Dynamic Memory Allocation
libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.
CVSS 7.5
EIP-2026-103045 EXPLOITDB text WORKING POC
xNBD - '/tmp/xnbd.log' Insecure Temporary File Handling