Stack

155 exploits Active since Mar 2006
CVE-2009-1329 EXPLOITDB python WORKING POC
Mini-stream Shadow Stream Recorder 3.0.1.7 - Remote Code Execution via Long URI in Playlist File
Stack-based buffer overflow in Mini-stream Shadow Stream Recorder 3.0.1.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
CVE-2008-4425 EXPLOITDB WORKING POC
Phlatline Personal Information Manager 1.0 - Path Traversal & Arbitrary File Deletion via Upload.php
Directory traversal vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to delete arbitrary files via directory traversal sequences in the file parameter within a delfile action.
CVE-2008-4426 EXPLOITDB WORKING POC
Phlatline Personal Information Manager 1.0 - Cross-Site Scripting via events.php date parameter
Cross-site scripting (XSS) vulnerability in events.php in Phlatline's Personal Information Manager (pPIM) 1.0 allows remote attackers to inject arbitrary web script or HTML via the date parameter in a new action.
CVE-2009-0460 EXPLOITDB text WORKING POC
Whole Hog Ware Support 1.x - Auth Bypass
Whole Hog Ware Support 1.x allows remote attackers to bypass authentication and obtain administrative access via an integer value in the adminid cookie.
CVE-2009-3561 EXPLOITDB text WORKING POC
Xerver HTTP Server 4.32 - Path Traversal via chooseDirectory currentPath Parameter
Directory traversal vulnerability in Xerver HTTP Server 4.32 allows remote attackers to read arbitrary files via a full pathname with a drive letter in the currentPath parameter in a chooseDirectory action.
CVE-2008-4428 EXPLOITDB text WORKING POC
Phlatline Personal Information Manager < 1.0 - Unauthenticated Arbitrary File Upload via upload.php
Unrestricted file upload vulnerability in upload.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier allows remote attackers to execute arbitrary code by uploading a .php file, then accessing it via a direct request to the file in the top-level directory.
CVE-2008-4427 EXPLOITDB text WORKING POC
Phlatline Personal Information Manager < 1.0 - Unauthenticated Arbitrary Password Change
changepassword.php in Phlatline's Personal Information Manager (pPIM) 1.0 and earlier does not require administrative authentication, which allows remote attackers to change arbitrary passwords.
CVE-2006-3362 EXPLOITDB php WORKING POC
FCKeditor mcpuk - Unrestricted File Upload
Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.
EIP-2026-119293 EXPLOITDB html WORKING POC
Word Viewer OCX 3.2 - Remote Command Execution
EIP-2026-118948 EXPLOITDB html WORKING POC
NCTVideoStudio ActiveX DLLs 1.6 - Insecure Method File Creation
EIP-2026-118537 EXPLOITDB perl WORKING POC
Femitter FTP Server 1.03 - Arbitrary File Disclosure
EIP-2026-118524 EXPLOITDB html WORKING POC
Excel Viewer OCX 3.2 - Remote Command Execution
CVE-2009-4809 EXPLOITDB text WORKING POC
Easy File Sharing Web Server 4.8 - Path Traversal via vfolder Parameter
Directory traversal vulnerability in thumbnail.ghp in Easy File Sharing (EFS) Web Server 4.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the vfolder parameter.
EIP-2026-118593 EXPLOITDB perl WORKING POC
FTPDMIN 0.96 - Arbitrary File Disclosure
EIP-2026-118506 EXPLOITDB text WORKING POC
EFS Easy Chat Server 2.2 - Cross-Site Request Forgery (Change Admin Password)
CVE-2009-1327 EXPLOITDB c WORKING POC
Mini-stream WM Downloader 3.0.0.9 - Stack-based Buffer Overflow via Long URI in Playlist File
Stack-based buffer overflow in Mini-stream WM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
CVE-2009-1643 EXPLOITDB perl WORKING POC
Soritong MP3 Player 1.0 - Stack-Based Buffer Overflow via Crafted .m3u File
Stack-based buffer overflow in Sorinara Soritong MP3 Player 1.0 allows remote attackers to execute arbitrary code via a crafted .m3u file.
CVE-2009-2568 EXPLOITDB perl WORKING POC
Sorinara Streaming Audio Player 0.9 - Remote Code Execution via Long String in Playlist File
Stack-based buffer overflow in Sorinara Streaming Audio Player (SAP) 0.9 allows remote attackers to execute arbitrary code via a long string in a playlist (.m3u) file.
CVE-2009-1326 EXPLOITDB perl WORKING POC
Mini-stream RM Downloader 3.0.0.9 - Stack-based Buffer Overflow via Long URI in Playlist File
Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
EIP-2026-117934 EXPLOITDB python WORKING POC
Soritong 1.0 - Universal Buffer Overflow
CVE-2009-1643 EXPLOITDB python WORKING POC
Soritong MP3 Player 1.0 - Stack-Based Buffer Overflow via Crafted .m3u File
Stack-based buffer overflow in Sorinara Soritong MP3 Player 1.0 allows remote attackers to execute arbitrary code via a crafted .m3u file.
EIP-2026-118078 EXPLOITDB python WORKING POC
VUPlayer 2.49 - '.cue' Universal Buffer Overflow
CVE-2009-4761 EXPLOITDB perl WORKING POC
Mini-stream RM Downloader - Buffer Overflow
Stack-based buffer overflow in Mini-stream RM Downloader allows remote attackers to execute arbitrary code via a long string in a .smi file.
CVE-2009-1325 EXPLOITDB perl WORKING POC
Mini-stream Ripper 3.0.1.1 - Stack-based Buffer Overflow via Long URI in Playlist File
Stack-based buffer overflow in Mini-stream Ripper 3.0.1.1 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
EIP-2026-117447 EXPLOITDB ruby WORKING POC
Media Commands - '.m3l' File Local Buffer Overflow