Stefano Di Paola

14 exploits Active since Nov 2004
CVE-2007-0872 EXPLOITDB text WRITEUP
POW <0.0.9 - Path Traversal
Directory traversal vulnerability in the Plain Old Webserver (POW) add-on before 0.0.9 for Mozilla Firefox allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
CVE-2007-0046 EXPLOITDB text WRITEUP
Adobe Acrobat Reader Plugin <8.0.0 - RCE
Double free vulnerability in the Adobe Acrobat Reader Plugin before 8.0.0, as used in Mozilla Firefox 1.5.0.7, allows remote attackers to execute arbitrary code by causing an error via a javascript: URI call to document.write in the (1) FDF, (2) XML, or (3) XFDF AJAX request parameters.
EIP-2026-104699 EXPLOITDB php WORKING POC
PHP 4.x/5.0 Shared Memory Module - Offset Memory Corruption
CVE-2004-0958 EXPLOITDB text WORKING POC
PHP <5.0.2 - Memory Corruption
php_variables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via (1) GET, (2) POST, or (3) COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length.
CVE-2005-0709 EXPLOITDB perl WORKING POC
Mysql - Code Injection
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.
CVE-2005-0710 EXPLOITDB php WORKING POC
MySQL <4.0.23 & <4.1.11 - Privilege Escalation
MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function.
EIP-2026-104073 EXPLOITDB text WORKING POC
ServletExec - Directory Traversal / Authentication Bypass
CVE-2008-2370 EXPLOITDB text WRITEUP
Apache Tomcat < 4.1.38 - Path Traversal
Apache Tomcat 4.1.0 through 4.1.37, 5.5.0 through 5.5.26, and 6.0.0 through 6.0.16, when a RequestDispatcher is used, performs path normalization before removing the query string from the URI, which allows remote attackers to conduct directory traversal attacks and read arbitrary files via a .. (dot dot) in a request parameter.
CVE-2006-1518 EXPLOITDB c WORKING POC
MySQL <5.0.20 - RCE
Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values.
CVE-2006-1516 EXPLOITDB c WORKING POC
MySQL <5.0.20 - Memory Corruption
The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read.
CVE-2008-4795 EXPLOITDB html WORKING POC
Opera < 9.61 - XSS
The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks.
CVE-2008-0455 EXPLOITDB java WORKING POC
Apache HTTP Server < 2.2.23 - XSS
Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
CVE-2007-0044 EXPLOITDB text WORKING POC
Adobe Acrobat < 7.0.8 - CSRF
Adobe Acrobat Reader Plugin before 8.0.0 for the Firefox, Internet Explorer, and Opera web browsers allows remote attackers to force the browser to make unauthorized requests to other web sites via a URL in the (1) FDF, (2) xml, and (3) xfdf AJAX request parameters, following the # (hash) character, aka "Universal CSRF and session riding."
EIP-2026-102841 EXPLOITDB text WORKING POC
FreeWnn 1.1.1 - JServer Logging Option Data Corruption