Tan Chew Keong

43 exploits Active since Aug 2004
CVE-2005-0185 EXPLOITDB c++ WORKING POC
NodeManager Professional 2.00 - Remote Code Execution via Long OCTET-STRING in LinkDown-Trap Packet
Stack-based buffer overflow in NodeManager Professional 2.00 allows remote attackers to execute arbitrary commands via a LinkDown-Trap packet that contains a long OCTET-STRING in the Trap variable-bindings field.
CVE-2005-0344 EXPLOITDB text WORKING POC
602LAN SUITE 2004.0.04.1221 - Authenticated Directory Traversal and Arbitrary File Upload via Filename Parameter
Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 allows remote authenticated users to upload and execute arbitrary files via a .. (dot dot) in the filename parameter.
CVE-2008-6534 EXPLOITDB text WORKING POC
NULL FTP Server Free and Pro 1.1.0.7 - Authenticated Command Injection via SITE Command
Incomplete blacklist vulnerability in NULL FTP Server Free and Pro 1.1.0.7 allows remote authenticated users to execute arbitrary commands via a custom SITE command containing shell metacharacters such as "&" (ampersand) in the middle of an argument.
EIP-2026-118767 EXPLOITDB text WRITEUP
MDaemon 8.0 - Content Filter Directory Traversal
CVE-2006-5571 EXPLOITDB text WORKING POC
CruiseWorks 1.09c-1.09d - Remote Code Execution via Long Doc Parameter
Stack-based buffer overflow in /scripts/cruise/cws.exe in CruiseWorks 1.09c and 1.09d allows remote attackers to execute arbitrary code via a long string in the doc parameter.
CVE-2004-1752 EXPLOITDB c WORKING POC
Gaucho 1.4 Build 145 - Buffer Overflow
Stack-based buffer overflow in Gaucho 1.4 Build 145 allows remote attackers to execute arbitrary code via a POP3 email with a long Content-Type header.
EIP-2026-118392 EXPLOITDB text WRITEUP
Cruiseworks 1.09 - 'Cws.exe' Doc Directory Traversal
CVE-2008-5175 EXPLOITDB text WORKING POC
AceFTP Freeware/AceFTP Pro 3.80.3 - Path Traversal
Directory traversal vulnerability in the FTP client in AceFTP Freeware 3.80.3 and AceFTP Pro 3.80.3 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345.
CVE-2005-1087 EXPLOITDB text WORKING POC
AN HTTPD Server 1.42n - CRLF Injection
CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to spoof or hide entries in the logfile, and possibly read files using an injected type command, via CRLF sequences in an HTTP request.
CVE-2006-6121 EXPLOITDB html WORKING POC
Acer Notebook LunchApp.APlunch - RCE
Acer Notebook LunchApp.APlunch ActiveX control allows remote attackers to execute arbitrary commands by calling the Run method.
EIP-2026-117978 EXPLOITDB text WORKING POC
Sygate Personal Firewall Pro 5.5 - Local Fail-Close Bypass
EIP-2026-116360 EXPLOITDB text WRITEUP
Sygate Personal Firewall Pro 5.5 - Local Denial of Service
CVE-2005-1666 EXPLOITDB text WRITEUP
orenosv_http_ftp_server < 0.8.1 - Authenticated Buffer Overflow via Long FTP Command Arguments
Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via long arguments to FTP commands such as MKD, RMD, or DELE, which are processed by the (1) ftp_xlate_path, (2) ftp_is_canonical, or (3) os_fn_nativize functions, or (4) a long SSI command that is processed by the parse_cmd function in cgissi.exe.
CVE-2006-4029 EXPLOITDB text WORKING POC
AGEphone 1.24 and 1.38.1 - Stack-Based Buffer Overflow via Crafted UDP SIP Packet
Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 allows remote attackers to execute arbitrary code via a crafted UDP SIP packet.
CVE-2005-1086 EXPLOITDB text WORKING POC
AN HTTPD Server 1.42n - Remote Code Execution via Long User-Agent Header
Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to execute arbitrary code via an HTTP request with a long User-Agent header.
EIP-2026-113125 EXPLOITDB text WRITEUP
VisNetic Mail Server 8.3.5 - Multiple File Inclusions
CVE-2005-0313 EXPLOITDB text WORKING POC
Magic Winmail Server 4.0 Build 1112 - Directory Traversal and Arbitrary File Upload via upload.php and download.php
Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to (1) upload arbitrary files via certain parameters to upload.php or (2) read arbitrary files via certain parameters to download.php, and remote authenticated users to read, create, or delete arbitrary directories and files via the IMAP commands (3) CREATE, (4) EXAMINE, (5) SELECT, or (6) DELETE.
CVE-2005-0313 EXPLOITDB text WORKING POC
Magic Winmail Server 4.0 Build 1112 - Directory Traversal and Arbitrary File Upload via upload.php and download.php
Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to (1) upload arbitrary files via certain parameters to upload.php or (2) read arbitrary files via certain parameters to download.php, and remote authenticated users to read, create, or delete arbitrary directories and files via the IMAP commands (3) CREATE, (4) EXAMINE, (5) SELECT, or (6) DELETE.
CVE-2005-4557 EXPLOITDB text WRITEUP
IceWarp Web Mail <5.5.1 - Path Traversal
dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote attackers to include arbitrary local files via a null byte (%00) in the lang parameter, possibly due to a directory traversal vulnerability.
CVE-2005-4556 EXPLOITDB text WRITEUP
VisNetic Mail Server 8.3.0 build 1 - Remote File Inclusion via lang_settings or language Parameter
PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when register_globals is enabled, allows remote attackers to include arbitrary local and remote PHP files via a URL in the (1) lang_settings and (2) language parameters in (a) accounts/inc/include.php and (b) admin/inc/include.php.
CVE-2005-4556 EXPLOITDB text WRITEUP
VisNetic Mail Server 8.3.0 build 1 - Remote File Inclusion via lang_settings or language Parameter
PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when register_globals is enabled, allows remote attackers to include arbitrary local and remote PHP files via a URL in the (1) lang_settings and (2) language parameters in (a) accounts/inc/include.php and (b) admin/inc/include.php.
CVE-2005-4559 EXPLOITDB text WORKING POC
IceWarp Web Mail 5.5.1 - Info Disclosure
mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly initialize the default_layout and layout_settings variables when an unrecognized HTTP_USER_AGENT string is provided, which allows remote attackers to access arbitrary files via a request with an unrecognized User Agent that also specifies the desired default_layout and layout_settings parameters.
CVE-2005-4558 EXPLOITDB text WORKING POC
IceWarp Web Mail <5.5.1 - Code Injection
IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include arbitrary PHP code via a URL in a modified lang_settings parameter to mail/index.html.
CVE-2005-4558 EXPLOITDB text WRITEUP
IceWarp Web Mail <5.5.1 - Code Injection
IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include arbitrary PHP code via a URL in a modified lang_settings parameter to mail/index.html.
CVE-2008-2795 EXPLOITDB text WRITEUP
UltraEdit 14.00b - Path Traversal via FTP/SFTP LIST Command Response
Directory traversal vulnerability in the FTP and SFTP clients in IDM Computer Solutions Inc UltraEdit 14.00b allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) or a ..\ (dot dot backslash) in a response to a LIST command.