Tan Chew Keong

43 exploits Active since Aug 2004
CVE-2008-2889 EXPLOITDB text WORKING POC
AceBIT WISE-FTP 4.1.0 and 5.5.8 - Path Traversal via FTP LIST Command Response
Directory traversal vulnerability in the FTP client in AceBIT WISE-FTP 4.1.0 and 5.5.8 allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345.
CVE-2008-2894 EXPLOITDB text WORKING POC
NCH Software Classic FTP 1.02 - Path Traversal via FTP LIST Command Response
Directory traversal vulnerability in the FTP client in NCH Software Classic FTP 1.02 for Windows allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345.
CVE-2006-1786 EXPLOITDB text WRITEUP
Adobe Document Server for Reader Extensions 6.0 - XSS
Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via (1) the actionID parameter in ads-readerext and (2) the op parameter in AlterCast. NOTE: it is not clear whether the vendor advisory addresses this issue.
CVE-2006-1786 EXPLOITDB text WRITEUP
Adobe Document Server for Reader Extensions 6.0 - XSS
Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via (1) the actionID parameter in ads-readerext and (2) the op parameter in AlterCast. NOTE: it is not clear whether the vendor advisory addresses this issue.
EIP-2026-103827 EXPLOITDB text WRITEUP
04webserver 1.42 - Multiple Vulnerabilities
CVE-2008-2822 EXPLOITDB text WORKING POC
3D-FTP Client 8.01 - Path Traversal via LIST or MLSD Command Response
Multiple directory traversal vulnerabilities in the FTP client in 3D-FTP Client 8.01 (8.0 build 1) allow remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a (1) LIST or (2) MLSD command.
CVE-2008-2821 EXPLOITDB text WORKING POC
Glub Tech Secure FTP < 2.5.15 - Path Traversal via FTP LIST Response
Directory traversal vulnerability in the FTP client in Glub Tech Secure FTP before 2.5.16 on Windows allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345.
CVE-2008-2702 EXPLOITDB text WORKING POC
ESTsoft ALFTP 4.1 beta 2 and 5.0 - Path Traversal via FTP LIST Response
Directory traversal vulnerability in the FTP client in ALTools ESTsoft ALFTP 4.1 beta 2 and 5.0 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345. NOTE: this can be leveraged for code execution by writing to a Startup folder.
CVE-2005-3262 EXPLOITDB text WORKING POC
WinRAR 2.90-3.50 - Remote Code Execution via Format String in UUE/XXE Filename Error
Format string vulnerability in RARLAB WinRAR 2.90 through 3.50 allows remote attackers to execute arbitrary code via format string specifiers in a UUE/XXE file, which are not properly handled when WinRAR displays diagnostic errors related to an invalid filename.
CVE-2006-4955 EXPLOITDB text WRITEUP
Neon WebMail <5.08 - Path Traversal
Directory traversal vulnerability in the downloadfile servlet in Neon WebMail for Java before 5.08 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the (1) savefolder and (2) savefilename parameters.
CVE-2006-4956 EXPLOITDB text WRITEUP
Neon WebMail for Java < 5.08 - Cross-Site Scripting via Updateuser Servlet in_name Parameter
Cross-site scripting (XSS) vulnerability in the updateuser servlet in Neon WebMail for Java before 5.08 allows remote attackers to inject arbitrary web script or HTML via the in_name parameter, as used by the Name field.
CVE-2006-4954 EXPLOITDB text WRITEUP
Neon WebMail for Java <5.08 - Info Disclosure
The updateuser servlet in Neon WebMail for Java before 5.08 does not validate the in_id parameter, which allows remote attackers to modify information of arbitrary users, as demonstrated by modifying (1) passwords and (2) permissions, (3) viewing profile settings, and (4) creating and (5) deleting users.
CVE-2006-4952 EXPLOITDB text WRITEUP
Neon WebMail <5.08 - Info Disclosure
The updatemail servlet in Neon WebMail for Java before 5.08 allows remote attackers to move e-mail messages of arbitrary users between different mail folders, specified by the folderid and tofolderid parameters, via the ID parameter.
CVE-2006-4953 EXPLOITDB text WRITEUP
Neon WebMail for Java <5.08 - SQL Injection
Multiple SQL injection vulnerabilities in Neon WebMail for Java before 5.08 allow remote attackers to execute arbitrary SQL commands via the (1) adr_sortkey and (2) adr_sortkey_desc parameters in the (a) addrlist servlet, and the (3) sortkey and (4) sortkey_desc parameters in the (b) maillist servlet.
CVE-2006-4953 EXPLOITDB text WRITEUP
Neon WebMail for Java <5.08 - SQL Injection
Multiple SQL injection vulnerabilities in Neon WebMail for Java before 5.08 allow remote attackers to execute arbitrary SQL commands via the (1) adr_sortkey and (2) adr_sortkey_desc parameters in the (a) addrlist servlet, and the (3) sortkey and (4) sortkey_desc parameters in the (b) maillist servlet.
CVE-2006-4444 EXPLOITDB text WRITEUP
Cybozu Garoon 2.1.0 - Authenticated SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete functionality; the (2) pid parameter in the (d) workflow/view or (e) workflow/print functionality; the (3) uid parameter in the (f) schedule/user_view, (g) phonemessage/add, (h) phonemessage/history, or (i) schedule/view functionality; the (4) cid parameter in (j) todo/index; the (5) iid parameter in the (k) memo/view or (l) memo/print functionality; or the (6) event parameter in the (m) schedule/view functionality.
CVE-2006-4490 EXPLOITDB text WRITEUP
Cybozu Office < 6.6 Build 1.3 and Share 360 < 2.5 Build 0.3 - Authenticated Directory Traversal via id Parameter
Multiple directory traversal vulnerabilities in Cybozu Office before 6.6 Build 1.3 and Share 360 before 2.5 Build 0.3 allow remote authenticated users to read arbitrary files via a .. (dot dot) sequence via the id parameter in (1) scripts/cbag/ag.exe or (2) scripts/s360v2/s360.exe.
CVE-2006-2310 EXPLOITDB text WRITEUP
BlueDragon Server and Server JX - Denial of Service via MS-DOS Device Name Request
BlueDragon Server and Server JX 6.2.1.286 for Windows allows remote attackers to cause a denial of service (hang) via a request for a .cfm file whose name contains an MS-DOS device name such as (1) con, (2) aux, (3) com1, and (4) com2.