TecR0c

54 exploits Active since Jun 2006
CVE-2011-4044 EXPLOITDB ruby WORKING POC
ARC Informatique PcVue 6.0-10.0 FrontVue and PlantVue - Arbitrary File Write via SVUIGrd.ocx ActiveX Control
An unspecified ActiveX control in SVUIGrd.ocx in ARC Informatique PcVue 6.0 through 10.0, FrontVue, and PlantVue allows remote attackers to modify files via calls to unknown methods.
CVE-2011-3496 EXPLOITDB ruby WORKING POC
Measuresoft ScadaPro <4.0.0 - Command Injection
service.exe in Measuresoft ScadaPro 4.0.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) BF, (2) OF, or (3) EF command.
EIP-2026-118584 EXPLOITDB ruby WORKING POC
freeFTPd 1.0.10 - 'PASS' Remote Buffer Overflow (Metasploit)
EIP-2026-118455 EXPLOITDB ruby WORKING POC
Easy File Management Web Server - Remote Stack Buffer Overflow (Metasploit)
CVE-2011-5007 EXPLOITDB ruby WORKING POC
3S CoDeSys < 3.4 - Remote Code Execution via Long URI to CmpWebServer
Stack-based buffer overflow in the CmpWebServer component in 3S CoDeSys 3.4 SP4 Patch 2 and earlier, as used on the ABB AC500 PLC and possibly other products, allows remote attackers to execute arbitrary code via a long URI to TCP port 8080.
CVE-2012-0201 EXPLOITDB ruby WORKING POC
IBM Personal Communications 5.9.x-5.9.8 and 6.0.x-6.0.4 - Stack-Based Buffer Overflow via WorkStation Profile String
Stack-based buffer overflow in pcspref.dll in pcsws.exe in IBM Personal Communications 5.9.x before 5.9.8 and 6.0.x before 6.0.4 might allow remote attackers to execute arbitrary code via a long profile string in a WorkStation (aka .ws) file.
EIP-2026-118111 EXPLOITDB python WORKING POC
Winamp 5.572 - Local Buffer Overflow (EIP + SEH) (DEP Bypass)
CVE-2008-4779 EXPLOITDB ruby WORKING POC
Tguzip - Memory Corruption
Stack-based buffer overflow in TUGzip 3.5.0.0 allows remote attackers to denial of service (crash) or execute arbitrary code via a long filename in a .zip file.
CVE-2011-2386 EXPLOITDB ruby WORKING POC
VisiWave Site Survey < 2.1.9 - Remote Code Execution via Invalid Type Property in VWS/VWR Files
VisiWaveReport.exe in AZO Technologies, Inc. VisiWave Site Survey before 2.1.9 allows user-assisted remote attackers to execute arbitrary code via a (1) vws and (2) vwr file with an invalid Type property, which triggers an untrusted pointer dereference.
CVE-2010-1685 EXPLOITDB perl WORKING POC
CursorArts ZipWrangler 1.20 - Stack-Based Buffer Overflow via Long Filename in ZIP File
Stack-based buffer overflow in CursorArts ZipWrangler 1.20 allows user-assisted remote attackers to execute arbitrary code via a ZIP file containing a file with a long filename.
CVE-2006-2439 EXPLOITDB python WORKING POC
ZipCentral < 4.01 - Stack-based Buffer Overflow via Long Filename in ZIP Archive
Stack-based buffer overflow in ZipCentral 4.01 allows remote user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename.
EIP-2026-118112 EXPLOITDB python WORKING POC
Winamp 5.572 - Local Overflow (SEH)
EIP-2026-117162 EXPLOITDB python WORKING POC
FieldNotes 32 5.0 - Local Buffer Overflow (SEH)
CVE-2011-3494 EXPLOITDB ruby WORKING POC
eSignal < 10.6.2425 - Stack-Based and Heap-Based Buffer Overflow via Long StyleTemplate or FaceName Field
WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long StyleTemplate element in a QUO, SUM or POR file, which triggers a stack-based buffer overflow, or (2) a long Font->FaceName field (aka FaceName element), which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
EIP-2026-116282 EXPLOITDB python WORKING POC
Speed Commander 13.10 - '.zip' Memory Corruption
EIP-2026-116648 EXPLOITDB python WORKING POC
ZipExplorer 7.0 - '.zar' Denial of Service
EIP-2026-116585 EXPLOITDB python WORKING POC
X-lite SIP 3.0 - 'wav' memory Corruption Heap Buffer Overflow
CVE-2011-2194 EXPLOITDB text WORKING POC
VLC media player <1.1.9 - DoS/Buffer Overflow
Integer overflow in the XSPF playlist parser in VideoLAN VLC media player 0.8.5 through 1.1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger a heap-based buffer overflow.
EIP-2026-116012 EXPLOITDB python WORKING POC
Optimal Archive 1.38 - '.zip' File (SEH) (PoC)
CVE-2009-3249 EXPLOITDB python WORKING POC
vtiger CRM 5.0.4 - Path Traversal and Arbitrary File Execution via Module Parameter
Multiple directory traversal vulnerabilities in vtiger CRM 5.0.4 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the module parameter to graph.php; or the (2) module or (3) file parameter to include/Ajax/CommonAjax.php, reachable through modules/Campaigns/CampaignsAjax.php, modules/SalesOrder/SalesOrderAjax.php, modules/System/SystemAjax.php, modules/Products/ProductsAjax.php, modules/uploads/uploadsAjax.php, modules/Dashboard/DashboardAjax.php, modules/Potentials/PotentialsAjax.php, modules/Notes/NotesAjax.php, modules/Faq/FaqAjax.php, modules/Quotes/QuotesAjax.php, modules/Utilities/UtilitiesAjax.php, modules/Calendar/ActivityAjax.php, modules/Calendar/CalendarAjax.php, modules/PurchaseOrder/PurchaseOrderAjax.php, modules/HelpDesk/HelpDeskAjax.php, modules/Invoice/InvoiceAjax.php, modules/Accounts/AccountsAjax.php, modules/Reports/ReportsAjax.php, modules/Contacts/ContactsAjax.php, and modules/Portal/PortalAjax.php; and allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the step parameter in an Import action to the (4) Accounts, (5) Contacts, (6) HelpDesk, (7) Leads, (8) Potentials, (9) Products, or (10) Vendors module, reachable through index.php and related to modules/Import/index.php and multiple Import.php files.
CVE-2011-4453 EXPLOITDB ruby WORKING POC
PmWiki 2.x < 2.2.35 - Remote Code Execution via PageListSort Order Parameter
The PageListSort function in scripts/pagelist.php in PmWiki 2.x before 2.2.35 allows remote attackers to execute arbitrary code via PHP sequences in a crafted order parameter in a pagelist directive, leading to unintended use of the PHP create_function function.
CVE-2011-4075 EXPLOITDB ruby WORKING POC
phpLDAPadmin < 1.2.2 - Remote Code Execution via Orderby Parameter
The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.
EIP-2026-110005 EXPLOITDB python WORKING POC
N_CMS 1.1E - Local File Inclusion / Remote Code
EIP-2026-108585 EXPLOITDB ruby WORKING POC
Joomla! Component com_virtuemart 1.1.7/1.5 - Blind SQL Injection (Metasploit)
EIP-2026-108584 EXPLOITDB python WORKING POC
Joomla! Component com_virtuemart 1.1.7 - Blind SQL Injection