Tim Brown

25 exploits Active since Dec 2002
CVE-2012-4512 EXPLOITDB HIGH WRITEUP
KDE Konqueror - Denial of Service and Memory Disclosure via CSS Font Face Source Type Confusion
The CSS parser (khtml/css/cssparser.cpp) in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via a crafted font face source, related to "type confusion."
CVSS 8.8
CVE-2012-4513 EXPLOITDB WRITEUP
Konqueror in KDE 4.7.3 - Heap-Based Buffer Over-Read via Large Canvas Dimensions
khtml/imload/scaledimageplane.h in Konqueror in KDE 4.7.3 allows remote attackers to cause a denial of service (crash) and possibly read memory via large canvas dimensions, which leads to an unexpected sign extension and a heap-based buffer over-read.
CVE-2012-4514 EXPLOITDB WRITEUP
KDE < 4.9.3 - Denial of Service via Null Pointer Dereference in Rendering
rendering/render_replaced.cpp in Konqueror in KDE before 4.9.3 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted web page, related to "trying to reuse a frame with a null part."
CVE-2012-2179 EXPLOITDB WORKING POC
IBM AIX 5.3, 6.1, 7.1 - Arbitrary File Write via Symlink Attack on Temporary File
libodm.a in IBM AIX 5.3, 6.1, and 7.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
CVE-2014-2533 METASPLOIT ruby WORKING POC
BlackBerry QNX Neutrino RTOS <6.5.x - Privilege Escalation
/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument.
CVE-2014-2630 METASPLOIT ruby WORKING POC
HP Performance Monitoring xglance Priv Esc
Unspecified vulnerability in HP Operations Agent 11.00, when Glance is used, allows local users to gain privileges via unknown vectors.
CVE-2023-28528 METASPLOIT HIGH ruby WORKING POC
IBM AIX <7.4 - Privilege Escalation
IBM AIX 7.1, 7.2, 7.3, and VIOS 3.1 could allow a non-privileged local user to exploit a vulnerability in the invscout command to execute arbitrary commands. IBM X-Force ID: 251207.
CVSS 8.4
CVE-2007-3192 EXPLOITDB text WRITEUP
Just For Fun Network Management System <0.8.3 - Info Disclosure
admin/setup.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to read and modify configuration settings via a direct request.
CVE-2007-3189 EXPLOITDB text WRITEUP
Just For Fun Network Management System 0.8.3 - Cross-Site Scripting via User Parameter
Cross-site scripting (XSS) vulnerability in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
CVE-2007-3190 EXPLOITDB text WORKING POC
Just For Fun Network Management System 0.8.3 - SQL Injection via User and Pass Parameters
Multiple SQL injection vulnerabilities in auth.php in Just For Fun Network Management System (JFFNMS) 0.8.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass parameters.
CVE-2007-3191 EXPLOITDB text WRITEUP
Just For Fun Network Management System <0.8.3 - Info Disclosure
Just For Fun Network Management System (JFFNMS) 0.8.3 allows remote attackers to obtain configuration information via a direct request to admin/adm/test.php, which calls the phpinfo function.
CVE-2007-6001 EXPLOITDB text WRITEUP
Bandersnatch 0.4 - Cross-Site Scripting via func, date, or jid Parameter
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Bandersnatch 0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) func or (2) date parameter, or the jid parameter in a (3) log or (4) user action, a different vulnerability than CVE-2007-3910.
CVE-2007-3909 EXPLOITDB text WRITEUP
Bandersnatch 0.4 - SQL Injection via Date and Limit Parameters
Multiple SQL injection vulnerabilities in Bandersnatch 0.4 allow remote attackers to execute arbitrary SQL commands via the (1) date and (2) limit parameters to index.php, and other unspecified vectors.
EIP-2026-103929 EXPLOITDB c WORKING POC
IBM DB2 - 'DT_RPATH' Insecure Library Loading Arbitrary Code Execution
CVE-2007-3714 EXPLOITDB text WORKING POC
Ada Image Server (ImgSvr) <= 0.6.21 - Directory Traversal via Template Parameter
Directory traversal vulnerability in Ada Image Server (ImgSvr) 0.6.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter to the default URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this is probably a different issue than CVE-2004-2464. NOTE: it was later reported that 0.6.21 and earlier is also affected.
EIP-2026-103150 EXPLOITDB text WORKING POC
KDE 4.3.2 - Multiple Input Validation Vulnerabilities
CVE-2014-2533 EXPLOITDB ruby WORKING POC
BlackBerry QNX Neutrino RTOS <6.5.x - Privilege Escalation
/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument.
CVE-2009-4645 EXPLOITDB text WRITEUP
Accellion Secure File Transfer Appliance <8.0.105 - Path Traversal
Directory traversal vulnerability in web_client_user_guide.html in Accellion Secure File Transfer Appliance before 8_0_105 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.
CVE-2011-0018 EXPLOITDB text WRITEUP
OpenVAS Manager <2.0rc2 - Command Injection
The email function in manage_sql.c in OpenVAS Manager 1.0.x through 1.0.3 and 2.0.x through 2.0rc2 allows remote authenticated users to execute arbitrary commands via the (1) To or (2) From e-mail address in an OMP request to the Greenbone Security Assistant (GSA).
CVE-2009-4648 EXPLOITDB text WORKING POC
Accellion Secure File Transfer Appliance - Privilege Escalation via Sudo Command Argument Injection
Accellion Secure File Transfer Appliance before 8_0_105 does not properly restrict access to sensitive commands and arguments that run with extra sudo privileges, which allows local administrators to gain privileges via (1) arbitrary arguments in the --file_move action in /usr/local/bin/admin.pl, or a hard link attack in (2) chmod or (3) a certain cp command.
CVE-2012-4515 EXPLOITDB text WRITEUP
KDE Konqueror 4.7.3 - Use-After-Free via IFrame Context Menu Access
Use-after-free vulnerability in khtml/rendering/render_replaced.cpp in Konqueror in KDE 4.7.3, when the context menu is shown, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by accessing an iframe when it is being updated.
CVE-2014-2045 EXPLOITDB MEDIUM text WRITEUP
Viprinet Multichannel VPN Router 300 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool.
CVSS 6.1
EIP-2026-101246 EXPLOITDB text WORKING POC
D-Link DSL-G624T - Var:RelaodHref Cross-Site Scripting
CVE-2002-2399 EXPLOITDB text WRITEUP
W3Mail 1.0.6 - Path Traversal via File Parameter
Directory traversal vulnerability in viewAttachment.cgi in W3Mail 1.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
CVE-2014-3977 EXPLOITDB text WORKING POC
IBM AIX 6.1/7.1 & VIOS 2.2.x - Local Privilege Escalation
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.