Tom Ferris

16 exploits Active since Dec 2004
CVE-2005-1218 EXPLOITDB WORKING POC
Microsoft Windows - DoS
The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows XP, and Windows Server 2003 allows remote attackers to cause a denial of service (crash) via crafted Remote Desktop Protocol (RDP) requests.
EIP-2026-116589 EXPLOITDB perl WORKING POC
Xeneo Web Server 2.2.9.0 - Denial of Service
CVE-2005-2303 EXPLOITDB WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-1218. Reason: This candidate is a duplicate of CVE-2005-1218. Notes: All CVE users should reference CVE-2005-1218 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
EIP-2026-115698 EXPLOITDB html WORKING POC
Microsoft Internet Explorer 6 - 'mshtmled.dll' Denial of Service
CVE-2006-0544 EXPLOITDB html WORKING POC
Microsoft IE - Denial of Service
urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
EIP-2026-115760 EXPLOITDB text WRITEUP
Microsoft Publisher 2007 - Remote Denial of Service
CVE-2006-5084 EXPLOITDB text WORKING POC
eBay Skype for Mac <1.5.*.79 - RCE
Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed Skype URL, as originally reported to involve a null dereference.
CVE-2007-0342 EXPLOITDB HIGH text WORKING POC
Apple Safari - NULL Pointer Dereference
WebCore in Apple WebKit build 18794 allows remote attackers to cause a denial of service (null dereference and application crash) via a TD element with a large number in the ROWSPAN attribute, as demonstrated by a crash of OmniWeb 5.5.3 on Mac OS X 10.4.8, a different vulnerability than CVE-2006-2019.
CVSS 7.5
CVE-2005-4504 EXPLOITDB text WORKING POC
Apple Mac OS X <10.4.3 - DoS
The khtml::RenderTableSection::ensureRows function in KHTMLParser in Apple Mac OS X 10.4.3 and earlier, as used by Safari and TextEdit, allows remote attackers to cause a denial of service (memory consumption and application crash) via HTML files with a large ROWSPAN attribute in a TD tag.
CVE-2007-1071 EXPLOITDB text WRITEUP
Apple Mac OS X 10.4.8 - DoS/Arbitrary Code Execution
Integer overflow in the gifGetBandProc function in ImageIO in Apple Mac OS X 10.4.8 allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a crafted GIF image that triggers the overflow during decompression. NOTE: this is a different issue than CVE-2006-3502 and CVE-2006-3503.
CVE-2006-1985 EXPLOITDB text WRITEUP
Apple Safari - Memory Corruption
Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such as ZIP) that contains long path names, which triggers an error in the BOMStackPop function.
CVE-2006-1982 EXPLOITDB text WRITEUP
Apple Mac OS X - Memory Corruption
Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted TIFF images.
EIP-2026-104564 EXPLOITDB html WORKING POC
Apple Mac OSX Safari 2.0.3 (417.9.2) - Multiple Vulnerabilities
EIP-2026-103577 EXPLOITDB html WORKING POC
Mozilla Products - 'Host:' Buffer Overflow (Denial of Service) (PoC) String
CVE-2005-4720 EXPLOITDB text WORKING POC
Mozilla Firefox <1.0.7 - DoS
Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (client crash) via an IFRAME element with a large value of the WIDTH attribute, which triggers a problem related to representation of floating-point numbers, leading to an infinite loop of widget resizes and a corresponding large number of function calls on the stack.
CVE-2004-2517 EXPLOITDB c WORKING POC
myServer 0.7.1 - DoS
myServer 0.7.1 allows remote attackers to cause a denial of service (crash) via a long HTTP POST request in a View=Logon operation to index.html.