Ulf Harnhammar

23 exploits Active since Oct 2002
EIP-2026-113720 EXPLOITDB text WRITEUP
WordPress Plugin Enable Media Replace - Multiple Vulnerabilities
CVE-2002-0961 EXPLOITDB text WRITEUP
Voxel Cbms < 0.7 - SQL Injection
Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote attackers to conduct unauthorized operations as other users, e.g. by deleting clients via dltclnt.php, possibly in a SQL injection attack.
CVE-2002-1495 EXPLOITDB text WORKING POC
JAWmail 1.0-rc1 - XSS
Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows remote attackers to insert arbitrary script or HTML via (1) attached file names in the Read Mail feature, (2) text/html mails that are displayed in a pop-up window, and (3) certain malicious attributes within otherwise safe tags, such as onMouseOver.
CVE-2003-1530 EXPLOITDB perl WORKING POC
Phpbb - SQL Injection
SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark[] parameter.
CVE-2002-1757 EXPLOITDB text WRITEUP
PHProjekt 2.0-3.1 - Auth Bypass
PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using "mail_send.php/sms".
EIP-2026-110846 EXPLOITDB text WRITEUP
PHP-Nuke 6.0 - Web Mail Remote PHP Script Execution
EIP-2026-110847 EXPLOITDB text WRITEUP
PHP-Nuke 6.0 - Web Mail Script Injection
CVE-2002-1958 EXPLOITDB text WORKING POC
Kmmail - XSS
Cross-site scripting (XSS) vulnerability in kmMail 1.0, 1.0a, and 1.0b allows remote attackers to inject arbitrary web script or HTML via (1) javascript in onmouseover or other attributes in "safe" HTML tags such as the "b" tag, or (2) the Subject field.
CVE-2002-1423 EXPLOITDB text WRITEUP
FUDforum <2.2.0 - Info Disclosure
tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter.
CVE-2002-1422 EXPLOITDB text WRITEUP
FUDforum <2.2.0 - Path Traversal
admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters.
EIP-2026-107360 EXPLOITDB text WRITEUP
Geeklog 1.3.5 - HTML Attribute Cross-Site Scripting
CVE-2002-1708 EXPLOITDB text WRITEUP
Basilix Webmail - XSS
Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields.
CVE-2005-3120 EXPLOITDB CRITICAL perl WORKING POC
Lynx <2.8.6 - Buffer Overflow
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.
CVSS 9.8
CVE-2005-2967 EXPLOITDB perl WORKING POC
xine-lib <1.1.1 - RCE
Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD.
CVE-2005-0161 EXPLOITDB text WRITEUP
E-merge Unace - Path Traversal
Multiple directory traversal vulnerabilities in unace 1.2b allow attackers to overwrite arbitrary files via an ACE archive containing (1) ../ sequences or (2) absolute pathnames.
CVE-2004-0104 EXPLOITDB text WORKING POC
Metamail <2.7 - RCE
Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.
CVE-2002-1405 EXPLOITDB perl WORKING POC
Lynx <2.8.4 - CRLF Injection
CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.
EIP-2026-103162 EXPLOITDB perl WORKING POC
Lynx 2.8.6dev.13 - Remote Buffer Overflow
CVE-2004-0354 EXPLOITDB perl WORKING POC
GNU Anubis 3.6.0-3.9.93 - RCE
Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c.
EIP-2026-103105 EXPLOITDB text WRITEUP
Emil 2.x - Multiple Buffer Overrun / Format String Vulnerabilities
CVE-2005-0105 EXPLOITDB c WORKING POC
Typespeed <0.4.1 - Privilege Escalation
Unknown vulnerability in typespeed 0.4.1 and earlier allows local users to gain privileges.
CVE-2006-6692 EXPLOITDB perl WORKING POC
Zabbix <20061006 - RCE
Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog.
CVE-2005-3862 EXPLOITDB perl WORKING POC
Unalz - Buffer Overflow
Buffer overflow in unalz before 0.53 allows remote attackers to execute arbitrary code via long file names in ALZ archives.