Ulf Harnhammar

23 exploits Active since Oct 2002
EIP-2026-113720 EXPLOITDB text WRITEUP
WordPress Plugin Enable Media Replace - Multiple Vulnerabilities
CVE-2002-0961 EXPLOITDB text WRITEUP
Voxel Dot Net CBMS < 0.7 - Unauthenticated SQL Injection via dltclnt.php
Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote attackers to conduct unauthorized operations as other users, e.g. by deleting clients via dltclnt.php, possibly in a SQL injection attack.
CVE-2002-1495 EXPLOITDB text WORKING POC
JAWmail 1.0-rc1 - Cross-Site Scripting via Attached File Names and HTML Mail Attributes
Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows remote attackers to insert arbitrary script or HTML via (1) attached file names in the Read Mail feature, (2) text/html mails that are displayed in a pop-up window, and (3) certain malicious attributes within otherwise safe tags, such as onMouseOver.
CVE-2003-1530 EXPLOITDB perl WORKING POC
phpBB <= 2.0.3 - SQL Injection via privmsg.php mark[] Parameter
SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the mark[] parameter.
CVE-2002-1757 EXPLOITDB text WRITEUP
phprojekt 2.0-3.1 - Authentication Bypass via PATH_INFO Manipulation
PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using "mail_send.php/sms".
EIP-2026-110846 EXPLOITDB text WRITEUP
PHP-Nuke 6.0 - Web Mail Remote PHP Script Execution
EIP-2026-110847 EXPLOITDB text WRITEUP
PHP-Nuke 6.0 - Web Mail Script Injection
CVE-2002-1958 EXPLOITDB text WORKING POC
kmMail 1.0, 1.0a, 1.0b - Cross-Site Scripting via HTML Attributes or Subject Field
Cross-site scripting (XSS) vulnerability in kmMail 1.0, 1.0a, and 1.0b allows remote attackers to inject arbitrary web script or HTML via (1) javascript in onmouseover or other attributes in "safe" HTML tags such as the "b" tag, or (2) the Subject field.
CVE-2002-1423 EXPLOITDB text WRITEUP
FUDforum - Unauthenticated Arbitrary File Read via tmp_view.php file Parameter
tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter.
CVE-2002-1422 EXPLOITDB text WRITEUP
FUDforum - Unauthenticated Arbitrary File Creation and Deletion via admbrowse.php Path Parameters
admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters.
EIP-2026-107360 EXPLOITDB text WRITEUP
Geeklog 1.3.5 - HTML Attribute Cross-Site Scripting
CVE-2002-1708 EXPLOITDB text WRITEUP
BasiliX Webmail 1.10 - Stored Cross-Site Scripting via Subject or Message Fields
Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allows remote attackers to execute arbitrary script as other users by injecting script into the (1) subject or (2) message fields.
CVE-2005-3120 EXPLOITDB CRITICAL perl WORKING POC
lynx < 2.8.6 - Remote Code Execution via HTrjis Asian Character Handling
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.
CVSS 9.8
CVE-2005-2967 EXPLOITDB perl WORKING POC
xine-lib 1-beta-1.0.2 and 1.1.1 - Remote Code Execution via CDDB Metadata Format String
Format string vulnerability in input_cdda.c in xine-lib 1-beta through 1-beta 3, 1-rc, 1.0 through 1.0.2, and 1.1.1 allows remote servers to execute arbitrary code via format string specifiers in metadata in CDDB server responses when the victim plays a CD.
CVE-2005-0161 EXPLOITDB text WRITEUP
e-merge unace 1.2b - Directory Traversal and Arbitrary File Write via ACE Archive
Multiple directory traversal vulnerabilities in unace 1.2b allow attackers to overwrite arbitrary files via an ACE archive containing (1) ../ sequences or (2) absolute pathnames.
CVE-2004-0104 EXPLOITDB text WORKING POC
Metamail < 2.7 - Remote Code Execution via Format String Vulnerability
Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.
CVE-2002-1405 EXPLOITDB perl WORKING POC
Lynx <2.8.4 - CRLF Injection
CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.
EIP-2026-103162 EXPLOITDB perl WORKING POC
Lynx 2.8.6dev.13 - Remote Buffer Overflow
CVE-2004-0354 EXPLOITDB perl WORKING POC
GNU Anubis 3.6.0-3.6.2, 3.9.92-3.9.93 - Remote Code Execution via Format String Vulnerability
Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c.
EIP-2026-103105 EXPLOITDB text WRITEUP
Emil 2.x - Multiple Buffer Overrun / Format String Vulnerabilities
CVE-2005-0105 EXPLOITDB c WORKING POC
Typespeed <0.4.1 - Privilege Escalation
Unknown vulnerability in typespeed 0.4.1 and earlier allows local users to gain privileges.
CVE-2006-6692 EXPLOITDB perl WORKING POC
Zabbix - Format String Vulnerability via Log Functions
Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog.
CVE-2005-3862 EXPLOITDB perl WORKING POC
unalz - Buffer Overflow via Long File Names in ALZ Archives
Buffer overflow in unalz before 0.53 allows remote attackers to execute arbitrary code via long file names in ALZ archives.