bannedit

34 exploits Active since May 2006
CVE-2011-3011 EXPLOITDB ruby WORKING POC
CA Arcserve D2d - Information Disclosure
BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle sessions, which allows remote attackers to obtain credentials, and consequently execute arbitrary commands, via unspecified vectors.
CVE-2009-0837 EXPLOITDB ruby WORKING POC
Foxit Reader <3.0 Build 1506 - Buffer Overflow
Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the "Open/Execute a file" action.
EIP-2026-104141 EXPLOITDB ruby WORKING POC
Zend Server Java Bridge - Arbitrary Java Code Execution (Metasploit)
EIP-2026-103889 EXPLOITDB ruby WORKING POC
Cyrus IMAPD 2.3.2 - 'pop3d' Remote Buffer Overflow (2)
CVE-2010-1870 EXPLOITDB ruby WORKING POC
Struts 2.0.0-2.1.8.1 - RCE
The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.
CVE-2006-2502 EXPLOITDB ruby WORKING POC
Cyrus Imapd - Buffer Overflow
Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
CVE-2007-4584 EXPLOITDB ruby WORKING POC
BitchX 1.1 Final - Buffer Overflow
Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable.
CVE-2007-6211 EXPLOITDB c WORKING POC
Debian GNU/Linux - Privilege Escalation
Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L (output log file) option. NOTE: this issue is only a vulnerability in limited environments, since sing is not installed setuid, and the administrator would need to override a non-setuid default during installation.
EIP-2026-102466 EXPLOITDB ruby WORKING POC
CA Arcserve D2D GWT RPC - Credential Information Disclosure (Metasploit)