bannedit

34 exploits Active since May 2006
CVE-2011-3011 EXPLOITDB ruby WORKING POC
CA ARCserve D2D r15 - Exposure of Sensitive Information via Session Handling
BaseServiceImpl.class in CA ARCserve D2D r15 does not properly handle sessions, which allows remote attackers to obtain credentials, and consequently execute arbitrary commands, via unspecified vectors.
CVE-2009-0837 EXPLOITDB ruby WORKING POC
Foxit Reader <3.0 Build 1506 - Buffer Overflow
Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the "Open/Execute a file" action.
EIP-2026-104141 EXPLOITDB ruby WORKING POC
Zend Server Java Bridge - Arbitrary Java Code Execution (Metasploit)
EIP-2026-103889 EXPLOITDB ruby WORKING POC
Cyrus IMAPD 2.3.2 - 'pop3d' Remote Buffer Overflow (2)
CVE-2010-1870 EXPLOITDB ruby WORKING POC
Apache Struts 2.0.0-2.1.8.1 - Remote Code Execution via OGNL Context Variable Manipulation
The OGNL extensive expression evaluation capability in XWork in Struts 2.0.0 through 2.1.8.1, as used in Atlassian Fisheye, Crucible, and possibly other products, uses a permissive whitelist, which allows remote attackers to modify server-side context objects and bypass the "#" protection mechanism in ParameterInterceptors via the (1) #context, (2) #_memberAccess, (3) #root, (4) #this, (5) #_typeResolver, (6) #_classResolver, (7) #_traceEvaluations, (8) #_lastEvaluation, (9) #_keepLastEvaluation, and possibly other OGNL context variables, a different vulnerability than CVE-2008-6504.
CVE-2006-2502 EXPLOITDB ruby WORKING POC
Cyrus IMAPD 2.3.2 - Stack-Based Buffer Overflow via Long USER Command
Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
CVE-2007-4584 EXPLOITDB ruby WORKING POC
BitchX 1.1 Final - Remote Code Execution via MODE Command Buffer Overflow
Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable.
CVE-2007-6211 EXPLOITDB c WORKING POC
Debian GNU/Linux - Privilege Escalation
Send ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L (output log file) option. NOTE: this issue is only a vulnerability in limited environments, since sing is not installed setuid, and the administrator would need to override a non-setuid default during installation.
EIP-2026-102466 EXPLOITDB ruby WORKING POC
CA Arcserve D2D GWT RPC - Credential Information Disclosure (Metasploit)