bob

11 exploits Active since Jul 2002
CVE-2018-2380 NOMISEC MEDIUM WORKING POC
SAP CRM 7.01-7.02, 7.30-7.31, 7.33, 7.54 - Path Traversal
SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
51 stars
CVSS 6.6
CVE-2015-9253 WRITEUP MEDIUM WRITEUP
PHP < 7.1.20 - Uncontrolled Resource Consumption via Non-Blocking STDIN Stream
An issue was discovered in PHP 7.3.x before 7.3.0alpha3, 7.2.x before 7.2.8, and before 7.1.20. The php-fpm master process restarts a child process in an endless loop when using program execution functions (e.g., passthru, exec, shell_exec, or system) with a non-blocking STDIN stream, causing this master process to consume 100% of the CPU, and consume disk space with a large volume of error logs, as demonstrated by an attack by a customer of a shared-hosting facility.
CVSS 6.5
CVE-2002-2087 EXPLOITDB c WORKING POC
Borland InterBase 6.0 - Local Buffer Overflow via INTERBASE Environment Variable
Buffer overflow in Borland InterBase 6.0 allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_drop, (2) gds_lock_mgr, or (3) gds_inet_server.
CVE-2002-2087 EXPLOITDB c WORKING POC
Borland InterBase 6.0 - Local Buffer Overflow via INTERBASE Environment Variable
Buffer overflow in Borland InterBase 6.0 allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_drop, (2) gds_lock_mgr, or (3) gds_inet_server.
CVE-2002-0031 EXPLOITDB c WORKING POC
Yahoo! Messenger 5.0.0.1064 - Remote Code Execution via Long YMSGR URI Arguments
Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary code via a ymsgr URI with long arguments to (1) call, (2) sendim, (3) getimv, (4) chat, (5) addview, or (6) addfriend.
CVE-2018-2380 EXPLOITDB MEDIUM python WORKING POC
SAP CRM 7.01-7.02, 7.30-7.31, 7.33, 7.54 - Path Traversal
SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing "traverse to parent directory" are passed through to the file APIs.
CVSS 6.6
CVE-2003-0281 EXPLOITDB c WORKING POC
Firebird < 1.5 - Buffer Overflow via Long INTERBASE Environment Variable
Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_inet_server, (2) gds_lock_mgr, or (3) gds_drop.
CVE-2003-0358 EXPLOITDB c WORKING POC
nethack <3.4.0 & falconseye <1.9.3 - Buffer Overflow
Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option.
CVE-2002-2087 EXPLOITDB c WORKING POC
Borland InterBase 6.0 - Local Buffer Overflow via INTERBASE Environment Variable
Buffer overflow in Borland InterBase 6.0 allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_drop, (2) gds_lock_mgr, or (3) gds_inet_server.
CVE-2003-1425 EXPLOITDB c WORKING POC
cPanel 5.0 - Remote Code Execution via Guestbook.cgi Template Parameter
guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitrary commands via the template parameter.
CVE-2003-0281 EXPLOITDB c WORKING POC
Firebird < 1.5 - Buffer Overflow via Long INTERBASE Environment Variable
Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and possibly other products that use the InterBase codebase, allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_inet_server, (2) gds_lock_mgr, or (3) gds_drop.