chap0

25 exploits Active since Jun 2010
CVE-2012-5918 EXPLOITDB text WRITEUP
razorCMS 1.2 - Authenticated Directory Traversal via Directory Manipulation
razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory.
CVE-2011-10012 EXPLOITDB HIGH perl WORKING POC
NetOp Remote Control Client 9.5 - Stack-based Buffer Overflow via .dws Configuration File
NetOp (now part of Impero Software) Remote Control Client v9.5 is vulnerable to a stack-based buffer overflow when processing .dws configuration files. If a .dws file contains a string longer than 520 bytes, the application fails to perform proper bounds checking, allowing an attacker to execute arbitrary code when the file is opened.
CVE-2015-1171 METASPLOIT ruby WORKING POC
GSM SIM Utility <6.6 - Buffer Overflow
Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file.
CVE-2010-2343 METASPLOIT ruby WORKING POC
D.R. Software Audio Converter 8.1, 2007, and 8.05 - Stack-based Buffer Overflow via PLS Playlist File
Stack-based buffer overflow in D.R. Software Audio Converter 8.1, 2007, and 8.05 allows remote attackers to execute arbitrary code via a crafted pls playlist file.
EIP-2026-118877 EXPLOITDB perl WORKING POC
Microsoft Windows FTP Server 1.4 - Authentication Bypass
EIP-2026-118633 EXPLOITDB python WORKING POC
Hero DVD Remote 1.0 - Remote Buffer Overflow
EIP-2026-118632 EXPLOITDB ruby WORKING POC
Hero DVD - Remote Buffer Overflow (Metasploit)
EIP-2026-118230 EXPLOITDB ruby WORKING POC
Actfax FTP Server 4.27 - 'USER' Stack Buffer Overflow (Metasploit)
EIP-2026-118231 EXPLOITDB perl WORKING POC
ActFax Server (LPD/LPR) 4.25 Build 0221 (2010-02-11) - Remote Buffer Overflow
EIP-2026-118233 EXPLOITDB python WORKING POC
ActFax Server FTP 4.25 Build 0221 (2010-02-11) - (Authenticated) Remote Buffer Overflow
EIP-2026-117255 EXPLOITDB ruby WORKING POC
GSM SIM Editor 5.15 - Local Buffer Overflow (Metasploit)
CVE-2010-2343 EXPLOITDB python WORKING POC
D.R. Software Audio Converter 8.1, 2007, and 8.05 - Stack-based Buffer Overflow via PLS Playlist File
Stack-based buffer overflow in D.R. Software Audio Converter 8.1, 2007, and 8.05 allows remote attackers to execute arbitrary code via a crafted pls playlist file.
CVE-2010-2343 EXPLOITDB perl WORKING POC
D.R. Software Audio Converter 8.1, 2007, and 8.05 - Stack-based Buffer Overflow via PLS Playlist File
Stack-based buffer overflow in D.R. Software Audio Converter 8.1, 2007, and 8.05 allows remote attackers to execute arbitrary code via a crafted pls playlist file.
CVE-2010-2343 EXPLOITDB ruby WORKING POC
D.R. Software Audio Converter 8.1, 2007, and 8.05 - Stack-based Buffer Overflow via PLS Playlist File
Stack-based buffer overflow in D.R. Software Audio Converter 8.1, 2007, and 8.05 allows remote attackers to execute arbitrary code via a crafted pls playlist file.
CVE-2010-2343 EXPLOITDB perl WORKING POC
D.R. Software Audio Converter 8.1, 2007, and 8.05 - Stack-based Buffer Overflow via PLS Playlist File
Stack-based buffer overflow in D.R. Software Audio Converter 8.1, 2007, and 8.05 allows remote attackers to execute arbitrary code via a crafted pls playlist file.
EIP-2026-117256 EXPLOITDB python WORKING POC
GSM SIM Utility 5.15 - '.sms' File Local Buffer Overflow (SEH)
EIP-2026-117257 EXPLOITDB python WORKING POC
GSM SIM Utility 5.15 - Direct RET Overflow
EIP-2026-116250 EXPLOITDB perl WORKING POC
Smart PC Recorder 4.8 - '.mp3' Local Crash (PoC)
EIP-2026-115104 EXPLOITDB perl WORKING POC
CP3 Studio PC Version - Denial of Service
EIP-2026-114847 EXPLOITDB perl WORKING POC
Acoustica 3.32 CD/DVD Label Maker - '.m3u' (PoC)
CVE-2012-1026 EXPLOITDB text WRITEUP
XRay CMS 1.1.1 - SQL Injection via Username or Password Parameter
Multiple SQL injection vulnerabilities in login2.php in XRay CMS 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.
EIP-2026-112674 EXPLOITDB text WRITEUP
Tickets CAD 2.20G - Multiple Vulnerabilities
CVE-2012-6038 EXPLOITDB text WRITEUP
razorCMS < 1.2.1 - Authenticated Path Traversal via dir Parameter
admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action. NOTE: this issue has been referred to as a "path traversal."
EIP-2026-111131 EXPLOITDB text WRITEUP
phpmoneybooks 1.03 - Persistent Cross-Site Scripting
EIP-2026-101111 EXPLOITDB python WORKING POC
Xerox 4595 - Denial of Service