corelanc0d3r

89 exploits Active since Oct 2008
CVE-2011-0499 EXPLOITDB ruby WORKING POC
VideoSpirit Pro < 1.6.8.1 and VideoSpirit Lite < 1.4.0.1 - Buffer Overflow via Long Name Attribute in .visprj File
Buffer overflow in VideoSpirit Pro 1.6.8.1 and possibly earlier versions, and VideoSpirit Lite 1.4.0.1 and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a VideoSpirit project (.visprj) file containing a valitem element with a long "name" attribute. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2013-10064 EXPLOITDB CRITICAL ruby WORKING POC
ActFax Server <5.01 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in ActFax Server version 5.01. The server's RAW protocol interface fails to safely process user-supplied data in @F506 fax header fields due to insecure usage of strcpy. Remote attackers can exploit this vulnerability by sending specially crafted @F506 fields, potentially leading to arbitrary code execution. Successful exploitation requires network access to TCP port 4559 and does not require authentication.
CVE-2012-10035 EXPLOITDB CRITICAL ruby WORKING POC
Turbo FTP Server <1.30.823-1.30.826 - Buffer Overflow
Turbo FTP Server versions 1.30.823 and 1.30.826 contain a buffer overflow vulnerability in the handling of the PORT command. By sending a specially crafted payload, an unauthenticated remote attacker can overwrite memory structures and execute arbitrary code with SYSTEM privileges.
CVE-2012-10055 EXPLOITDB CRITICAL ruby WORKING POC
ComSndFTP FTP Server <1.3.7 Beta - Code Injection
ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memory (specifically WSACleanup from Ws2_32.dll). This allows the attacker to redirect execution flow and bypass DEP protections using a ROP chain, ultimately leading to arbitrary code execution. The vulnerability is exploitable without authentication and affects default configurations.
CVE-2011-10024 EXPLOITDB HIGH ruby WORKING POC
MJM Core Player 2011 - Buffer Overflow
MJM Core Player (likely now referred to as MJM Player) 2011 is vulnerable to a stack-based buffer overflow when parsing specially crafted .s3m music files. The vulnerability arises from improper bounds checking in the file parser, allowing an attacker to overwrite memory on the stack and execute arbitrary code. Exploitation is triggered when a user opens a malicious .s3m file, and the exploit bypasses DEP and ASLR protections using a ROP chain.
CVE-2011-10023 EXPLOITDB HIGH ruby WORKING POC
MJM QuickPlayer 2010 - Stack-based Buffer Overflow via Malicious S3M File
MJM QuickPlayer (also known as MJM Player) version 2010 contains a stack-based buffer overflow vulnerability triggered by opening a malicious .s3m music file. The flaw occurs due to improper bounds checking in the file parser, allowing an attacker to overwrite memory and execute arbitrary code. Exploitation is achieved via a crafted payload that bypasses DEP and ASLR protections using ROP techniques, and requires user interaction to open the file.
CVE-2011-10021 EXPLOITDB HIGH ruby WORKING POC
Magix Musik Maker 16 - Buffer Overflow
Magix Musik Maker 16 is vulnerable to a stack-based buffer overflow due to improper handling of .mmm arrangement files. The vulnerability arises from an unsafe strcpy() operation that fails to validate input length, allowing attackers to overwrite the Structured Exception Handler (SEH). By crafting a malicious .mmm file, an attacker can trigger the overflow when the file is opened, potentially leading to arbitrary code execution. This vulnerability was remediated in version 17.
CVE-2009-4089 EXPLOITDB perl WORKING POC
telepark.wiki <2.4.23 - Auth Bypass
telepark.wiki 2.4.23 and earlier allows remote attackers to bypass authorization and (1) delete arbitrary pages via a modified pageID parameter to ajax/deletePage.php or (2) delete arbitrary comments via a modified pageID parameter to ajax/deleteComment.php.
CVE-2009-4088 EXPLOITDB perl WORKING POC
telepark.wiki <2.4.23 - Path Traversal
Multiple directory traversal vulnerabilities in telepark.wiki 2.4.23 and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the css parameter to (1) getjs.php and (2) getcsslocal.php; and include and execute arbitrary local files via the (3) group parameter to upload.php.
CVE-2010-5333 EXPLOITDB CRITICAL ruby WORKING POC
Integard Pro/Home <2.0.0.9037 & 2.2.x <2.2.0.9037 - RCE
The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execution. An SEH-overwrite buffer overflow already existed for the vulnerable software. This CVE is to track an alternate exploitation method, utilizing an EIP-overwrite buffer overflow.
CVSS 9.8
CVE-2010-5333 EXPLOITDB CRITICAL ruby WORKING POC
Integard Pro/Home <2.0.0.9037 & 2.2.x <2.2.0.9037 - RCE
The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execution. An SEH-overwrite buffer overflow already existed for the vulnerable software. This CVE is to track an alternate exploitation method, utilizing an EIP-overwrite buffer overflow.
CVSS 9.8
CVE-2010-20108 EXPLOITDB HIGH ruby WORKING POC
FTPPad <= 1.2.0 - Stack-based Buffer Overflow via FTP LIST Response
FTPPad <= 1.2.0 contains a stack-based buffer overflow vulnerability in its FTP directory listing parser. When the client connects to an FTP server and receives a crafted response to a LIST command containing an excessively long directory and filename, the application fails to properly validate input length. This results in a buffer overflow that overwrites the saved Extended Instruction Pointer (EIP), allowing remote attackers to execute arbitrary code.
CVE-2010-20107 EXPLOITDB HIGH ruby WORKING POC
FTP Synchronizer Professional <= v4.0.73.274 - Buffer Overflow
A stack-based buffer overflow exists in FTP Synchronizer Professional <= v4.0.73.274. When the client connects to an FTP server and issues a LIST command—typically during sync preview or profile creation—the server’s response containing an overly long filename triggers a buffer overflow. This results in the corruption of the Structured Exception Handler (SEH), potentially allowing remote code execution.
CVE-2010-20049 EXPLOITDB CRITICAL ruby WORKING POC
LeapFTP < 3.1.x - Stack-based Buffer Overflow via Long Filename in Directory Listing
LeapFTP < 3.1.x contains a stack-based buffer overflow vulnerability in its FTP client parser. When the client receives a directory listing containing a filename longer than 528 bytes, the application fails to properly bound-check the input and overwrites the Structured Exception Handler (SEH) chain. This allows an attacker operating a malicious FTP server to execute arbitrary code on the victim’s machine when the file is listed or downloaded.
CVE-2010-20045 EXPLOITDB HIGH ruby WORKING POC
FileWrangler <= 5.30 - Buffer Overflow
FileWrangler <= 5.30 suffers from a stack-based buffer overflow vulnerability when parsing directory listings from an FTP server. A malicious server can send an overlong folder name in response to a LIST command, triggering memory corruption during client-side rendering. Exploitation requires passive user interaction—simply connecting to the server—without further input. Successful exploitation may lead to arbitrary code execution.
CVE-2010-20042 EXPLOITDB HIGH ruby WORKING POC
Xion Audio Player <1.0.126 - Buffer Overflow
Xion Audio Player versions 1.0.126 and prior are vulnerable to a Unicode-based stack buffer overflow triggered by opening a specially crafted .m3u playlist file. The file contains an overly long string that overwrites the Structured Exception Handler (SEH) chain, allowing an attacker to hijack execution flow and run arbitrary code.
CVE-2010-20042 EXPLOITDB HIGH python WORKING POC
Xion Audio Player <1.0.126 - Buffer Overflow
Xion Audio Player versions 1.0.126 and prior are vulnerable to a Unicode-based stack buffer overflow triggered by opening a specially crafted .m3u playlist file. The file contains an overly long string that overwrites the Structured Exception Handler (SEH) chain, allowing an attacker to hijack execution flow and run arbitrary code.
CVE-2010-20034 EXPLOITDB HIGH ruby WORKING POC
Gekko Manager FTP Client <= 0.77 - Buffer Overflow
Gekko Manager FTP Client <= 0.77 contains a stack-based buffer overflow in its FTP directory listing parser. When processing a server response to a LIST command, the client fails to properly validate the length of filenames. A crafted response containing an overly long filename can overwrite the Structured Exception Handler (SEH), potentially allowing remote code execution.
CVE-2010-20010 EXPLOITDB HIGH ruby WORKING POC
Foxit PDF Reader < 4.2.0.0928 - Stack-based Buffer Overflow via PDF Info Title Entry
Foxit PDF Reader before 4.2.0.0928 does not properly bound-check the /Title entry in the PDF Info dictionary. A specially crafted PDF with an overlong Title string can overflow a fixed-size stack buffer, corrupt the Structured Exception Handler (SEH) chain, and lead to arbitrary code execution in the context of the user who opens the file.
CVE-2010-20007 EXPLOITDB HIGH ruby WORKING POC
Seagull FTP Client <= v3.3 Build 409 - Buffer Overflow
Seagull FTP Client <= v3.3 Build 409 contains a stack-based buffer overflow vulnerability in its FTP directory listing parser. When the client connects to an FTP server and receives a crafted response to a LIST command containing an excessively long filename, the application fails to properly validate input length, resulting in a buffer overflow that overwrites the Structured Exception Handler (SEH). This may allow remote attackers to execute arbitrary code on the client system. This product line was discontinued and users were advised to use BlueZone Secure FTP instead, at the time of disclosure.
CVE-2010-10014 EXPLOITDB HIGH ruby WORKING POC
Odin Secure FTP <= 4.1 - Buffer Overflow
Odin Secure FTP <= 4.1 is vulnerable to a stack-based buffer overflow when parsing directory listings received in response to an FTP LIST command. A malicious FTP server can send an overly long filename in the directory listing, which overflows a fixed-size stack buffer in the client and overwrites the Structured Exception Handler (SEH). This allows remote attackers to execute arbitrary code on the client system.
CVE-2013-10064 METASPLOIT CRITICAL ruby WORKING POC
ActFax Server <5.01 - Buffer Overflow
A stack-based buffer overflow vulnerability exists in ActFax Server version 5.01. The server's RAW protocol interface fails to safely process user-supplied data in @F506 fax header fields due to insecure usage of strcpy. Remote attackers can exploit this vulnerability by sending specially crafted @F506 fields, potentially leading to arbitrary code execution. Successful exploitation requires network access to TCP port 4559 and does not require authentication.
CVE-2011-1865 METASPLOIT ruby WORKING POC
HP OpenView Storage Data Protector <6.20 - Buffer Overflow
Multiple stack-based buffer overflows in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allow remote attackers to execute arbitrary code via a request containing crafted parameters.
CVE-2011-1591 METASPLOIT ruby WORKING POC
Wireshark 1.4.x < 1.4.5 - Stack-Based Buffer Overflow in DECT Dissector
Stack-based buffer overflow in the DECT dissector in epan/dissectors/packet-dect.c in Wireshark 1.4.x before 1.4.5 allows remote attackers to execute arbitrary code via a crafted .pcap file.
CVE-2010-5333 METASPLOIT CRITICAL ruby WORKING POC
Integard Pro/Home <2.0.0.9037 & 2.2.x <2.2.0.9037 - RCE
The web server in Integard Pro and Home before 2.0.0.9037 and 2.2.x before 2.2.0.9037 has a buffer overflow via a long password in an administration login POST request, leading to arbitrary code execution. An SEH-overwrite buffer overflow already existed for the vulnerable software. This CVE is to track an alternate exploitation method, utilizing an EIP-overwrite buffer overflow.
CVSS 9.8