demonalex

15 exploits Active since Dec 2011
CVE-2012-10055 EXPLOITDB CRITICAL perl WORKING POC
ComSndFTP FTP Server <1.3.7 Beta - Code Injection
ComSndFTP FTP Server version 1.3.7 Beta contains a format string vulnerability in its handling of the USER command. By sending a specially crafted username containing format specifiers, a remote attacker can overwrite a hardcoded function pointer in memory (specifically WSACleanup from Ws2_32.dll). This allows the attacker to redirect execution flow and bypass DEP protections using a ROP chain, ultimately leading to arbitrary code execution. The vulnerability is exploitable without authentication and affects default configurations.
CVE-2011-4712 EXPLOITDB text WORKING POC
Oxide WebServer - Unauthenticated Path Traversal via Dot Dot Backslash
Directory traversal vulnerability in Oxide WebServer allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in an HTTP request.
CVE-2012-5100 EXPLOITDB text WORKING POC
HServer 0.1.1 - Path Traversal via Encoded Dot-Dot-Backslash Sequences
Directory traversal vulnerability in HServer 0.1.1 allows remote attackers to read arbitrary files via a (1) ..%5c (dot dot encoded backslash) or (2) %2e%2e%5c (encoded dot dot backslash) in the PATH_INFO.
CVE-2012-5344 EXPLOITDB text WRITEUP
IpTools 0.1.4 - Unauthenticated Path Traversal via HTTP Request
Directory traversal vulnerability in the WebServer (Thttpd.bat) in IpTools (aka Tiny TCP/IP server) 0.1.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a HTTP request.
EIP-2026-118402 EXPLOITDB perl WORKING POC
Deepin TFTP Server 1.25 - Directory Traversal
CVE-2012-5345 EXPLOITDB perl WORKING POC
IpTools 0.1.4 - Denial of Service via Long String to TCP Port 23
Buffer overflow in the Remote command server (Rcmd.bat) in IpTools (aka Tiny TCP/IP server) 0.1.4 allows remote attackers to cause a denial of service (crash) via a long string to TCP port 23.
EIP-2026-116461 EXPLOITDB perl WORKING POC
Universal Reader 1.16.740.0 - 'uread.exe' Denial of Service
EIP-2026-116376 EXPLOITDB text WORKING POC
Syslog Watcher Pro 2.8.0.812 - 'Date' Cross-Site Scripting
EIP-2026-116404 EXPLOITDB text WORKING POC
TFTPD32 DNS Server 4.00 - Denial of Service
CVE-2012-3816 EXPLOITDB text WORKING POC
WinRadius Server 2009 - Denial of Service via Long Password in Access-Request Packet
WinRadius Server 2009 allows remote attackers to cause a denial of service (crash) via a long password in an Access-Request packet.
EIP-2026-116131 EXPLOITDB perl WORKING POC
Quick 'n Easy FTP Server 3.9.1 - 'USER' Remote Buffer Overflow
EIP-2026-109070 EXPLOITDB text WRITEUP
LastGuru ASP Guestbook - 'View.asp' SQL Injection
CVE-2012-4999 EXPLOITDB perl WORKING POC
Mercury MR804 Router <8.0.3.8.1 Build - DoS
Mercury MR804 Router 8.0 3.8.1 Build 101220 Rel.53006nB allows remote attackers to cause a denial of service (service hang) via a crafted string in HTTP header fields such as (1) If-Modified-Since, (2) If-None-Match, or (3) If-Unmodified-Since. NOTE: some of these details are obtained from third party information.
EIP-2026-100412 EXPLOITDB text WORKING POC
Matthew1471 BlogX - Multiple Cross-Site Scripting Vulnerabilities
EIP-2026-100210 EXPLOITDB text WORKING POC
CmyDocument - Multiple Cross-Site Scripting Vulnerabilities