germaya_x

18 exploits Active since Sep 2008
CVE-2009-20003 EXPLOITDB HIGH ruby WORKING POC
Xenorate <2.50 - Buffer Overflow
Xenorate versions up to and including 2.50, a Windows-based multimedia player, is vulnerable to a stack-based buffer overflow when processing .xpl playlist files. The application fails to properly validate the length of input data, allowing an attacker to craft a malicious .xpl file that overwrites the Structured Exception Handler (SEH) and enables arbitrary code execution. Exploitation requires local interaction, typically by convincing a user to open the crafted file.
CVE-2009-20003 EXPLOITDB HIGH perl WORKING POC
Xenorate <2.50 - Buffer Overflow
Xenorate versions up to and including 2.50, a Windows-based multimedia player, is vulnerable to a stack-based buffer overflow when processing .xpl playlist files. The application fails to properly validate the length of input data, allowing an attacker to craft a malicious .xpl file that overwrites the Structured Exception Handler (SEH) and enables arbitrary code execution. Exploitation requires local interaction, typically by convincing a user to open the crafted file.
CVE-2009-20003 METASPLOIT HIGH ruby WORKING POC
Xenorate <2.50 - Buffer Overflow
Xenorate versions up to and including 2.50, a Windows-based multimedia player, is vulnerable to a stack-based buffer overflow when processing .xpl playlist files. The application fails to properly validate the length of input data, allowing an attacker to craft a malicious .xpl file that overwrites the Structured Exception Handler (SEH) and enables arbitrary code execution. Exploitation requires local interaction, typically by convincing a user to open the crafted file.
CVE-2009-0476 METASPLOIT ruby WORKING POC
MultiMedia Soft AdjMmsEng.dll <7.11.2.7 - Buffer Overflow
Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0 and 7.11.2.7, as distributed in multiple MultiMedia Soft audio components for .NET, allows remote attackers to execute arbitrary code via a long string in a playlist (.pls) file, as originally reported for Euphonics Audio Player 1.0. NOTE: some of these details are obtained from third party information.
EIP-2026-118705 EXPLOITDB html WORKING POC
JcomBand toolbar on IE - ActiveX Buffer Overflow
EIP-2026-118803 EXPLOITDB html WORKING POC
Microsoft Internet Explorer - 'wshom.ocx' ActiveX Control Remote Code Execution
EIP-2026-117456 EXPLOITDB perl WORKING POC
Mediacoder 0.7.1.4486 - '.lst' Universal Buffer Overflow (SEH)
EIP-2026-117774 EXPLOITDB perl WORKING POC
Playlistmaker 1.5 - '.m3u' / '.M3L' Local Stack Overflow (SEH)
EIP-2026-117776 EXPLOITDB perl WORKING POC
Playlistmaker 1.51 - '.m3u' Local Buffer Overflow (SEH)
CVE-2009-1071 EXPLOITDB perl WORKING POC
Randomsoftware Icarus - Memory Corruption
Stack-based buffer overflow in Icarus 2.0 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted Portable Game Notation (.pgn) file.
EIP-2026-116835 EXPLOITDB python WORKING POC
Audio Workstation 6.4.2.4.0 - '.pls' Universal Local Buffer Overflow
CVE-2009-0476 EXPLOITDB perl WORKING POC
MultiMedia Soft AdjMmsEng.dll <7.11.2.7 - Buffer Overflow
Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0 and 7.11.2.7, as distributed in multiple MultiMedia Soft audio components for .NET, allows remote attackers to execute arbitrary code via a long string in a playlist (.pls) file, as originally reported for Euphonics Audio Player 1.0. NOTE: some of these details are obtained from third party information.
EIP-2026-116836 EXPLOITDB ruby WORKING POC
Audio Workstation 6.4.2.4.3 - '.pls' Local Buffer Overflow (Metasploit)
EIP-2026-116479 EXPLOITDB html WORKING POC
VideoLAN VLC Media Player 0.8.6i - ActiveX Denial of Service (PoC)
EIP-2026-109878 EXPLOITDB text WORKING POC
netBIOS - 'newsid' SQL Injection
CVE-2008-6427 EXPLOITDB text WORKING POC
Hivemaker < 1.0.2 - SQL Injection
SQL injection vulnerability in index.php in Hivemaker Professional 1.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter.
CVE-2008-4374 EXPLOITDB text WORKING POC
Cmsbuzz Cms Buzz - SQL Injection
SQL injection vulnerability in index.php in CMS Buzz allows remote attackers to execute arbitrary SQL commands via the id parameter in a playgame action.
CVE-2008-4043 EXPLOITDB text WORKING POC
AJ Square AJ HYIP Acme - SQL Injection
Multiple SQL injection vulnerabilities in AJ Square AJ HYIP Acme allow remote attackers to execute arbitrary SQL commands via the artid parameter to (1) acme/article/comment.php and (2) prime/article/comment.php.