iDefense

10 exploits Active since Nov 2002
CVE-2006-4842 METASPLOIT ruby WORKING POC
Netscape Portable Runtime (NSPR) API <4.6.3 - Local File Creation
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
CVE-2004-1172 EXPLOITDB c WORKING POC
Veritas Backup Exec 8.x-9.x - Stack-Based Buffer Overflow via Long Hostname in Agent Browser Registration
Stack-based buffer overflow in the Agent Browser in Veritas Backup Exec 8.x before 8.60.3878 Hotfix 68, and 9.x before 9.1.4691 Hotfix 40, allows remote attackers to execute arbitrary code via a registration request with a long hostname.
EIP-2026-119227 EXPLOITDB html WORKING POC
TVUPlayer 2.4.4.9beta1 - 'PlayerOcx.ocx' ActiveX Control Arbitrary File Overwrite
CVE-2004-2383 EXPLOITDB html WORKING POC
Microsoft Internet Explorer <6.0 - CSRF
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE.
CVE-2003-0317 EXPLOITDB text WRITEUP
iisPROTECT 2.1 and 2.2 - Authentication Bypass via URL-Encoded Characters
iisPROTECT 2.1 and 2.2 allows remote attackers to bypass authentication via an HTTP request containing URL-encoded characters.
CVE-2002-1230 EXPLOITDB text WRITEUP
Windows 2000 - Local Privilege Escalation via WM_TIMER Message Handling
NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."
CVE-2002-1230 EXPLOITDB text WRITEUP
Windows 2000 - Local Privilege Escalation via WM_TIMER Message Handling
NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."
CVE-2006-4842 EXPLOITDB ruby WORKING POC
Netscape Portable Runtime (NSPR) API <4.6.3 - Local File Creation
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
CVE-2009-1868 EXPLOITDB text WORKING POC
Adobe AIR < 1.5.2 - Heap-Based Buffer Overflow via URL Parsing
Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing.
CVE-2002-1368 EXPLOITDB text WORKING POC
CUPS 1.1.14-1.1.17 - DoS and RCE via Negative Content-Length or Chunked Encoding
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing negative arguments to be fed into memcpy() calls via HTTP requests with (1) a negative Content-Length value or (2) a negative length in a chunked transfer encoding.