ikki

17 exploits Active since Sep 2007
CVE-2010-5099 EXPLOITDB php WORKING POC
TYPO3 <4.2.16, 4.3.9, 4.4.5 - Path Traversal
The fileDenyPattern functionality in the PHP file inclusion protection API in TYPO3 4.2.x before 4.2.16, 4.3.x before 4.3.9, and 4.4.x before 4.4.5 does not properly filter file types, which allows remote attackers to bypass intended access restrictions and access arbitrary PHP files, as demonstrated using path traversal sequences with %00 null bytes and CVE-2010-3714 to read the TYPO3 encryption key from localconf.php.
CVE-2010-3714 EXPLOITDB php WORKING POC
TYPO3 4.2.0-4.2.14, 4.3.0-4.3.6, 4.4.0-4.4.3 - Unauthenticated Arbitrary File Read via jumpUrl Hash Comparison
The jumpUrl (aka access tracking) implementation in tslib/class.tslib_fe.php in TYPO3 4.2.x before 4.2.15, 4.3.x before 4.3.7, and 4.4.x before 4.4.4 does not properly compare certain hash values during access-control decisions, which allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2008-4875 EXPLOITDB text WRITEUP
Philips Electronics VOIP841 DECT Phone 1.0.4.50 and 1.0.4.80 - Authenticated Path Traversal via GET Request
Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a GET request. NOTE: this can be leveraged with CVE-2008-4874 for unauthenticated access to sensitive files such as (1) save.dat and (2) apply.log, which can contain other credentials such as the Skype username and password.
CVE-2008-4874 EXPLOITDB text WRITEUP
Philips Electronics VOIP841 DECT Phone - Hardcoded Backdoor Account
The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain access.
CVE-2009-1977 EXPLOITDB bash WORKING POC
Oracle Secure Backup 10.2.0.3 - Info Disclosure
Unspecified vulnerability in the Oracle Secure Backup component in Oracle Secure Backup 10.2.0.3 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the July 2009 Oracle CPU. Oracle has not commented on claims from an independent researcher that this vulnerability allows attackers to bypass authentication via unknown vectors involving the username parameter and login.php.
CVE-2012-2344 EXPLOITDB php WORKING POC
Rejected
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5099. Reason: This candidate is a duplicate of CVE-2010-5099. Notes: All CVE users should reference CVE-2010-5099 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage
CVE-2008-6793 EXPLOITDB text WORKING POC
DFLabs PTK 0.1, 0.2, and 1.0 - Remote Command Execution via Filename Shell Metacharacters
The get_file_type function in lib/file_content.php in DFLabs PTK 0.1, 0.2, and 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters after an arg1= sequence in a filename within a forensic image.
CVE-2011-0404 EXPLOITDB perl WORKING POC
NetSupport Manager Agent <=11.00 Remote Code Execution via Long Control Hostname
Stack-based buffer overflow in NetSupport Manager Agent for Linux 11.00, for Solaris 9.50, and for Mac OS X 11.00 allows remote attackers to execute arbitrary code via a long control hostname to TCP port 5405, probably a different vulnerability than CVE-2007-5252.
EIP-2026-104140 EXPLOITDB java WORKING POC
Zend Java Bridge - Remote Code Execution
EIP-2026-103553 EXPLOITDB php WORKING POC
Mortbay Jetty 7.0.0-pre5 Dispatcher Servlet - Denial of Service
CVE-2007-4980 EXPLOITDB perl WORKING POC
GCALDaemon 1.0-beta13 - Denial of Service via Large Content-Length Header
The readRequest method in org/gcaldaemon/core/http/HTTPListener.java in GCALDaemon 1.0-beta13 allows remote attackers to cause a denial of service via a large integer value in the Content-Length HTTP header, which triggers a fatal Java OutOfMemoryError.
CVE-2007-4915 EXPLOITDB python WORKING POC
Boa Webserver 0.93.15 - Remote Admin Password Change via Long Username in HTTP Basic Authentication
The Intersil isl3893 extensions for Boa 0.93.15, as used on the FreeLan RO80211G-AP and other devices, do not prevent stack writes from entering memory locations used for string constants, which allows remote attackers to change the admin password stored in memory via a long username in an HTTP Basic Authentication request.
EIP-2026-102382 EXPLOITDB java WORKING POC
JBoss JMXInvokerServlet JMXInvoker 0.3 - Remote Command Execution
CVE-2009-0545 EXPLOITDB text WORKING POC
ZeroShell <1.0beta11 - Command Injection
cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action.
EIP-2026-101053 EXPLOITDB text WORKING POC
Nokia Mini Map Browser - 'Array Sort' Silent Crash
CVE-2008-4876 EXPLOITDB text WRITEUP
Philips Electronics VOIP841 DECT Phone - Cross-Site Scripting via Request URL
Cross-site scripting (XSS) vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL, which is not properly handled in a 404 web error page.
EIP-2026-101145 EXPLOITDB text WRITEUP
3Com OfficeConnect Wireless Cable/DSL Router - Authentication Bypass