juan vazquez

645 exploits Active since Sep 2005
CVE-2013-3956 METASPLOIT ruby WORKING POC
Novell Client - Local Privilege Escalation via NICM.SYS IOCTL 0x143B6B
The NICM.SYS kernel driver 3.1.11.0 in Novell Client 4.91 SP5 on Windows XP and Windows Server 2003; Novell Client 2 SP2 on Windows Vista and Windows Server 2008; and Novell Client 2 SP3 on Windows Server 2008 R2, Windows 7, Windows 8, and Windows Server 2012 allows local users to gain privileges via a crafted 0x143B6B IOCTL call.
CVE-2014-8741 METASPLOIT CRITICAL ruby WORKING POC
Lexmark MarkVision Enterprise <2.1 - Path Traversal
Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors.
CVSS 9.8
CVE-2011-2404 METASPLOIT ruby WORKING POC
HP Easy Printer Care Software < 2.5 - Remote Code Execution via HPTicketMgr.dll ActiveX Control
A certain ActiveX control in HPTicketMgr.dll in HP Easy Printer Care Software 2.5 and earlier allows remote attackers to download an arbitrary program onto a client machine, and execute this program, via unspecified vectors, a different vulnerability than CVE-2011-4786 and CVE-2011-4787.
CVE-2011-3400 METASPLOIT ruby WORKING POC
Microsoft Windows XP <SP2-SP3 & Server 2003 <SP2 - RCE
Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 do not properly handle OLE objects in memory, which allows remote attackers to execute arbitrary code via a crafted object in a file, aka "OLE Property Vulnerability."
CVE-2014-0257 METASPLOIT ruby WORKING POC
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1 - Remote Code Execution via Type Traversal
Microsoft .NET Framework 1.0 SP3, 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly determine whether it is safe to execute a method, which allows remote attackers to execute arbitrary code via (1) a crafted web site or (2) a crafted .NET Framework application that exposes a COM server endpoint, aka "Type Traversal Vulnerability."
CVE-2013-3660 METASPLOIT HIGH ruby WORKING POC
Windows - Local Privilege Escalation via EPATHOBJ::pprFlattenRec Pointer Initialization
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
CVSS 7.8
CVE-2013-2730 METASPLOIT ruby WORKING POC
Adobe Reader/Acrobat <9.5.5, <10.1.7, <11.0.03 - Buffer Overflow
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2013-2733.
CVE-2015-0016 METASPLOIT HIGH ruby WORKING POC
Windows TS WebProxy - Directory Traversal Elevation of Privilege via Crafted Executable Pathname
Directory traversal vulnerability in the TS WebProxy (aka TSWbPrxy) component in Microsoft Windows Vista SP2, Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to gain privileges via a crafted pathname in an executable file, as demonstrated by a transition from Low Integrity to Medium Integrity, aka "Directory Traversal Elevation of Privilege Vulnerability."
CVSS 7.8
CVE-2015-2433 METASPLOIT ruby WORKING POC
Microsoft Windows - Kernel ASLR Bypass via Crafted Application
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to bypass the ASLR protection mechanism via a crafted application, aka "Kernel ASLR Bypass Vulnerability."
CVE-2013-3918 METASPLOIT HIGH ruby WORKING POC
Microsoft Windows - Remote Code Execution via InformationCardSigninHelper ActiveX Control
The InformationCardSigninHelper Class ActiveX control in icardie.dll in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds write) via a crafted web page that is accessed by Internet Explorer, as exploited in the wild in November 2013, aka "InformationCardSigninHelper Vulnerability."
CVSS 8.8
CVE-2012-0198 METASPLOIT ruby WORKING POC
IBM Tivoli Provisioning Manager Express 4.1.1 - Stack-Based Buffer Overflow
Stack-based buffer overflow in the RunAndUploadFile method in the Isig.isigCtl.1 ActiveX control in IBM Tivoli Provisioning Manager Express for Software Distribution 4.1.1 allows remote attackers to execute arbitrary code via vectors related to an Asset Information file.
CVE-2013-5045 METASPLOIT ruby WORKING POC
Microsoft Internet Explorer 10-11 - Privilege Escalation
Microsoft Internet Explorer 10 and 11 allows local users to bypass the Protected Mode protection mechanism, and consequently gain privileges, by leveraging the ability to execute sandboxed code, aka "Internet Explorer Elevation of Privilege Vulnerability."
CVE-2013-6221 METASPLOIT ruby WORKING POC
HP Service Virtualization 3.x < 3.50.1 - Path Traversal and Arbitrary File Write via CommunicationServlet
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-2031.
CVE-2013-0753 METASPLOIT ruby WORKING POC
Mozilla Firefox <18 - Use After Free
Use-after-free vulnerability in the serializeToStream implementation in the XMLSerializer component in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.15 allows remote attackers to execute arbitrary code via crafted web content.
CVE-2010-2590 METASPLOIT ruby WORKING POC
SAP Crystal Reports 2008 SP3 Fix Pack 3.2 - Remote Code Execution via Long ServerResourceVersion Property
Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value.
CVE-2013-3248 METASPLOIT ruby WORKING POC
Corel PDF Fusion <1.11 - Privilege Escalation
Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a directory that contains a .pdf or .xps file.
CVE-2013-3482 METASPLOIT ruby WORKING POC
ERDAS ER Viewer < 13.0.1.1301 - Stack-Based Buffer Overflow via Long String in ERS File
Stack-based buffer overflow in the rf_report_error function in ermapper_u.dll in Intergraph ERDAS ER Viewer before 13.0.1.1301 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in an ERS file.
CVE-2012-0270 METASPLOIT ruby WORKING POC
Csound < 5.16.6 - Remote Code Execution via Crafted HETRO or PVOC File
Multiple stack-based buffer overflows in Csound before 5.16.6 allow remote attackers to execute arbitrary code via a crafted (1) hetro file to the getnum function in util/heti_main.c or (2) PVOC file to the getnum function in util/pv_import.c.
CVE-2014-0750 METASPLOIT ruby WORKING POC
GE Proficy HMI/SCADA - CIMPLICITY < 8.2 - Remote Code Execution via Directory Traversal in WebView CimWeb
Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622.
CVE-2011-4051 METASPLOIT ruby WORKING POC
InduSoft Web Studio 6.1 and 7.0 - Unauthenticated Remote Code Execution via CEServer Remote Agent
CEServer.exe in the CEServer component in the Remote Agent module in InduSoft Web Studio 6.1 and 7.0 does not require authentication, which allows remote attackers to execute arbitrary code via vectors related to creation of a file, loading a DLL, and process control.
CVE-2014-125119 METASPLOIT HIGH ruby WORKING POC
WinRAR 3.80-3.90 and 4.11-4.99 - Filename Spoofing via ZIP Central Directory and Local File Header Inconsistency
A filename spoofing vulnerability exists in WinRAR when opening specially crafted ZIP archives. The issue arises due to inconsistencies between the Central Directory and Local File Header entries in ZIP files. When viewed in WinRAR, the file name from the Central Directory is displayed to the user, while the file from the Local File Header is extracted and executed. An attacker can leverage this flaw to spoof filenames and trick users into executing malicious payloads under the guise of harmless files, potentially leading to remote code execution.
CVE-2008-0320 METASPLOIT ruby WORKING POC
OpenOffice OLE Importer DocumentSummaryInformation Stream Handling Overflow
Heap-based buffer overflow in the OLE importer in OpenOffice.org before 2.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an OLE file with a crafted DocumentSummaryInformation stream.
CVE-2013-4988 METASPLOIT ruby WORKING POC
IcoFX < 2.5 - Remote Code Execution via Long idCount in ICONDIR Structure
Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. NOTE: some of these details are obtained from third party information.
CVE-2014-1649 METASPLOIT ruby WORKING POC
Symantec Workspace Streaming <7.5.0.749 - SSRF
The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS.
CVE-2014-0783 METASPLOIT ruby WORKING POC
Yokogawa CENTUM CS 3000 < R3.09.50 - Remote Code Execution via Crafted TCP Packet
Stack-based buffer overflow in BKHOdeq.exe in Yokogawa CENTUM CS 3000 R3.09.50 and earlier allows remote attackers to execute arbitrary code via a crafted TCP packet.