juan vazquez

644 exploits Active since Sep 2005
CVE-2012-2763 EXPLOITDB ruby WORKING POC
GIMP <2.6.12-2.6.13 - RCE
Buffer overflow in the readstr_upto function in plug-ins/script-fu/tinyscheme/scheme.c in GIMP 2.6.12 and earlier, and possibly 2.6.13, allows remote attackers to execute arbitrary code via a long string in a command to the script-fu server.
CVE-2014-0750 EXPLOITDB ruby WORKING POC
Intelligent Platforms Proficy Hmi%2fscada Cimplicity - Path Traversal
Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLICITY, allows remote attackers to execute arbitrary code via a crafted HTTP request, aka ZDI-CAN-1622.
EIP-2026-118550 EXPLOITDB ruby WORKING POC
FlexNet License Server Manager - lmgrd Buffer Overflow (Metasploit)
CVE-2014-3913 EXPLOITDB ruby WORKING POC
Eromic AccessNow Server - Buffer Overflow
Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file.
CVE-2011-5227 EXPLOITDB ruby WORKING POC
Enterasys Netsight < 4.1.0.79 - Memory Corruption
Stack-based buffer overflow in the Syslog service (nssyslogd.exe) in Enterasys Network Management Suite (NMS) before 4.1.0.80 allows remote attackers to execute arbitrary code via a long PRIO field in a message to UDP port 514.
CVE-2012-2288 EXPLOITDB ruby WORKING POC
EMC Networker - Format String Vulnerability
Format string vulnerability in the nsrd RPC service in EMC NetWorker 7.6.3 and 7.6.4 before 7.6.4.1, and 8.0 before 8.0.0.1, allows remote attackers to execute arbitrary code via format string specifiers in a message.
CVE-2013-0928 EXPLOITDB ruby WORKING POC
EMC AlphaStor <4.0 - RCE
The NetWorker command processor in rrobotd.exe in the Device Manager in EMC AlphaStor 4.0 before build 800 allows remote attackers to execute arbitrary commands via a DCP "run command" operation.
CVE-2012-5357 EXPLOITDB CRITICAL ruby WORKING POC
Ektron CMS <8.02 SP5 - RCE
Ektron Content Management System (CMS) before 8.02 SP5 uses the XslCompiledTransform class with enablescript set to true, which allows remote attackers to execute arbitrary code with NETWORK SERVICE privileges via crafted XSL data.
CVSS 9.8
CVE-2010-2590 EXPLOITDB ruby WORKING POC
SAP Crystal Reports - Memory Corruption
Heap-based buffer overflow in the CrystalReports12.CrystalPrintControl.1 ActiveX control in PrintControl.dll 12.3.2.753 in SAP Crystal Reports 2008 SP3 Fix Pack 3.2 allows remote attackers to execute arbitrary code via a long ServerResourceVersion property value.
CVE-2012-4914 EXPLOITDB ruby WORKING POC
CoolPDF 3.0.2.256 - Buffer Overflow
Stack-based buffer overflow in the reader in CoolPDF 3.0.2.256 allows remote attackers to execute arbitrary code via a PDF document with a crafted stream.
EIP-2026-118375 EXPLOITDB ruby WORKING POC
Cogent DataHub - HTTP Server Buffer Overflow (Metasploit)
CVE-2014-3789 EXPLOITDB ruby WORKING POC
Cogentdatahub Cogent Datahub < 7.3.4 - Code Injection
GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.
EIP-2026-118366 EXPLOITDB ruby WORKING POC
Citrix Provisioning Services 5.6 SP1 - Streamprocess Opcode 0x40020006 Buffer Overflow (Metasploit)
EIP-2026-118365 EXPLOITDB ruby WORKING POC
Citrix Provisioning Services 5.6 SP1 - Streamprocess Opcode 0x40020004 Buffer Overflow (Metasploit)
EIP-2026-118248 EXPLOITDB ruby WORKING POC
ALLMediaServer 0.8 - Remote Buffer Overflow (Metasploit)
CVE-2012-6275 EXPLOITDB ruby WORKING POC
Bigantsoft Bigant IM Message Server - Memory Corruption
Multiple stack-based buffer overflows in AntDS.exe in BigAntSoft BigAnt IM Message Server allow remote attackers to have an unspecified impact via (1) the filename header in an SCH request or (2) the userid component in a DUPF request.
CVE-2012-6274 EXPLOITDB ruby WORKING POC
Bigantsoft Bigant IM Message Server - Authentication Bypass
BigAntSoft BigAnt IM Message Server does not require authentication for file uploading, which allows remote attackers to create arbitrary files under AntServer\DocData\Public via unspecified vectors.
EIP-2026-118293 EXPLOITDB ruby WORKING POC
Avaya WinPMD UniteHostRouter - Remote Buffer Overflow (Metasploit)
CVE-2012-3811 EXPLOITDB ruby WORKING POC
Avaya IP Office Customer Call Reporter - Unrestricted File Upload
Unrestricted file upload vulnerability in ImageUpload.ashx in the Wallboard application in Avaya IP Office Customer Call Reporter 7.0 before 7.0.5.8 Q1 2012 Maintenance Release and 8.0 before 8.0.9.13 Q1 2012 Maintenance Release allows remote attackers to execute arbitrary code by uploading an executable file and then accessing it via a direct request.
CVE-2012-3752 EXPLOITDB ruby WORKING POC
Apple Quicktime < 7.7.2 - Memory Corruption
Multiple buffer overflows in Apple QuickTime before 7.7.3 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted style element in a QuickTime TeXML file.
CVE-2012-3753 EXPLOITDB ruby WORKING POC
Apple Quicktime < 7.7.2 - Memory Corruption
Buffer overflow in the plugin in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted MIME type.
EIP-2026-118245 EXPLOITDB ruby WORKING POC
Aladdin Knowledge System Ltd - 'ChooseFilePath' Remote Buffer Overflow (Metasploit)
CVE-2014-2364 EXPLOITDB ruby WORKING POC
Advantech WebAccess <7.2 - RCE
Multiple stack-based buffer overflows in Advantech WebAccess before 7.2 allow remote attackers to execute arbitrary code via a long string in the (1) ProjectName, (2) SetParameter, (3) NodeName, (4) CCDParameter, (5) SetColor, (6) AlarmImage, (7) GetParameter, (8) GetColor, (9) ServerResponse, (10) SetBaud, or (11) IPAddress parameter to an ActiveX control in (a) webvact.ocx, (b) dvs.ocx, or (c) webdact.ocx.
CVE-2013-3346 EXPLOITDB CRITICAL ruby WORKING POC
Adobe Acrobat < 9.5.5 - Out-of-Bounds Write
Adobe Reader and Acrobat 9.x before 9.5.5, 10.x before 10.1.7, and 11.x before 11.0.03 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2013-2718, CVE-2013-2719, CVE-2013-2720, CVE-2013-2721, CVE-2013-2722, CVE-2013-2723, CVE-2013-2725, CVE-2013-2726, CVE-2013-2731, CVE-2013-2732, CVE-2013-2734, CVE-2013-2735, CVE-2013-2736, CVE-2013-3337, CVE-2013-3338, CVE-2013-3339, CVE-2013-3340, and CVE-2013-3341.
CVSS 9.8
CVE-2012-1535 EXPLOITDB HIGH ruby WORKING POC
Adobe Flash Player < 11.3.300.271 - Code Injection
Unspecified vulnerability in Adobe Flash Player before 11.3.300.271 on Windows and Mac OS X and before 11.2.202.238 on Linux allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via crafted SWF content, as exploited in the wild in August 2012 with SWF content in a Word document.
CVSS 7.8