laurent gaffie

170 exploits Active since Dec 2004
CVE-2007-3426 EXPLOITDB text WORKING POC
phpTrafficA < 1.4.2 - Cross-Site Scripting via Lang Parameter
Cross-site scripting (XSS) vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
CVE-2007-3425 EXPLOITDB text WORKING POC
phpTrafficA < 1.4.2 - Directory Traversal via Lang Parameter
Directory traversal vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to include arbitrary local files via the lang parameter, a different vector and version than CVE-2007-1076.2.
CVE-2010-2550 METASPLOIT ruby WORKING POC
Microsoft Windows SMB Server - Remote Code Execution via Crafted SMB Packet
The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."
CVE-2009-3103 METASPLOIT ruby WORKING POC
Windows Vista and Server 2008 - Remote Code Execution via SMBv2 Negotiate Protocol Request
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
CVE-2010-0017 METASPLOIT ruby WORKING POC
Windows 7 and Server 2008 - Remote Code Execution via SMB Negotiate Response Race Condition
Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability."
CVE-2009-3103 METASPLOIT ruby WORKING POC
Windows Vista and Server 2008 - Remote Code Execution via SMBv2 Negotiate Protocol Request
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
CVE-2009-3103 EXPLOITDB text WORKING POC
Windows Vista and Server 2008 - Remote Code Execution via SMBv2 Negotiate Protocol Request
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
CVE-2016-7237 EXPLOITDB MEDIUM text WRITEUP
Microsoft Windows - Authenticated Denial of Service via LSASS Crafted Request
Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote authenticated users to cause a denial of service (system hang) via a crafted request, aka "Local Security Authority Subsystem Service Denial of Service Vulnerability."
CVSS 6.5
CVE-2015-1635 EXPLOITDB CRITICAL python WORKING POC
MS15-034 HTTP Protocol Stack Request Handling Denial-of-Service
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
CVSS 9.8
CVE-2010-0017 EXPLOITDB python WORKING POC
Windows 7 and Server 2008 - Remote Code Execution via SMB Negotiate Response Race Condition
Race condition in the SMB client implementation in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code, and in the SMB client implementation in Windows Vista Gold, SP1, and SP2 and Server 2008 Gold and SP2 allows local users to gain privileges, via a crafted SMB Negotiate response, aka "SMB Client Race Condition Vulnerability."
CVE-2010-0477 EXPLOITDB python WORKING POC
Windows 7 and Windows Server 2008 - Remote Code Execution via Crafted SMB Response Packet
The SMB client in Microsoft Windows Server 2008 R2 and Windows 7 does not properly handle (1) SMBv1 and (2) SMBv2 response packets, which allows remote SMB servers and man-in-the-middle attackers to execute arbitrary code via a crafted packet that causes the client to read the entirety of the response, and then improperly interact with the Winsock Kernel (WSK), aka "SMB Client Message Size Vulnerability."
EIP-2026-115786 EXPLOITDB python WORKING POC
Microsoft Windows 10 - SMBv3 Tree Connect (PoC)
CVE-2009-3103 EXPLOITDB python WORKING POC
Windows Vista and Server 2008 - Remote Code Execution via SMBv2 Negotiate Protocol Request
Array index error in the SMBv2 protocol implementation in srv2.sys in Microsoft Windows Vista Gold, SP1, and SP2, Windows Server 2008 Gold and SP2, and Windows 7 RC allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via an & (ampersand) character in a Process ID High header field in a NEGOTIATE PROTOCOL REQUEST packet, which triggers an attempted dereference of an out-of-bounds memory location, aka "SMBv2 Negotiation Vulnerability." NOTE: some of these details are obtained from third party information.
CVE-2010-2550 EXPLOITDB python WORKING POC
Microsoft Windows SMB Server - Remote Code Execution via Crafted SMB Packet
The SMB Server in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 does not properly validate fields in an SMB request, which allows remote attackers to execute arbitrary code via a crafted SMB packet, aka "SMB Pool Overflow Vulnerability."
CVE-2007-1126 EXPLOITDB text WORKING POC
xt-commerce - Path Traversal via Template Parameter
Directory traversal vulnerability in index.php in xtcommerce allows remote attackers to read arbitrary files via a .. (dot dot) in the template parameter.
CVE-2007-1606 EXPLOITDB text WORKING POC
w-Agora - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote attackers to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_forum or (3) search_user parameter to search.php, or (4) the userid parameter to change_password.php.
CVE-2007-1606 EXPLOITDB text WORKING POC
w-Agora - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote attackers to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_forum or (3) search_user parameter to search.php, or (4) the userid parameter to change_password.php.
CVE-2006-6284 EXPLOITDB text WRITEUP
Vikingboard 0.1.2 - Authenticated Directory Traversal via Admin.php Act Parameter
Directory traversal vulnerability in admin.php in Vikingboard 0.1.2 allows remote authenticated administrators to include arbitrary files via a .. (dot dot) sequence in the act parameter.
CVE-2007-1604 EXPLOITDB php WORKING POC
w-Agora - Unauthenticated Arbitrary File Upload and Remote Code Execution via Forum Message Attachment or Avatar Upload
Multiple unrestricted file upload vulnerabilities in w-Agora (Web-Agora) allow remote attackers to upload and execute arbitrary PHP code (1) via a forum message with an attached file, which is stored under forums/hello/hello/notes/ or (2) by using browse_avatar.php to upload a file with a double extension, as demonstrated by .php.jpg.
CVE-2007-1606 EXPLOITDB text WORKING POC
w-Agora - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in w-Agora (Web-Agora) allow remote attackers to inject arbitrary web script or HTML via (1) the showuser parameter to profile.php, the (2) search_forum or (3) search_user parameter to search.php, or (4) the userid parameter to change_password.php.
CVE-2007-2908 EXPLOITDB text WORKING POC
vBulletin < 3.6.5 - Cross-Site Scripting via Calendar Title Field
Cross-site scripting (XSS) vulnerability in calendar.php in Jelsoft vBulletin before 3.6.6 allows remote attackers to inject arbitrary web script or HTML via the title field in a single add action.
CVE-2007-1124 EXPLOITDB text WRITEUP
XeroXer Simple Gallery - Directory Traversal
Directory traversal vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to read arbitrary files via a .. (dot dot) in the f parameter.
EIP-2026-112373 EXPLOITDB text WRITEUP
Speedywiki 2.0/2.1 - Multiple Input Validation Vulnerabilities
CVE-2007-1125 EXPLOITDB text WRITEUP
XeroXer Simple one-file gallery < 0.6 - Cross-Site Scripting via Gallery f Parameter
Cross-site scripting (XSS) vulnerability in gallery.php in XeroXer Simple one-file gallery allows remote attackers to inject arbitrary web script or HTML via the f parameter.
CVE-2007-1127 EXPLOITDB text WRITEUP
shopkitplus - Directory Traversal via changetheme Parameter
Directory traversal vulnerability in enc/stylecss.php in shopkitplus allows remote attackers to read arbitrary files via a .. (dot dot) in the changetheme parameter.