mat

24 exploits Active since Oct 2000
CVE-2026-32889 WRITEUP MEDIUM WRITEUP
tinytag: Denial of Service via non-terminating SYLT frame parsing loop
tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT (synchronized lyrics) frame. In server-side deployments that automatically parse attacker-supplied files, a single 498-byte MP3 can cause the parsing operation to stop making progress and remain busy until the worker or process is terminated. The root cause is that _parse_synced_lyrics assumes _find_string_end_pos always returns a position greater than the current offset. That assumption is false when no string terminator is present in the remaining frame content. This issue has been fixed in version 2.2.1.
CVSS 6.5
CVE-2026-32889 WRITEUP MEDIUM WRITEUP
tinytag: Denial of Service via non-terminating SYLT frame parsing loop
tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT (synchronized lyrics) frame. In server-side deployments that automatically parse attacker-supplied files, a single 498-byte MP3 can cause the parsing operation to stop making progress and remain busy until the worker or process is terminated. The root cause is that _parse_synced_lyrics assumes _find_string_end_pos always returns a position greater than the current offset. That assumption is false when no string terminator is present in the remaining frame content. This issue has been fixed in version 2.2.1.
CVSS 6.5
CVE-2026-32889 WRITEUP MEDIUM WRITEUP
tinytag: Denial of Service via non-terminating SYLT frame parsing loop
tinytag is a Python library for reading audio file metadata. Version 2.2.0 allows an attacker who can supply MP3 files for parsing to trigger a non-terminating loop while the library parses an ID3v2 SYLT (synchronized lyrics) frame. In server-side deployments that automatically parse attacker-supplied files, a single 498-byte MP3 can cause the parsing operation to stop making progress and remain busy until the worker or process is terminated. The root cause is that _parse_synced_lyrics assumes _find_string_end_pos always returns a position greater than the current offset. That assumption is false when no string terminator is present in the remaining frame content. This issue has been fixed in version 2.2.1.
CVSS 6.5
CVE-2002-0371 EXPLOITDB perl WORKING POC
Microsoft Internet Explorer 5.1-6.0 - Remote Code Execution via Gopher URL Buffer Overflow
Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 through 6.0, Proxy Server 2.0, or ISA Server 2000 allows remote attackers to execute arbitrary code via a gopher:// URL that redirects the user to a real or simulated gopher server that sends a long response.
CVE-2001-0500 EXPLOITDB bash WORKING POC
Index Server and Indexing Service - Remote Code Execution via Long Argument to ISAPI Extension
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.
CVE-2003-0109 EXPLOITDB perl WORKING POC
Windows 2000 - Remote Code Execution via WebDAV Request
Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
EIP-2026-117611 EXPLOITDB perl WORKING POC
Mini-stream RM-MP3 Converter 3.0.0.7 - '.pls' Universal Stack Buffer Overflow
EIP-2026-116825 EXPLOITDB perl WORKING POC
ASX to MP3 Converter 3.0.0.100 - '.pls' Universal Stack Overflow
CVE-2009-1642 EXPLOITDB perl WORKING POC
Mini-stream ASX to MP3 Converter 3.0.0.7 - Stack-based Buffer Overflow via Long rtsp URL or HREF Attribute
Multiple stack-based buffer overflows in Mini-stream ASX to MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file. NOTE: the latter was also subsequently reported in "prior to 3.1.3.7."
CVE-2000-0706 EXPLOITDB c WORKING POC
ntop - Remote Code Execution via Buffer Overflow in Web Mode
Buffer overflows in ntop running in web mode allows remote attackers to execute arbitrary commands.
CVE-2000-1174 EXPLOITDB c WORKING POC
ethereal < 0.8.13 - Remote Code Execution via AFS ACL Parser Buffer Overflow
Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers to execute arbitrary commands via a packet with a long username.
CVE-2010-2334 EXPLOITDB text WORKING POC
Yamamah Photo Gallery 1.00 - Path Traversal via Download Parameter
Directory traversal vulnerability in themes/default/download.php in Yamamah Photo Gallery 1.00, as distributed before 20100618, allows remote attackers to read arbitrary files via a .. (dot dot) in the download parameter.
EIP-2026-111870 EXPLOITDB text WORKING POC
SAGU-PRO 1.0 - Multiple Remote File Inclusions
EIP-2026-111444 EXPLOITDB text WRITEUP
PotatoNews 1.0.2 - 'nid' Multiple Local File Inclusions
EIP-2026-109009 EXPLOITDB text WORKING POC
KimsQ 040109 - Multiple Remote File Inclusions
EIP-2026-107682 EXPLOITDB text WORKING POC
Huron CMS 8 11 2007 - Authentication Bypass
CVE-2010-1335 EXPLOITDB text WORKING POC
Insky CMS 006-0111 - Remote Code Execution via ROOT Parameter File Inclusion
Multiple PHP remote file inclusion vulnerabilities in Insky CMS 006-0111, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter to (1) city.get/city.get.php, (2) city.get/index.php, (3) message2.send/message.send.php, (4) message.send/message.send.php, and (5) pages.add/pages.add.php in insky/modules/. NOTE: some of these details are obtained from third party information.
EIP-2026-107683 EXPLOITDB text WRITEUP
HuronCMS - 'index.php' Multiple SQL Injections
CVE-2010-1342 EXPLOITDB text WORKING POC
Direct News 4.10.2 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in Direct News 4.10.2, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to (1) admin/menu.php and (2) library/lib.menu.php; and the adminroot parameter to (3) admin/media/update_content.php and (4) library/class.backup.php. NOTE: some of these details are obtained from third party information.
EIP-2026-106337 EXPLOITDB text WORKING POC
DaFun Spirit 2.2.5 - Multiple Remote File Inclusions
CVE-2000-1009 EXPLOITDB bash WORKING POC
Red Hat Linux 6.2 - Privilege Escalation
dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.
CVE-2001-0736 EXPLOITDB bash WORKING POC
Pine <4.33 - Local Privilege Escalation
Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.
EIP-2026-102949 EXPLOITDB bash WORKING POC
Pine (Local Message Grabber) - Local Message Read
CVE-2000-1009 EXPLOITDB c WORKING POC
Red Hat Linux 6.2 - Privilege Escalation
dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.