milw0rm

75 exploits Active since May 1997
CVE-2006-1188 EXPLOITDB html WORKING POC
Microsoft Internet Explorer <6 - RCE
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.
CVE-2008-7135 EXPLOITDB html WORKING POC
ICQ Toolbar 2.3 - Denial of Service via Long Argument to IsChecked Method
toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the IsChecked method, a different vector than CVE-2008-7136.
CVE-2007-1730 EXPLOITDB c WORKING POC
Linux Kernel 2.6.20 and later - Denial of Service via Negative optlen in DCCP getsockopt
Integer signedness error in the DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service (oops) via a negative optlen value.
CVE-2008-1245 EXPLOITDB html WORKING POC
Belkin F5D7230-4 - Denial of Service via Invalid POST Data
cgi-bin/setup_virtualserver.exe on the Belkin F5D7230-4 router with firmware 9.01.10 allows remote attackers to cause a denial of service (control center outage) via an HTTP request with invalid POST data and a "Connection: Keep-Alive" header.
CVE-2008-6138 EXPLOITDB text WRITEUP
WebBiscuits Modules Controller <1.1 - RCE
PHP remote file inclusion vulnerability in adminhead.php in WebBiscuits Modules Controller 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter.
CVE-2004-1329 EXPLOITDB bash WORKING POC
IBM AIX 5.1-5.3 - Untrusted Execution Path via DIAGNOSTICS Environment Variable
Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program.
CVE-2008-6187 EXPLOITDB text WORKING POC
Gforge < 4.5.19 - SQL Injection via release_id Parameter
SQL injection vulnerability in frs/shownotes.php in Gforge 4.5.19 and earlier allows remote attackers to execute arbitrary SQL commands via the release_id parameter.
CVE-2007-6188 EXPLOITDB text WORKING POC
TuMusika Evolution 1.7R5 - Path Traversal
Multiple directory traversal vulnerabilities in TuMusika Evolution 1.7R5 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter to (1) languages_n.php, (2) languages_f.php, or (3) languages.php in inc/; and (4) allow remote attackers to read arbitrary local files via a .. (dot dot) in the uri parameter to frames/nogui/sc_download.php.
CVE-2007-5641 EXPLOITDB text WORKING POC
PHP Project Management < 0.8.10 - Remote Code Execution via Full Path Parameter
Multiple PHP remote file inclusion vulnerabilities in PHP Project Management 0.8.10 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the full_path parameter to (1) certinfo/index.php, (2) emails/index.php, (3) events/index.php, (4) fax/index.php, (5) files/index.php, (6) files/list.php, (7) groupadm/index.php, (8) history/index.php, (9) info/index.php, (10) log/index.php, (11) mail/index.php, (12) messages/index.php, (13) organizations/index.php, (14) phones/index.php, (15) presence/index.php, (16) projects/index.php, (17) projects/summary.inc.php, (18) projects/list.php, (19) reports/index.php, (20) search/index.php, (21) snf/index.php, (22) syslog/index.php, (23) tasks/searchsimilar.php, (24) tasks/index.php, (25) tasks/summary.inc.php, and (26) useradm/index.php in modules; (27) /ajax/loadsplash.php; (28) /blocks/birthday.php; (29) /blocks/events.php; and (30) /blocks/help.php.
CVE-2004-1381 EXPLOITDB html WORKING POC
Firefox < 1.0 and Mozilla < 1.7.5 - Input Focus Spoofing via Background Tab
Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.
CVE-2008-4033 EXPLOITDB html WORKING POC
Microsoft XML Core Services 3.0-6.0 - Info Disclosure
Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."
EIP-2026-118542 EXPLOITDB perl WORKING POC
FileCOPA FTP Server 1.01 - 'LIST' Remote Buffer Overflow (1)
CVE-2004-1533 EXPLOITDB perl WORKING POC
DMS POP3 1.5.3.27 - Denial of Service via Long Username or Password
Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier allows remote attackers to cause a denial of service (service crash) via a long (1) username or (2) password.
CVE-2008-4050 EXPLOITDB html WORKING POC
Friendly Technologies FriendlyPPPoE Client <3.0.0.57 - Code Injection
A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to (1) create and read arbitrary registry values via the RegistryValue method, and (2) read arbitrary files via the GetTextFile method.
CVE-2007-1382 EXPLOITDB php WORKING POC
PHP COM Extensions - Remote Code Execution via WScript.Shell COM Object
The PHP COM extensions for PHP on Windows systems allow context-dependent attackers to execute arbitrary code via a WScript.Shell COM object, as demonstrated by using the Run method of this object to execute cmd.exe, which bypasses PHP's safe mode.
CVE-2009-2363 EXPLOITDB perl WORKING POC
KUDRSOFT AudioPLUS 2.00.215 - Buffer Overflow
Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.00.215 allows remote attackers to execute arbitrary code via a .pls playlist file with a playlist entry containing a long File1 argument.
CVE-2008-3242 EXPLOITDB html WORKING POC
PPMate PPMedia Class ActiveX Control - Heap-Based Buffer Overflow via StartUrl Method
Heap-based buffer overflow in the PPMedia Class ActiveX control in PPMPlayer.dll in PPMate 2.3.1.93 allows remote attackers to execute arbitrary code via a long argument to the StartUrl method. NOTE: some of these details are obtained from third party information.
CVE-2008-3704 EXPLOITDB javascript WORKING POC
Microsoft Visual Studio <6.0.84.18 - Buffer Overflow
Heap-based buffer overflow in the MaskedEdit ActiveX control in Msmask32.ocx 6.0.81.69, and possibly other versions before 6.0.84.18, in Microsoft Visual Studio 6.0, Visual Basic 6.0, Visual Studio .NET 2002 SP1 and 2003 SP1, and Visual FoxPro 8.0 SP1 and 9.0 SP1 and SP2 allows remote attackers to execute arbitrary code via a long Mask parameter, related to not "validating property values with boundary checks," as exploited in the wild in August 2008, aka "Masked Edit Control Memory Corruption Vulnerability."
CVE-2000-0418 EXPLOITDB text WORKING POC
Cayman 3220-H DSL Router - Denial of Service via Oversized ICMP Echo Requests
The Cayman 3220-H DSL router allows remote attackers to cause a denial of service via oversized ICMP echo (ping) requests.
CVE-2006-1388 EXPLOITDB html WORKING POC
Microsoft Internet Explorer 6.0 - RCE
Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.
CVE-2008-3578 EXPLOITDB html WORKING POC
hydrairc < 0.3.164 - Denial of Service via Long irc:// URI
HydraIRC 0.3.164 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long irc:// URI.
CVE-2007-4440 EXPLOITDB perl WORKING POC
MercuryS SMTP <4.51 - Buffer Overflow
Stack-based buffer overflow in the MercuryS SMTP server in Mercury Mail Transport System, possibly 4.51 and earlier, allows remote attackers to execute arbitrary code via a long AUTH CRAM-MD5 string. NOTE: this might overlap CVE-2006-5961.
CVE-2004-2434 EXPLOITDB html WORKING POC
Microsoft Internet Explorer 6.0 SP1 - DoS
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an error message with an attacker-controlled format string.
EIP-2026-115101 EXPLOITDB text WORKING POC
Counter Strike Source ManiAdminPlugin 1.x - Remote Buffer Overflow (PoC)
CVE-2008-1912 EXPLOITDB perl WORKING POC
DivX Player <6.7.0.22 - Buffer Overflow
Stack-based buffer overflow in DivX Player 6.7 build 6.7.0.22 and earlier allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long subtitle in a .SRT file.