mr_me

214 exploits Active since Dec 2002
EIP-2026-117811 EXPLOITDB python WORKING POC
Quick Player 1.2 - Unicode Buffer Overflow (1)
CVE-2009-2934 EXPLOITDB python WORKING POC
Programmed Integration PIPL 2.5.0 and 2.5.0D - Remote Code Execution via Long String in Playlist File
Multiple stack-based buffer overflows in xaudio.dll in Programmed Integration PIPL 2.5.0 and 2.5.0D allow remote attackers to execute arbitrary code via a long string in a (1) .pls or (2) .pl playlist file.
EIP-2026-117737 EXPLOITDB python WORKING POC
OtsTurntables Free 1.00.047 - '.olf' Universal Buffer Overflow
CVE-2010-0688 EXPLOITDB python WORKING POC
Orbital Viewer 1.04 - Buffer Overflow
Stack-based buffer overflow in Orbital Viewer 1.04 allows user-assisted remote attackers to execute arbitrary code via a crafted (1) .orb or (2) .ov file.
EIP-2026-117728 EXPLOITDB python WORKING POC
Oracle 10/11g - 'exp.exe?file' Local Buffer Overflow
CVE-2017-7442 EXPLOITDB HIGH ruby WORKING POC
Nitro Pro 11.0.3.173 - Remote Code Execution via Directory Traversal in saveAs and launchURL
Nitro Pro 11.0.3.173 allows remote attackers to execute arbitrary code via saveAs and launchURL calls with directory traversal sequences.
CVSS 8.8
CVE-2009-5109 EXPLOITDB c WORKING POC
Mini-Stream Ripper 3.0.1.1 - Stack-Based Buffer Overflow via .pls File
Stack-based buffer overflow in Mini-Stream Ripper 3.0.1.1 allows remote attackers to execute arbitrary code via a long entry in a .pls file.
EIP-2026-117608 EXPLOITDB python WORKING POC
Mini-stream Ripper 3.0.1.1 - '.pls' Universal Buffer Overflow
CVE-2009-5109 EXPLOITDB perl WORKING POC
Mini-Stream Ripper 3.0.1.1 - Stack-Based Buffer Overflow via .pls File
Stack-based buffer overflow in Mini-Stream Ripper 3.0.1.1 allows remote attackers to execute arbitrary code via a long entry in a .pls file.
CVE-2009-2650 EXPLOITDB python WORKING POC
Sorcerer Software MultiMedia Jukebox 4.0 - Buffer Overflow
Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 Build 020124 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .m3u or possibly (2) .pst file.
EIP-2026-117426 EXPLOITDB perl WORKING POC
M.J.M. Quick Player 1.2 - Local Stack Buffer Overflow
EIP-2026-117381 EXPLOITDB python WORKING POC
Kingsoft Antivirus/Internet Security 9+ - Local Privilege Escalation
EIP-2026-117005 EXPLOITDB python WORKING POC
Crimson Editor r3.70 - Overwrite (SEH)
CVE-2017-14344 EXPLOITDB HIGH python WORKING POC
Jungos WinDriver <12.4.0 - Privilege Escalation
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x95382673 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in a kernel pool overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel.
CVSS 7.8
CVE-2017-14153 EXPLOITDB HIGH python WORKING POC
Jungos WinDriver <12.4.0 - Privilege Escalation
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x953824b7 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in a kernel pool overflow. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel.
CVSS 7.8
CVE-2017-14075 EXPLOITDB HIGH python WORKING POC
Jungos WinDriver <12.4.0 - Privilege Escalation
This vulnerability allows local attackers to escalate privileges on Jungo WinDriver 12.4.0 and earlier. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the processing of IOCTL 0x953824a7 by the windrvr1240 kernel driver. The issue lies in the failure to properly validate user-supplied data which can result in an out-of-bounds write condition. An attacker can leverage this vulnerability to execute arbitrary code under the context of kernel.
CVSS 7.8
CVE-2012-0897 EXPLOITDB ruby WORKING POC
IrfanView < 4.33 - Remote Code Execution via JPEG2000 QCD Marker Segment
Stack-based buffer overflow in the JPEG2000 plugin in IrfanView PlugIns before 4.33 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.
EIP-2026-117251 EXPLOITDB python WORKING POC
Google SketchUp 7.1.6087 - 'lib3ds' 3DS Importer Memory Corruption
CVE-2011-5165 EXPLOITDB php WORKING POC
Free MP3 CD Ripper <= 2.6 - Stack-based Buffer Overflow via Crafted WAV File
Stack-based buffer overflow in Free MP3 CD Ripper 1.1, 2.6 and earlier, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted .wav file.
EIP-2026-117185 EXPLOITDB text WORKING POC
Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR & DEP Bypass)
CVE-2018-9958 EXPLOITDB HIGH ruby WORKING POC
Foxit Reader and PhantomPDF < 9.0.1.1049 - Remote Code Execution via Text Annotation Point Attribute
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.0.1.1049. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Text Annotations. When setting the point attribute, the process does not properly validate the existence of an object prior to performing operations on the object. An attacker can leverage this vulnerability to execute code under the context of the current process. Was ZDI-CAN-5620.
CVSS 8.8
CVE-2011-3494 EXPLOITDB ruby WORKING POC
eSignal < 10.6.2425 - Stack-Based and Heap-Based Buffer Overflow via Long StyleTemplate or FaceName Field
WinSig.exe in eSignal 10.6.2425 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a long StyleTemplate element in a QUO, SUM or POR file, which triggers a stack-based buffer overflow, or (2) a long Font->FaceName field (aka FaceName element), which triggers a heap-based buffer overflow. NOTE: some of these details are obtained from third party information.
EIP-2026-117116 EXPLOITDB php WORKING POC
Easyzip 2000 3.5 - '.zip' Local Stack Buffer Overflow
CVE-2011-5171 EXPLOITDB ruby WORKING POC
CyberLink Power2Go 7 build 196 and 8 build 1031 - Remote Code Execution via Crafted Project File Parameters
Multiple stack-based buffer overflows in CyberLink Power2Go 7 (build 196) and 8 (build 1031) allow remote attackers to execute arbitrary code via the (1) src and (2) name parameters in a p2g project file.
EIP-2026-117003 EXPLOITDB python WORKING POC
CoreFTP 2.1 b1637 - Password field Universal Buffer Overflow