mr_me

214 exploits Active since Dec 2002
CVE-2016-2288 EXPLOITDB HIGH WORKING POC
Cogentdatahub Cogent Datahub < 7.3.9 - Access Control
Cogent DataHub before 7.3.10 allows local users to gain privileges by leveraging the user or guest role to modify a file.
CVSS 7.8
CVE-2006-6199 EXPLOITDB python WORKING POC
Blazevideo Blaze Dvd - Memory Corruption
Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and Professional 5.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist.
EIP-2026-116889 EXPLOITDB php WORKING POC
Beyond Compare 3.0.13 b9599 - '.zip' Local Stack Buffer Overflow
EIP-2026-116835 EXPLOITDB python WORKING POC
Audio Workstation 6.4.2.4.0 - '.pls' Universal Local Buffer Overflow
CVE-2009-0490 EXPLOITDB python WORKING POC
Audacity <1.3.6 - Buffer Overflow
Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .gro file containing a long string.
CVE-2009-3170 EXPLOITDB python WORKING POC
Aimp2 Audio Converter < 2.53 - Memory Corruption
Stack-based buffer overflow in AIMP2 Audio Converter 2.53 (build 330) and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long File1 argument in a (1) .pls or (2) .m3u playlist file.
CVE-2009-3170 EXPLOITDB perl WORKING POC
Aimp2 Audio Converter < 2.53 - Memory Corruption
Stack-based buffer overflow in AIMP2 Audio Converter 2.53 (build 330) and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long File1 argument in a (1) .pls or (2) .m3u playlist file.
EIP-2026-116243 EXPLOITDB python WORKING POC
SimplePlayer 0.2 - '.wav' Overflow Denial of Service
EIP-2026-116200 EXPLOITDB python WORKING POC
RPM Select/Elite 5.0 - '.xml Configuration parsing' Unicode Buffer Overflow (PoC)
EIP-2026-115847 EXPLOITDB python WORKING POC
Mocha W32 LPD 1.9 - Remote Buffer Overflow (PoC)
CVE-2010-1687 EXPLOITDB python WORKING POC
Mochasoft Mocha W32 Lpd - Memory Corruption
Stack-based buffer overflow in lpd.exe in Mocha W32 LPD 1.9 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted "recieve jobs" request. NOTE: some of these details are obtained from third party information.
CVE-2010-5300 EXPLOITDB php WORKING POC
Jzip <2.0.0.132900 - Buffer Overflow
Stack-based buffer overflow in Jzip 1.3 through 2.0.0.132900 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file name in a zip archive.
CVE-2010-1033 EXPLOITDB html WORKING POC
HP Operations Manager <8.16 - RCE
Multiple stack-based buffer overflows in a certain Tetradyne ActiveX control in HP Operations Manager 7.5, 8.10, and 8.16 might allow remote attackers to execute arbitrary code via a long string argument to the (1) LoadFile or (2) SaveFile method, related to srcvw32.dll and srcvw4.dll.
CVE-2009-3170 EXPLOITDB python WORKING POC
Aimp2 Audio Converter < 2.53 - Memory Corruption
Stack-based buffer overflow in AIMP2 Audio Converter 2.53 (build 330) and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long File1 argument in a (1) .pls or (2) .m3u playlist file.
EIP-2026-113958 EXPLOITDB php WORKING POC
WordPress Plugin PHP Speedy 0.5.2 - 'admin_container.php' Remote Code Execution
CVE-2009-4567 EXPLOITDB text WORKING POC
Viscacha 0.8 Gold - XSS
Multiple cross-site scripting (XSS) vulnerabilities in editprofile.php in Viscacha 0.8 Gold allow remote authenticated users to inject arbitrary web script or HTML via the (1) skype, (2) yahoo, (3) aol, (4) msn, or (5) jabber parameter in a profile2 action. NOTE: some of these details are obtained from third party information.
CVE-2017-11394 EXPLOITDB CRITICAL ruby WORKING POC
Trendmicro Officescan - Improper Input Validation
Proxy command injection vulnerability in Trend Micro OfficeScan 11 and XG (12) allows remote attackers to execute arbitrary code on vulnerable installations. The specific flaw can be exploited by parsing the T parameter within Proxy.php. Formerly ZDI-CAN-4544.
CVSS 9.8
EIP-2026-112932 EXPLOITDB python WORKING POC
Useresponse 1.0.2 - Privilege Escalation / Remote Code Execution
EIP-2026-112790 EXPLOITDB ruby WORKING POC
Trend Micro InterScan Messaging Security (Virtual Appliance) - 'Proxy.php' Remote Code Execution (Metasploit)
EIP-2026-112163 EXPLOITDB text WORKING POC
Simply Classified 0.2 - Cross-Site Scripting / Cross-Site Request Forgery
EIP-2026-111291 EXPLOITDB text WRITEUP
Piwigo 2.0.6 - Multiple Vulnerabilities
CVE-2011-4075 EXPLOITDB ruby WORKING POC
phpLDAPadmin <1.2.2 - RCE
The masort function in lib/functions.php in phpLDAPadmin 1.2.x before 1.2.2 allows remote attackers to execute arbitrary PHP code via the orderby parameter (aka sortby variable) in a query_engine action to cmd.php, as exploited in the wild in October 2011.
CVE-2009-4597 EXPLOITDB text WRITEUP
PHP Inventory 1.2 - SQL Injection
Multiple SQL injection vulnerabilities in index.php in PHP Inventory 1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a users details action, and allow remote attackers to execute arbitrary SQL commands via the (2) user (username) and (3) pass (password) parameters. NOTE: some of these details are obtained from third party information.
CVE-2011-5197 EXPLOITDB python WORKING POC
Public Knowledge Open Harvester Systems < 2.3.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in index/manager/fileUpload in Public Knowledge Project Open Harvester Systems 2.3.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that upload PHP files.
EIP-2026-109773 EXPLOITDB text WORKING POC
MyNews CMS 1.0 - SQL Injection / Local File Inclusion / Cross-Site Scripting