patrick

78 exploits Active since Sep 1999
CVE-1999-1053 NOMISEC WORKING POC
Apache <1.3.9 - RCE
guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
1 stars
CVE-2006-0441 EXPLOITDB ruby WORKING POC
Karjasoft Sami FTP Server - Buffer Overflow
Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed.
CVE-2000-0248 EXPLOITDB ruby WORKING POC
Red Hat Linux Piranha - Command Injection
The web GUI for the Linux Virtual Server (LVS) software in the Red Hat Linux Piranha package has a backdoor password that allows remote attackers to execute arbitrary commands.
CVE-2004-1315 EXPLOITDB ruby WORKING POC
phpBB 2.x <2.0.11 - RCE
viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm.
CVE-2017-15194 WRITEUP MEDIUM WRITEUP
Cacti - XSS
include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page.
CVSS 6.1
CVE-2017-9451 WRITEUP MEDIUM WRITEUP
flatCore 1.4.6 - XSS
Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs.
CVSS 6.1
CVE-2021-3745 WRITEUP MEDIUM WRITEUP
flatcore-cms - Unrestricted Upload of File with Dangerous Type
flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type
CVSS 6.6
CVE-2023-47350 WRITEUP HIGH WRITEUP
Swiftyedit < 1.2.0 - CSRF
Cross-Site Request Forgery (CSRF) vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality.
CVSS 8.8
CVE-2009-20010 EXPLOITDB ruby WORKING POC
Dogfood CRM 2.0.10 - RCE
Dogfood CRM version 2.0.10 contains a remote command execution vulnerability in the spell.php script used by its mail subsystem. The vulnerability arises from unsanitized user input passed via a POST request to the data parameter, which is processed by the underlying shell without adequate escaping. This allows attackers to inject arbitrary shell commands and execute them on the server. The flaw is exploitable without authentication and was discovered by researcher LSO.
CVE-2009-10005 EXPLOITDB ruby WORKING POC
ContentKeeper Web Appliance <125.10 - Path Traversal
ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output parameters, attackers can read sensitive files such as /etc/passwd outside the webroot.
CVE-2010-20112 EXPLOITDB ruby WORKING POC
Amlib's NetOpacs webquery.dll - Buffer Overflow
Amlib’s NetOpacs webquery.dll contains a stack-based buffer overflow vulnerability triggered by improper handling of HTTP GET parameters. Specifically, the application fails to enforce bounds on input supplied to the app parameter, allowing excessive data to overwrite memory structures including the Structured Exception Handler (SEH). Additionally, malformed parameter names followed by an equals sign may result in unintended control flow behavior. This vulnerability is exposed through IIS and affects legacy Windows deployments
CVE-2009-2936 METASPLOIT ruby WORKING POC
Varnish - Authentication Bypass
The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is "fundamentally misguided and pointless.
CVE-2002-2268 EXPLOITDB ruby WORKING POC
Netdave Webster HTTP Server - Memory Corruption
Buffer overflow in Webster HTTP Server allows remote attackers to execute arbitrary code via a long URL.
CVE-2007-5067 EXPLOITDB ruby WORKING POC
Imatix Xitami - Memory Corruption
Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remote attackers to execute arbitrary code via a long If-Modified-Since header to (1) xigui32.exe or (2) xitami.exe.
CVE-2001-0168 EXPLOITDB ruby WORKING POC
ATT Winvnc < 3.3.3r7 - Buffer Overflow
Buffer overflow in AT&T WinVNC (Virtual Network Computing) server 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long HTTP GET request when the DebugLevel registry key is greater than 0.
CVE-2006-5156 EXPLOITDB ruby WORKING POC
Mcafee Epolicy Orchestrator - Buffer Overflow
Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header.
CVE-2004-1317 EXPLOITDB ruby WORKING POC
Netcat for Windows 1.1 - Buffer Overflow
Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, when running with the -e option, allows remote attackers to execute arbitrary code via a long DNS command.
CVE-2001-1320 EXPLOITDB ruby WORKING POC
Network Associates PGP Keyserver 7.0 - DoS, RCE
Network Associates PGP Keyserver 7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via exceptional BER encodings (possibly buffer overflows), as demonstrated by the PROTOS LDAPv3 test suite.
CVE-2006-4948 EXPLOITDB ruby WORKING POC
ProSysInfo TFTP Server TFTPDWIN <0.4.2 - Buffer Overflow
Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a long file name. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2004-2086 EXPLOITDB ruby WORKING POC
Sambar Server <6.0 - Buffer Overflow
Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter.
EIP-2026-119115 EXPLOITDB ruby WORKING POC
Sasser Worm avserve - FTP PORT Buffer Overflow (Metasploit)
CVE-2008-1724 EXPLOITDB ruby WORKING POC
SecureTransport Server <4.6.1 - Buffer Overflow
Stack-based buffer overflow in the IActiveXTransfer.FileTransfer method in the SecureTransport FileTransfer ActiveX control in vcst_en.dll 1.0.0.5 in Tumbleweed SecureTransport Server before 4.6.1 Hotfix 20 allows remote attackers to execute arbitrary code via a long remoteFile parameter.
CVE-2002-1120 EXPLOITDB ruby WORKING POC
Savant Web Server <3.1 - RCE
Buffer overflow in Savant Web Server 3.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
CVE-2006-2926 EXPLOITDB ruby WORKING POC
Qbik WinGate 6.1.1.1077 - Buffer Overflow
Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request.
CVE-2008-0550 EXPLOITDB ruby WORKING POC
Radio Toolbox Steamcast < 0.9.75 - Numeric Error
Off-by-one error in Steamcast 0.9.75 and earlier allows remote attackers to cause a denial of service (daemon crash) or execute arbitrary code via a certain HTTP request that leads to a buffer overflow, as demonstrated by a long User-Agent header.