patrick

79 exploits Active since Sep 1999
CVE-1999-1053 NOMISEC WORKING POC
Apache HTTP Server - Remote Command Execution via SSI Closing Sequence Bypass
guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
1 stars
CVE-2025-65954 WRITEUP MEDIUM WRITEUP
SimpleSAMLphp CAS Server <6.3.1 and <7.0.0 Logout - Open Redirect
SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. In versions below 6.3.1 and 7.0.0, the logout endpoint accepts a url query parameter to redirect to. casserver treats that url as trusted, and either (depending on configuration) redirects the browser there, or shows a "you've been logged out" page with a link to continue to that url. Impacted configs include 'enable_logout' => true, and 'skip_logout_page' -> true. This issue has been resolved in versions 6.3.1 and 7.0.0.
CVSS 6.1
CVE-2006-0441 EXPLOITDB ruby WORKING POC
Sami FTP Server 2.0.1 - Stack-Based Buffer Overflow via Long USER Command
Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed.
CVE-2000-0248 EXPLOITDB ruby WORKING POC
Red Hat Linux Piranha - Command Injection
The web GUI for the Linux Virtual Server (LVS) software in the Red Hat Linux Piranha package has a backdoor password that allows remote attackers to execute arbitrary commands.
CVE-2004-1315 EXPLOITDB ruby WORKING POC
phpBB 2.x < 2.0.11 - Remote Code Execution via Double-Encoded Highlight Parameter
viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm.
CVE-2017-15194 WRITEUP MEDIUM WRITEUP
Cacti 1.1.25 - Cross-Site Scripting via URI or Refresh Page
include/global_session.php in Cacti 1.1.25 has XSS related to (1) the URI or (2) the refresh page.
CVSS 6.1
CVE-2017-9451 WRITEUP MEDIUM WRITEUP
flatCore 1.4.6 - Cross-Site Scripting via PATH_INFO in acp.php URL
Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs.
CVSS 6.1
CVE-2021-3745 WRITEUP MEDIUM WRITEUP
flatcore-cms - Unrestricted Upload of File with Dangerous Type
flatcore-cms is vulnerable to Unrestricted Upload of File with Dangerous Type
CVSS 6.6
CVE-2023-47350 WRITEUP HIGH WRITEUP
SwiftyEdit < 1.2.0 - Cross-Site Request Forgery via User Password Update
Cross-Site Request Forgery (CSRF) vulnerability in SwiftyEdit Content Management System prior to v1.2.0, allows remote attackers to escalate privileges via the user password update functionality.
CVSS 8.8
CVE-2009-20010 EXPLOITDB CRITICAL ruby WORKING POC
Dogfood CRM < 2.0.10 - Unauthenticated Remote Command Execution via spell.php data Parameter
Dogfood CRM version 2.0.10 contains a remote command execution vulnerability in the spell.php script used by its mail subsystem. The vulnerability arises from unsanitized user input passed via a POST request to the data parameter, which is processed by the underlying shell without adequate escaping. This allows attackers to inject arbitrary shell commands and execute them on the server. The flaw is exploitable without authentication and was discovered by researcher LSO.
CVE-2009-10005 EXPLOITDB HIGH ruby WORKING POC
ContentKeeper Web Appliance <125.10 - Path Traversal
ContentKeeper Web Appliance (now maintained by Impero Software) versions prior to 125.10 expose the mimencode binary via a CGI endpoint, allowing unauthenticated attackers to retrieve arbitrary files from the filesystem. By crafting a POST request to /cgi-bin/ck/mimencode with traversal and output parameters, attackers can read sensitive files such as /etc/passwd outside the webroot.
CVE-2010-20112 EXPLOITDB CRITICAL ruby WORKING POC
Amlib's NetOpacs webquery.dll - Buffer Overflow
Amlib’s NetOpacs webquery.dll contains a stack-based buffer overflow vulnerability triggered by improper handling of HTTP GET parameters. Specifically, the application fails to enforce bounds on input supplied to the app parameter, allowing excessive data to overwrite memory structures including the Structured Exception Handler (SEH). Additionally, malformed parameter names followed by an equals sign may result in unintended control flow behavior. This vulnerability is exposed through IIS and affects legacy Windows deployments
CVE-2009-2936 METASPLOIT ruby WORKING POC
Varnish < 2.1.0 - Unauthenticated Remote Code Execution via CLI vcl.inline Directive
The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is "fundamentally misguided and pointless.
CVE-2001-0168 EXPLOITDB ruby WORKING POC
AT&T WinVNC < 3.3.3r7 - Remote Code Execution via Long HTTP GET Request
Buffer overflow in AT&T WinVNC (Virtual Network Computing) server 3.3.3r7 and earlier allows remote attackers to execute arbitrary commands via a long HTTP GET request when the DebugLevel registry key is greater than 0.
CVE-2007-5067 EXPLOITDB ruby WORKING POC
iMatix Xitami Web Server 2.5c2 - Remote Code Execution via Long If-Modified-Since Header
Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remote attackers to execute arbitrary code via a long If-Modified-Since header to (1) xigui32.exe or (2) xitami.exe.
CVE-2002-2268 EXPLOITDB ruby WORKING POC
Webster HTTP Server - Remote Code Execution via Long URL
Buffer overflow in Webster HTTP Server allows remote attackers to execute arbitrary code via a long URL.
CVE-2006-5156 EXPLOITDB ruby WORKING POC
McAfee ePolicy Orchestrator < 3.5.0.720 and ProtectionPilot < 1.1.1.126 - Remote Code Execution via Long Source Header
Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header.
CVE-2004-1317 EXPLOITDB ruby WORKING POC
Netcat for Windows 1.1 - Buffer Overflow
Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, when running with the -e option, allows remote attackers to execute arbitrary code via a long DNS command.
CVE-2001-1320 EXPLOITDB ruby WORKING POC
Network Associates PGP Keyserver 7.0 - DoS, RCE
Network Associates PGP Keyserver 7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via exceptional BER encodings (possibly buffer overflows), as demonstrated by the PROTOS LDAPv3 test suite.
CVE-2006-4948 EXPLOITDB ruby WORKING POC
ProSysInfo TFTP Server TFTPDWIN <0.4.2 - Buffer Overflow
Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a long file name. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2004-2086 EXPLOITDB ruby WORKING POC
Sambar Server <6.0 - Buffer Overflow
Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter.
EIP-2026-119115 EXPLOITDB ruby WORKING POC
Sasser Worm avserve - FTP PORT Buffer Overflow (Metasploit)
CVE-2008-1724 EXPLOITDB ruby WORKING POC
SecureTransport Server <4.6.1 - Buffer Overflow
Stack-based buffer overflow in the IActiveXTransfer.FileTransfer method in the SecureTransport FileTransfer ActiveX control in vcst_en.dll 1.0.0.5 in Tumbleweed SecureTransport Server before 4.6.1 Hotfix 20 allows remote attackers to execute arbitrary code via a long remoteFile parameter.
CVE-2002-1120 EXPLOITDB ruby WORKING POC
Savant Web Server < 3.1 - Remote Code Execution via Long HTTP GET Request
Buffer overflow in Savant Web Server 3.1 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request.
CVE-2006-2926 EXPLOITDB ruby WORKING POC
Qbik WinGate 6.1.1.1077 - Buffer Overflow
Stack-based buffer overflow in the WWW Proxy Server of Qbik WinGate 6.1.1.1077 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL HTTP request.