patrick

79 exploits Active since Sep 1999
EIP-2026-113766 EXPLOITDB ruby WORKING POC
WordPress Plugin Foxypress - 'Uploadify.php' Arbitrary Code Execution (Metasploit)
EIP-2026-113767 EXPLOITDB ruby WORKING POC
WordPress Plugin Foxypress - 'Uploadify.php' Arbitrary Code Execution (Metasploit)
CVE-2005-2733 EXPLOITDB ruby WORKING POC
Simple PHP Blog - Remote Code Execution via Unrestricted File Upload
upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly restrict file extensions of uploaded files, which could allow remote attackers to execute arbitrary code.
CVE-2000-0322 EXPLOITDB ruby WORKING POC
Red Hat Piranha - Command Injection
The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execute arbitrary commands via shell metacharacters.
CVE-2005-2086 EXPLOITDB ruby WORKING POC
phpBB <= 2.0.15 - Remote File Inclusion in viewtopic.php
PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code.
EIP-2026-109217 EXPLOITDB ruby WORKING POC
Lotus Mail Encryption Server 2.1.0.1 (Protector for Mail) - Local File Inclusion / Remote Code Execution (Metasploit)
CVE-2008-3922 EXPLOITDB ruby WORKING POC
AWStats Totals 1.0-1.14 - Remote Code Execution via Sort Parameter
awstatstotals.php in AWStats Totals 1.0 through 1.14 allows remote attackers to execute arbitrary code via PHP sequences in the sort parameter, which is used by the multisort function when dynamically creating an anonymous PHP function.
CVE-2001-0311 EXPLOITDB ruby WORKING POC
HP OmniBackII <A.03.50 - Privilege Escalation
Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an OmniBack client.
EIP-2026-104208 EXPLOITDB ruby WORKING POC
ContentKeeper Web Appliance < 125.10 - Command Execution (Metasploit)
CVE-2004-1389 EXPLOITDB ruby WORKING POC
Veritas NetBackup 3.4-4.5 and 5.0-5.1 - Remote Code Execution via bpjava-susvc Process
Unknown vulnerability in the Veritas NetBackup Administrative Assistant interface for NetBackup BusinesServer 3.4, 3.4.1, and 4.5, DataCenter 3.4, 3.4.1, and 4.5, Enterprise Server 5.1, and NetBackup Server 5.0 and 5.1, allows attackers to execute arbitrary commands via the bpjava-susvc process, possibly related to the call-back feature.
CVE-2005-0838 EXPLOITDB text WRITEUP
IceCast 2.20 - Buffer Overflow in XSL Parser
Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow attackers to cause a denial of service and possibly execute arbitrary code via (1) a long test value in an xsl:when tag, (2) a long test value in an xsl:if tag, or (3) a long select value in an xsl:value-of tag.
CVE-2001-0311 EXPLOITDB ruby WORKING POC
HP OmniBackII <A.03.50 - Privilege Escalation
Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an OmniBack client.
CVE-2007-4560 EXPLOITDB ruby WORKING POC
ClamAV < 0.91.2 - Remote Code Execution via Shell Metacharacters in Sendmail Recipient Field
clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."
CVE-2001-0414 EXPLOITDB ruby WORKING POC
ntpd < 4.0.99k - Buffer Overflow via Long readvar Argument
Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.
CVE-2007-4560 EXPLOITDB ruby WORKING POC
ClamAV < 0.91.2 - Remote Code Execution via Shell Metacharacters in Sendmail Recipient Field
clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."
CVE-2009-2936 EXPLOITDB ruby WORKING POC
Varnish < 2.1.0 - Unauthenticated Remote Code Execution via CLI vcl.inline Directive
The Command Line Interface (aka Server CLI or administration interface) in the master process in the reverse proxy server in Varnish before 2.1.0 does not require authentication for commands received through a TCP port, which allows remote attackers to (1) execute arbitrary code via a vcl.inline directive that provides a VCL configuration file containing inline C code; (2) change the ownership of the master process via param.set, stop, and start directives; (3) read the initial line of an arbitrary file via a vcl.load directive; or (4) conduct cross-site request forgery (CSRF) attacks that leverage a victim's location on a trusted network and improper input validation of directives. NOTE: the vendor disputes this report, saying that it is "fundamentally misguided and pointless.
CVE-2000-0284 EXPLOITDB ruby WORKING POC
University of Washington imapd 4.7 - Authenticated Buffer Overflow via LIST Command
Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
CVE-2000-0284 EXPLOITDB ruby WORKING POC
University of Washington imapd 4.7 - Authenticated Buffer Overflow via LIST Command
Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
CVE-2006-2447 EXPLOITDB ruby WORKING POC
SpamAssassin - Remote Code Execution via Crafted Message with Virtual Pop Username
SpamAssassin before 3.1.3, when running with vpopmail and the paranoid (-P) switch, allows remote attackers to execute arbitrary commands via a crafted message that is not properly handled when invoking spamd with the virtual pop username.
CVE-2005-1099 EXPLOITDB ruby WORKING POC
Greylisting daemon <1.4 - Buffer Overflow
Multiple buffer overflows in the HandleChild function in server.c in Greylisting daemon (GLD) 1.3 and 1.4, when GLD is listening on a network interface, allow remote attackers to execute arbitrary code.
CVE-2005-1099 EXPLOITDB ruby WORKING POC
Greylisting daemon <1.4 - Buffer Overflow
Multiple buffer overflows in the HandleChild function in server.c in Greylisting daemon (GLD) 1.3 and 1.4, when GLD is listening on a network interface, allow remote attackers to execute arbitrary code.
CVE-2001-0414 EXPLOITDB ruby WORKING POC
ntpd < 4.0.99k - Buffer Overflow via Long readvar Argument
Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.
CVE-2007-1435 EXPLOITDB ruby WORKING POC
D-Link TFTP Server 1.0 - Denial of Service via Long GET or PUT Request
Buffer overflow in D-Link TFTP Server 1.0 allows remote attackers to cause a denial of service (crash) via a long (1) GET or (2) PUT request, which triggers memory corruption. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-1999-1053 EXPLOITDB ruby WORKING POC
Apache HTTP Server - Remote Command Execution via SSI Closing Sequence Bypass
guestbook.pl cleanses user-inserted SSI commands by removing text between "<!--" and "-->" separators, which allows remote attackers to execute arbitrary commands when guestbook.pl is run on Apache 1.3.9 and possibly other versions, since Apache allows other closing sequences besides "-->".
CVE-2006-2237 EXPLOITDB ruby WORKING POC
AWStats 6.4-6.5 - Remote Code Execution via Migrate Parameter
The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.