poplix

9 exploits Active since Nov 2006
CVE-2008-6478 EXPLOITDB html WORKING POC
Parallels Virtuozzo Containers - Cross-Site Request Forgery in VZPP File Manager
Cross-site request forgery (CSRF) vulnerability in the file manager in the VZPP web interface for Parallels Virtuozzo 365.6.swsoft (build 4.0.0-365.6.swsoft) and 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to create and delete arbitrary files as the administrator via a link or IMG tag to (1) create-file and (2) list-control in vz/cp/vzdir/infrman/envs/files/; or modify system configuration via the path parameter to vz/cp/vzdir/infrman/envs/files/index.
CVE-2008-6479 EXPLOITDB html WORKING POC
Parallels Virtuozzo 25.4.swsoft - Cross-Site Request Forgery in VZPP Password Change
Cross-site request forgery (CSRF) vulnerability in the "change password" feature in the VZPP web interface for Parallels Virtuozzo 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to modify the password via a link or IMG tag to vz/cp/pwd.
CVE-2007-6561 EXPLOITDB php WORKING POC
PDFLib - Stack-Based Buffer Overflow via Long Filename in PDF_load_image Function
Multiple stack-based buffer overflows in PDFLib allow user-assisted remote attackers to execute arbitrary code via a long filename argument to the PDF_load_image function that results in an overflow in the pdc_fsearch_fopen function, and possibly other vectors.
CVE-2007-0756 EXPLOITDB php WORKING POC
Chicken of the VNC 2.0 - Denial of Service via Large Computer-Name Size in ServerInit Packet
Chicken of the VNC (cotv) 2.0 allows remote attackers to cause a denial of service (application crash) via a large computer-name size value in a ServerInit packet, which triggers a failed malloc and a resulting NULL dereference.
CVE-2007-1008 EXPLOITDB xml WORKING POC
Apple iTunes 7.0.2 - Denial of Service via Crafted XML Radio Station List
Apple iTunes 7.0.2 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted XML list of radio stations, which results in memory corruption. NOTE: iTunes retrieves the XML document from a static URL, which requires an attacker to perform DNS spoofing or man-in-the-middle attacks for exploitation.
CVE-2007-2580 EXPLOITDB javascript WORKING POC
Apple Safari - Unprotected Keychain Password Exposure via JavaScript Parameter
Unspecified vulnerability in Apple Safari allows local users to obtain sensitive information (saved keychain passwords) via the document.loginform.password.value JavaScript parameter loaded from an AppleScript script.
CVE-2006-6538 EXPLOITDB c WORKING POC
D-LINK DWL-2000AP+ firmware 2.11 - DoS
D-LINK DWL-2000AP+ firmware 2.11 allows remote attackers to cause (1) a denial of service (device reset) via a flood of ARP replies on the wired or wireless (radio) link and (2) a denial of service (device crash) via a flood of ARP requests on the wireless link.
CVE-2006-5662 EXPLOITDB text WORKING POC
easy_notesmanager 0.0.1 - SQL Injection via Username Parameter or Search Page
SQL injection vulnerability in easy notesManager (eNM) 0.0.1 allows remote attackers to execute arbitrary SQL commands via (1) the username parameter in login.php and (2) a search on the "search page."
CVE-2006-5662 EXPLOITDB text WORKING POC
easy_notesmanager 0.0.1 - SQL Injection via Username Parameter or Search Page
SQL injection vulnerability in easy notesManager (eNM) 0.0.1 allows remote attackers to execute arbitrary SQL commands via (1) the username parameter in login.php and (2) a search on the "search page."