pyrokinesis

8 exploits Active since Jun 2009
CVE-2009-2261 METASPLOIT ruby WORKING POC
PeaZIP <2.6.1-2.5.1 - Command Injection
PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and a command.
CVE-2009-4195 METASPLOIT ruby WORKING POC
Adobe Illustrator <14.0.0 - Buffer Overflow
Buffer overflow in Adobe Illustrator CS4 14.0.0, CS3 13.0.3 and earlier, and CS3 13.0.0 allows remote attackers to execute arbitrary code via a long DSC comment in an Encapsulated PostScript (.eps) file. NOTE: some of these details are obtained from third party information.
EIP-2026-119004 EXPLOITDB html WORKING POC
Oracle - Document Capture BlackIce DEVMODE
EIP-2026-118614 EXPLOITDB text WORKING POC
Google Apps - mailto URI handler cross-browser Remote command Execution
EIP-2026-118514 EXPLOITDB html WORKING POC
EMC Captiva QuickScan Pro 4.6 SP1 and EMC Documentum ApllicationXtender Desktop 5.4 (keyhelp.ocx 1.2.312) - Remote Overflow
CVE-2009-3489 EXPLOITDB HIGH text WORKING POC
Adobe Photoshop Elements - Incorrect Permission Assignment
Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command.
CVSS 7.8
CVE-2009-4195 EXPLOITDB php WORKING POC
Adobe Illustrator <14.0.0 - Buffer Overflow
Buffer overflow in Adobe Illustrator CS4 14.0.0, CS3 13.0.3 and earlier, and CS3 13.0.0 allows remote attackers to execute arbitrary code via a long DSC comment in an Encapsulated PostScript (.eps) file. NOTE: some of these details are obtained from third party information.
CVE-2009-3693 EXPLOITDB html WORKING POC
Persits Xupload - Path Traversal
Directory traversal vulnerability in the Persits.XUpload.2 ActiveX control (XUpload.ocx) in HP LoadRunner 9.5 allows remote attackers to create arbitrary files via \.. (backwards slash dot dot) sequences in the third argument to the MakeHttpRequest method.