r0ut3r

35 exploits Active since Jun 2006
CVE-2006-6598 EXPLOITDB perl WORKING POC
TorrentFlux < 2.2 and torrentflux-b4rt < 2.1-b4rt-972 - Authenticated Directory Traversal via Path Parameter
Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux before 2.2 and (2) torrentflux-b4rt before 2.1-b4rt-972 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the path parameter, a different vector than CVE-2006-6328.
CVE-2006-6329 EXPLOITDB text WORKING POC
TorrentFlux 2.2 - Unauthenticated Arbitrary File Deletion via delfile Parameter
index.php for TorrentFlux 2.2 allows remote attackers to delete files by specifying the target filename in the delfile parameter.
CVE-2006-6328 EXPLOITDB text WORKING POC
TorrentFlux 2.2 - Directory Traversal and Arbitrary File Write via Alias File Parameter
Directory traversal vulnerability in index.php for TorrentFlux 2.2 allows remote attackers to create or overwrite arbitrary files via sequences in the alias_file parameter.
CVE-2007-0504 EXPLOITDB perl WORKING POC
Vote! Pro < 4.0 - Remote Code Execution via poll_frame.php poll_id Parameter
Eval injection vulnerability in poll_frame.php in Vote! Pro 4.0, and possibly other scripts, allows remote attackers to execute arbitrary code via the poll_id parameter, which is supplied to an eval function call, a different vulnerability type than CVE-2005-4632.
CVE-2006-2383 EXPLOITDB text WORKING POC
Microsoft Internet Explorer <6 - RCE
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allows remote attackers to execute arbitrary code via "unexpected data" related to "parameter validation" in the DXImageTransform.Microsoft.Light ActiveX control, which causes Internet Explorer to crash in a way that enables the code execution.
CVE-2008-4726 EXPLOITDB perl WORKING POC
GoodTech SSH 6.4 - Authenticated Stack-Based Buffer Overflow via SFTP Parameters
Stack-based buffer overflow in the SFTP subsystem in GoodTech SSH 6.4 allows remote authenticated users to execute arbitrary code via a long string to the (1) open (aka SSH_FXP_OPEN), (2) unlink, (3) opendir, and other unspecified parameters.
CVE-2008-3583 EXPLOITDB c WORKING POC
IntelliTamper - Buffer Overflow via Long URL in IMG SRC Attribute
Buffer overflow in the HTML parser in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a long URL in the SRC attribute of an IMG element. NOTE: this might be related to CVE-2008-3360. NOTE: it was later reported that 2.08 Beta 4 is also affected.
CVE-2008-3360 EXPLOITDB c WORKING POC
IntelliTamper 2.0.7 - Remote Code Execution via Long HREF Attribute in HTML Parser
Stack-based buffer overflow in the HTML parser in IntelliTamper 2.0.7 allows remote attackers to execute arbitrary code via a long URL in the HREF attribute of an A element, a different vulnerability than CVE-2006-2494.
CVE-2008-6899 EXPLOITDB perl WORKING POC
freeSSHd 1.2.1 - Authenticated Buffer Overflow via SFTP Commands
Multiple buffer overflows in freeSSHd 1.2.1 allow remote authenticated users to cause a denial of service (crash) and execute arbitrary code via a long (1) open, (2) unlink, (3) mkdir, (4) rmdir, or (5) stat SFTP command.
CVE-2008-5735 EXPLOITDB python WORKING POC
CoolPlayer 2.17-2.19 - Stack-based Buffer Overflow via PlaylistSkin in Skin File
Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19 allows remote attackers to execute arbitrary code via a large PlaylistSkin value in a skin file.
CVE-2008-5735 EXPLOITDB c++ WORKING POC
CoolPlayer 2.17-2.19 - Stack-based Buffer Overflow via PlaylistSkin in Skin File
Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19 allows remote attackers to execute arbitrary code via a large PlaylistSkin value in a skin file.
CVE-2008-5492 EXPLOITDB html WORKING POC
VeryDOC PDF Viewer OCX Control <2.0.0.1 - Buffer Overflow
Heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX control in pdfview.ocx 2.0.0.1 in VeryDOC PDF Viewer OCX Control allows remote attackers to execute arbitrary code via a long first argument to the OpenPDF method. NOTE: some of these details are obtained from third party information.
CVE-2007-3548 EXPLOITDB c WORKING POC
W3Filer 2.1.3 - Stack-Based Buffer Overflow via FTP Banner
Stack-based buffer overflow in W3Filer 2.1.3 allows remote FTP servers to cause a denial of service (application hang or crash) and possibly execute arbitrary code by sending a large banner to a client that is sending a file.
CVE-2008-5282 EXPLOITDB perl WORKING POC
W3C Amaya Web Browser 10.0.1 - Buffer Overflow
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute.
CVE-2008-5282 EXPLOITDB perl WORKING POC
W3C Amaya Web Browser 10.0.1 - Buffer Overflow
Multiple stack-based buffer overflows in W3C Amaya Web Browser 10.0.1 allow remote attackers to execute arbitrary code via (1) a link with a long HREF attribute, and (2) a DIV tag with a long id attribute.
CVE-2007-1014 EXPLOITDB c WORKING POC
VicFTPS - Stack-Based Buffer Overflow via CWD Command
Stack-based buffer overflow in VicFTPS before 5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long CWD command.
CVE-2008-5492 EXPLOITDB text WORKING POC
VeryDOC PDF Viewer OCX Control <2.0.0.1 - Buffer Overflow
Heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX control in pdfview.ocx 2.0.0.1 in VeryDOC PDF Viewer OCX Control allows remote attackers to execute arbitrary code via a long first argument to the OpenPDF method. NOTE: some of these details are obtained from third party information.
CVE-2007-4033 EXPLOITDB php WORKING POC
t1lib 5.1.1 - Buffer Overflow
Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3.
CVE-2008-3209 EXPLOITDB html WORKING POC
Black Ice Document Imaging SDK 10.95 - Buffer Overflow
Heap-based buffer overflow in the OpenGifFile function in BiGif.dll in Black Ice Document Imaging SDK 10.95 allows remote attackers to execute arbitrary code via a long string argument to the GetNumberOfImagesInGifFile method in the BIImgFrm Control ActiveX control in biimgfrm.ocx. NOTE: some of these details are obtained from third party information.
CVE-2007-1040 EXPLOITDB perl WORKING POC
Xpression News 1.0.1 - Path Traversal
Directory traversal vulnerability in archives.php in Xpression News (X-News) 1.0.1 allows remote attackers to include arbitrary files or obtain sensitive information via a .. (dot dot) in the xnews-template parameter.
EIP-2026-113144 EXPLOITDB bash WORKING POC
Vote! Pro 4.0 - Multiple PHP Code Execution Vulnerabilities
CVE-2007-0535 EXPLOITDB perl WORKING POC
Vote! Pro < 4.0 - Remote Code Execution via poll_id Parameter
Multiple eval injection vulnerabilities in Vote! Pro 4.0, and possibly earlier, allow remote attackers to execute arbitrary code via requests to unspecified PHP scripts with the poll_id parameter, which is supplied to eval function calls, a different set of vectors than CVE-2007-0504. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2006-6604 EXPLOITDB perl WORKING POC
TorrentFlux 2.2 - Authenticated Directory Traversal via Alias Parameter
Directory traversal vulnerability in downloaddetails.php in TorrentFlux 2.2 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the alias parameter, a different vector than CVE-2006-6328.
CVE-2006-6330 EXPLOITDB text WORKING POC
TorrentFlux 2.2 - Command Injection
index.php for TorrentFlux 2.2 allows remote registered users to execute arbitrary commands via shell metacharacters in the kill parameter.
CVE-2006-6599 EXPLOITDB perl WORKING POC
TorrentFlux 2.2 - Command Injection
maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters (";" semicolon) in the announce parameter.