ryujin

28 exploits Active since Dec 2007
EIP-2026-119525 EXPLOITDB c++ WORKING POC
Fortinet FortiClient 5.2.3 (Windows 10 x86) - Local Privilege Escalation
CVE-2014-4113 EXPLOITDB HIGH python WORKING POC
Microsoft Windows - Privilege Escalation
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability."
CVSS 7.8
CVE-2015-5736 EXPLOITDB c WORKING POC
Fortinet FortiClient < 5.2.3 - Local Privilege Escalation via Fortishield.sys Ioctl Calls
The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call.
CVE-2015-5736 EXPLOITDB c WORKING POC
Fortinet FortiClient < 5.2.3 - Local Privilege Escalation via Fortishield.sys Ioctl Calls
The Fortishield.sys driver in Fortinet FortiClient before 5.2.4 allows local users to execute arbitrary code with kernel privileges by setting the callback function in a (1) 0x220024 or (2) 0x220028 ioctl call.
EIP-2026-118967 EXPLOITDB python WORKING POC
Novell eDirectory 8.8 SP5 - iConsole Buffer Overflow
CVE-2008-1498 EXPLOITDB python WORKING POC
NetWin Surgemail <3.8k4-4 - Buffer Overflow
Stack-based buffer overflow in the IMAP service in NetWin Surgemail 3.8k4-4 and earlier allows remote authenticated users to execute arbitrary code via a long first argument to the LIST command.
CVE-2011-2371 EXPLOITDB html WORKING POC
SeaMonkey through 2.0.14 - Remote Code Execution via Array.reduceRight Integer Overflow
Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.
CVE-2010-3962 EXPLOITDB HIGH html WORKING POC
Microsoft Internet Explorer 6, 7, and 8 - Use-After-Free via CSS Clip Attribute
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
CVSS 8.1
CVE-2007-3901 EXPLOITDB python WORKING POC
Microsoft DirectX 7.0-10.0 - Remote Code Execution via SAMI File Parsing
Stack-based buffer overflow in the DirectShow Synchronized Accessible Media Interchange (SAMI) parser in quartz.dll for Microsoft DirectX 7.0 through 10.0 allows remote attackers to execute arbitrary code via a crafted SAMI file.
CVE-2012-1876 EXPLOITDB html WORKING POC
Microsoft Internet Explorer 6-9 and 10 Consumer Preview - Remote Code Execution via Col Element Handling
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
CVE-2012-1876 EXPLOITDB html WORKING POC
Microsoft Internet Explorer 6-9 and 10 Consumer Preview - Remote Code Execution via Col Element Handling
Microsoft Internet Explorer 6 through 9, and 10 Consumer Preview, does not properly handle objects in memory, which allows remote attackers to execute arbitrary code by attempting to access a nonexistent object, leading to a heap-based buffer overflow, aka "Col Element Remote Code Execution Vulnerability," as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
CVE-2008-2573 EXPLOITDB perl WORKING POC
freeSSHd 1.2.1 - Authenticated Stack-Based Buffer Overflow via SSH_FXP_OPENDIR Command
Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows remote authenticated users to execute arbitrary code via a long directory name in an SSH_FXP_OPENDIR (aka opendir) command.
CVE-2009-2685 EXPLOITDB python WORKING POC
HP Power Manager - Stack-based Buffer Overflow via Login Variable
Stack-based buffer overflow in the login form in the management web server in HP Power Manager allows remote attackers to execute arbitrary code via the Login variable.
CVE-2008-1914 EXPLOITDB python WORKING POC
BigAnt IM Server <2.2 - Buffer Overflow
Stack-based buffer overflow in the AntServer module (AntServer.exe) in BigAnt IM Server in BigAnt Messenger 2.2 allows remote attackers to execute arbitrary code via a long URI in a request to TCP port 6080. NOTE: some of these details are obtained from third party information.
CVE-2010-4371 EXPLOITDB python WORKING POC
Winamp < 5.6 - Buffer Overflow in in_mod Plugin via Comment Box
Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box.
CVE-2010-4371 EXPLOITDB python WORKING POC
Winamp < 5.6 - Buffer Overflow in in_mod Plugin via Comment Box
Buffer overflow in the in_mod plugin in Winamp before 5.6 allows remote attackers to have an unspecified impact via vectors related to the comment box.
CVE-2008-1358 EXPLOITDB python WORKING POC
Alt-N Technologies MDaemon 9.6.4 - Buffer Overflow
Stack-based buffer overflow in the IMAP server in Alt-N Technologies MDaemon 9.6.4 allows remote authenticated users to execute arbitrary code via a FETCH command with a long BODY.
CVE-2009-0950 EXPLOITDB python WORKING POC
Apple iTunes < 8.2 - Remote Code Execution via Long itms: URL Component
Stack-based buffer overflow in Apple iTunes before 8.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an itms: URL with a long URL component after a colon.
EIP-2026-117770 EXPLOITDB php WORKING POC
PHP 6.0 Dev - 'str_transliterate()' Local Buffer Overflow (NX + ASLR Bypass)
CVE-2011-2005 EXPLOITDB HIGH python WORKING POC
Microsoft Windows XP/Server 2003 - Privilege Escalation
afd.sys in the Ancillary Function Driver in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 does not properly validate user-mode input passed to kernel mode, which allows local users to gain privileges via a crafted application, aka "Ancillary Function Driver Elevation of Privilege Vulnerability."
CVSS 7.8
CVE-2013-5065 EXPLOITDB HIGH ruby WORKING POC
Microsoft Windows XP/Server 2003 - Privilege Escalation
NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.
CVSS 7.8
CVE-2013-5065 EXPLOITDB HIGH python WORKING POC
Microsoft Windows XP/Server 2003 - Privilege Escalation
NDProxy.sys in the kernel in Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in November 2013.
CVSS 7.8
CVE-2010-0705 EXPLOITDB python WORKING POC
avast! 4.8-5.0.418.0 - Local Privilege Escalation
Aavmker4.sys in avast! 4.8 through 4.8.1368.0 and 5.0 before 5.0.418.0 running on Windows 2000 and XP does not properly validate input to IOCTL 0xb2d60030, which allows local users to cause a denial of service (system crash) or execute arbitrary code to gain privileges via IOCTL requests using crafted kernel addresses that trigger memory corruption.
CVE-2008-1854 EXPLOITDB python WORKING POC
SmarterMail 5.0.2999 - Denial of Service via Long HTTP Request
Unspecified vulnerability in SmarterMail Web Server (SMWebSvr.exe) in SmarterMail 5.0.2999 allows remote attackers to cause a denial of service (service termination) via a long HTTP (1) GET, (2) HEAD, (3) PUT, (4) POST, or (5) TRACE request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
EIP-2026-116565 EXPLOITDB python WORKING POC
WinWebMail 3.7.3 - IMAP Login Data Handling Denial of Service