securfrog

26 exploits Active since Nov 2006
CVE-2006-5702 EXPLOITDB WRITEUP
Tikiwiki 1.9.5 - Exposure of Sensitive Information via Empty sort_mode Parameter
Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-list_users.php, (16) tiki-my_tiki.php, (17) tiki-notepad_list.php, (18) tiki-orphan_pages.php, (19) tiki-shoutbox.php, (20) tiki-usermenu.php, and (21) tiki-webmail_contacts.php, which reveal the information in certain database error messages.
CVE-2008-3734 EXPLOITDB perl WORKING POC
Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 - Format String Vulnerability via FTP Server Greeting
Format string vulnerability in Ipswitch WS_FTP Home 2007.0.0.2 and WS_FTP Professional 2007.1.0.0 allows remote FTP servers to cause a denial of service (application crash) or possibly execute arbitrary code via format string specifiers in a connection greeting (response).
CVE-2008-4841 EXPLOITDB text SUSPICIOUS
Microsoft WordPad - Remote Code Execution via Crafted Word 97 File
The WordPad Text Converter for Word 97 files in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008. NOTE: As of 20081210, it is unclear whether this vulnerability is related to a WordPad issue disclosed on 20080925 with a 2008-crash.doc.rar example, but there are insufficient details to be sure.
CVE-2007-6478 EXPLOITDB perl WORKING POC
Rosoft Media Player <4.1.8 - Buffer Overflow
Stack-based buffer overflow in Rosoft Media Player 4.1.7, 4.1.8, and possibly earlier versions allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a .M3U file. NOTE: some of these details are obtained from third party information.
CVE-2008-2841 EXPLOITDB html WORKING POC
Microsoft Internet Explorer < 2.8.7b - Code Injection
Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI.
EIP-2026-119315 EXPLOITDB html WORKING POC
XChat 2.8.7b - 'ircs://' URI Command Execution
CVE-2008-0661 EXPLOITDB perl WORKING POC
dBpowerAMP Audio Player Release 2 - Buffer Overflow via Long URI in .M3U File
Buffer overflow in dBpowerAMP Audio Player Release 2 allows remote attackers to execute arbitrary code via a .M3U file with a long URI. NOTE: this might be the same issue as CVE-2004-1569.
CVE-2009-0263 EXPLOITDB text WORKING POC
Winamp < 5.541 - Buffer Overflow via AIFF COMM Chunk or MP3 File
Multiple buffer overflows in Winamp 5.541 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a large Common Chunk (COMM) header value in an AIFF file and (2) a large invalid value in an MP3 file.
CVE-2008-0702 EXPLOITDB perl WORKING POC
Titan FTP Server 6.03 and 6.0.5.549 - Heap-Based Buffer Overflow via USER or PASS Command
Multiple heap-based buffer overflows in Titan FTP Server 6.03 and 6.0.5.549 allow remote attackers to cause a denial of service (daemon crash or hang) and possibly execute arbitrary code via a long argument to the (1) USER or (2) PASS command, different vectors than CVE-2004-1641.
CVE-2009-0119 EXPLOITDB perl WORKING POC
Microsoft Windows XP SP3 - Buffer Overflow
Buffer overflow in Microsoft Windows XP SP3 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via a crafted .chm file.
CVE-2009-0259 EXPLOITDB text SUSPICIOUS
OpenOffice.org 1.1.2-1.1.5 - Denial of Service and Possible Remote Code Execution via Crafted Word File
The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841.
CVE-2008-4449 EXPLOITDB perl WORKING POC
mIRC 6.34 - Remote Code Execution via Long Hostname in PRIVMSG
Stack-based buffer overflow in mIRC 6.34 allows remote attackers to execute arbitrary code via a long hostname in a PRIVMSG message.
CVE-2008-0619 EXPLOITDB perl WORKING POC
Nero MediaPlayer < 1.4.0.35 - Remote Code Execution via Long URI in M3U File
Buffer overflow in NeroMediaPlayer.exe in Nero Media Player 1.4.0.35 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (persistent crash) via a long URI in a .M3U file.
EIP-2026-115457 EXPLOITDB python WORKING POC
Ipswitch WS_FTP Home/Professional 8.0 - WS_FTP Client Format String
CVE-2008-3795 EXPLOITDB perl WORKING POC
Ipswitch WS_FTP Home - Buffer Overflow
Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP servers to have an unknown impact via a long "message response."
CVE-2008-3578 EXPLOITDB html WORKING POC
hydrairc < 0.3.164 - Denial of Service via Long irc:// URI
HydraIRC 0.3.164 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a long irc:// URI.
CVE-2008-0590 EXPLOITDB perl WORKING POC
WS_FTP Server 6.1.0.0 - Authenticated Buffer Overflow via Long Opendir Command
Buffer overflow in Ipswitch WS_FTP Server with SSH 6.1.0.0 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long opendir command.
CVE-2008-4193 EXPLOITDB perl WORKING POC
Alt-N SecurityGateway 1.0.1 - Stack-Based Buffer Overflow via Long Username Parameter
Stack-based buffer overflow in SecurityGateway.dll in Alt-N Technologies SecurityGateway 1.0.1 allows remote attackers to execute arbitrary code via a long username parameter.
CVE-2008-2631 EXPLOITDB perl WORKING POC
MDaemon < 9.6.5 - Denial of Service via Crafted HTTP POST Request
The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted HTTP POST request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-1912 EXPLOITDB perl WORKING POC
DivX Player <6.7.0.22 - Buffer Overflow
Stack-based buffer overflow in DivX Player 6.7 build 6.7.0.22 and earlier allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long subtitle in a .SRT file.
CVE-2008-2549 EXPLOITDB text WORKING POC
Adobe Acrobat Reader < 8.1.2 and < 7.1.1 - Remote Code Execution via Malformed PDF Document
Adobe Acrobat Reader 8.1.2 and earlier, and before 7.1.1, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed PDF document, as demonstrated by 2008-HI2.pdf.
CVE-2008-2573 EXPLOITDB perl WORKING POC
freeSSHd 1.2.1 - Authenticated Stack-Based Buffer Overflow via SSH_FXP_OPENDIR Command
Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows remote authenticated users to execute arbitrary code via a long directory name in an SSH_FXP_OPENDIR (aka opendir) command.
CVE-2008-0661 EXPLOITDB perl WORKING POC
dBpowerAMP Audio Player Release 2 - Buffer Overflow via Long URI in .M3U File
Buffer overflow in dBpowerAMP Audio Player Release 2 allows remote attackers to execute arbitrary code via a .M3U file with a long URI. NOTE: this might be the same issue as CVE-2004-1569.
CVE-2006-5703 EXPLOITDB text WRITEUP
Tikiwiki 1.9.5 - Cross-Site Scripting via url Parameter in tiki-featured_link.php
Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements.
EIP-2026-111832 EXPLOITDB text WRITEUP
RunCMS 1.x - Avatar Arbitrary File Upload