sinn3r

411 exploits Active since Dec 2002
CVE-2013-3661 EXPLOITDB ruby WORKING POC
Microsoft Windows - Denial of Service via EPATHOBJ::bFlatten Path Traversal
The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
CVE-2012-0013 EXPLOITDB ruby WORKING POC
MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability
Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
CVE-2011-0105 EXPLOITDB ruby WORKING POC
MS11-021 Microsoft Office 2007 Excel .xlb Buffer Overflow
Microsoft Excel 2002 SP3, Office 2004 and 2008 for Mac, and Open XML File Format Converter for Mac obtain a certain length value from an uninitialized memory location, which allows remote attackers to trigger a buffer overflow and execute arbitrary code via a crafted Excel file, aka "Excel Data Initialization Vulnerability."
CVE-2012-3274 EXPLOITDB ruby WORKING POC
HP Intelligent Management Center < 5.1 - Stack-based Buffer Overflow in User Access Manager
Stack-based buffer overflow in uam.exe in the User Access Manager (UAM) component in HP Intelligent Management Center (IMC) before 5.1 E0101P01 allows remote attackers to execute arbitrary code via vectors related to log data.
CVE-2012-0663 EXPLOITDB ruby WORKING POC
Apple QuickTime <7.7.2 - Buffer Overflow
Multiple stack-based buffer overflows in Apple QuickTime before 7.7.2 on Windows allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TeXML file.
EIP-2026-116859 EXPLOITDB ruby WORKING POC
Aviosoft Digital TV Player Professional 1.0 - Local Stack Buffer Overflow (Metasploit)
EIP-2026-117352 EXPLOITDB text WORKING POC
Ipswitch IMAIL 11.01 - Reversible Encryption + weak ACL
EIP-2026-117349 EXPLOITDB html WORKING POC
IP2location.dll 1.0.0.1 - Function 'Initialize()' Local Buffer Overflow
CVE-2007-3068 EXPLOITDB ruby WORKING POC
DVD X Player 4.1 Professional - Stack-Based Buffer Overflow via PLF Playlist Filename
Stack-based buffer overflow in DVD X Player 4.1 Professional allows remote attackers to execute arbitrary code via a PLF playlist containing a long filename.
CVE-2011-2462 EXPLOITDB CRITICAL ruby WORKING POC
Adobe Acrobat and Reader < 10.1.1 - Remote Code Execution via U3D Memory Corruption
Unspecified vulnerability in the U3D component in Adobe Reader and Acrobat 10.1.1 and earlier on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.
CVSS 9.8
CVE-2012-5975 EXPLOITDB ruby WORKING POC
SSH Tectia Server 6.0.4-6.3.2 - Authentication Bypass via Blank Password
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.
CVE-2011-4449 EXPLOITDB ruby WORKING POC
WikkaWiki 1.3.1 and 1.3.2 - Arbitrary PHP Code Execution via File Upload with Multiple Extensions
actions/files/files.php in WikkaWiki 1.3.1 and 1.3.2, when INTRANET_MODE is enabled, supports file uploads for file extensions that are typically absent from an Apache HTTP Server TypesConfig file, which makes it easier for remote attackers to execute arbitrary PHP code by placing this code in a file whose name has multiple extensions, as demonstrated by a (1) .mm or (2) .vpp file.
CVE-2012-0694 EXPLOITDB CRITICAL ruby WORKING POC
SugarCRM CE <= 6.3.1 - Code Injection
SugarCRM CE <= 6.3.1 contains scripts that use "unserialize()" with user controlled input which allows remote attackers to execute arbitrary PHP code.
CVSS 9.8
EIP-2026-111611 EXPLOITDB ruby WORKING POC
qdPM 7.0 - Arbitrary '.PHP' File Upload (Metasploit)
CVE-2011-4825 EXPLOITDB ruby WORKING POC
Ajax File and Image Manager < 1.1 - Remote Code Execution via PHP Code Injection in data.php
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
CVE-2012-3399 EXPLOITDB ruby WORKING POC
Basilic 1.5.14 - Remote Command Execution via Config/diff.php File Parameter
Config/diff.php in Basilic 1.5.14 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter.
CVE-2012-1153 EXPLOITDB ruby WORKING POC
appRain CMF <= 0.1.5 - Unauthenticated Arbitrary File Upload and Remote Code Execution
Unrestricted file upload vulnerability in addons/uploadify/uploadify.php in appRain CMF 0.1.5 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the uploads directory.
CVE-2011-4828 EXPLOITDB ruby WORKING POC
AutoSec Tools V-CMS 1.0 - Remote Code Execution via Unrestricted File Upload in Inline Image Upload
Unrestricted file upload vulnerability in includes/inline_image_upload.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in temp/.
CVE-2011-3230 EXPLOITDB ruby WORKING POC
Apple Safari - Remote Code Execution via File URL Policy Bypass
Apple Safari before 5.1.1 on Mac OS X does not enforce an intended policy for file: URLs, which allows remote attackers to execute arbitrary code via a crafted web site.
CVE-2012-5692 EXPLOITDB ruby WORKING POC
Invision Power Board 3.1.x-3.3.x core.php - Impact Unknown
Unspecified vulnerability in admin/sources/base/core.php in Invision Power Board (aka IPB or IP.Board) 3.1.x through 3.3.x has unknown impact and remote attack vectors.
EIP-2026-104742 EXPLOITDB ruby WORKING POC
LotusCMS 3.0 - 'eval()' Remote Command Execution (Metasploit)
EIP-2026-104743 EXPLOITDB ruby WORKING POC
Network Shutdown Module 3.21 - 'sort_values' Remote PHP Code Injection (Metasploit)
EIP-2026-104770 EXPLOITDB ruby WORKING POC
Sflog! CMS 1.0 - Arbitrary File Upload (Metasploit)
CVE-2019-16113 EXPLOITDB HIGH ruby WORKING POC
Bludit 3.9.2 - Remote Code Execution via Image Upload Path Traversal
Bludit 3.9.2 allows remote code execution via bl-kernel/ajax/upload-images.php because PHP code can be entered with a .jpg file name, and then this PHP code can write other PHP code to a ../ pathname.
CVSS 8.8
CVE-2013-2465 EXPLOITDB CRITICAL ruby WORKING POC
Java storeImageArray() Invalid Array Indexing Vulnerability
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect image channel verification" in 2D.
CVSS 9.8