storm

24 exploits Active since Jun 2001
CVE-2010-3141 EXPLOITDB c WORKING POC
Microsoft PowerPoint 2010 - DLL Hijacking via Untrusted Search Path
Untrusted search path vulnerability in Microsoft PowerPoint 2010 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse pptimpconv.dll that is located in the same folder as a .odp, .pot, .potm, .potx, .ppa, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .pwz, .sldm, or .sldx file.
CVE-2010-3143 EXPLOITDB c WORKING POC
Microsoft Windows Contacts - Untrusted Search Path and DLL Hijacking via Trojan Horse wab32res.dll
Untrusted search path vulnerability in Microsoft Windows Contacts allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wab32res.dll that is located in the same folder as a .contact, .group, .p7c, .vcf, or .wab file. NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3147.
CVE-2008-7171 EXPLOITDB text WRITEUP
Lightweight news portal 1.0b - Cross-Site Scripting via Photo or POTD Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Lightweight news portal (LNP) 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) photo parameter to show_photo.php, (2) potd parameter to show_potd.php, or (3) the Current question field in a vote action to admin.php.
CVE-2003-0729 EXPLOITDB perl WORKING POC
Tellurian TftpdNT 1.8 - Buffer Overflow via Long Filename in TFTP Request
Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to execute arbitrary code via a TFTP request with a long filename.
CVE-2001-0241 EXPLOITDB perl WORKING POC
Windows 2000 - Buffer Overflow in Internet Printing ISAPI Extension
Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.
EIP-2026-118326 EXPLOITDB c WORKING POC
Bloodshed Dev-C++ 4.9.9.2 - Multiple EXE Loading Arbitrary Code Executions
CVE-2010-5195 EXPLOITDB c WORKING POC
Roxio MyDVD 9 - Privilege Escalation
Untrusted search path vulnerability in Roxio MyDVD 9 allows local users to gain privileges via a Trojan horse HomeUtils9.dll file in the current working directory, as demonstrated by a directory that contains a .dmsd or .dmsm file. NOTE: some of these details are obtained from third party information.
CVE-2010-5236 EXPLOITDB c WORKING POC
Roxio Easy Media Creator Home 9.0.136 - Privilege Escalation
Untrusted search path vulnerability in Roxio Easy Media Creator Home 9.0.136 allows local users to gain privileges via a Trojan horse homeutils9.dll file in the current working directory, as demonstrated by a directory that contains a .roxio, .c2d, or .gi file. NOTE: some of these details are obtained from third party information.
CVE-2010-3142 EXPLOITDB c WORKING POC
Microsoft Office PowerPoint 2007 - RCE
Untrusted search path vulnerability in Microsoft Office PowerPoint 2007 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse rpawinet.dll that is located in the same folder as a .odp, .pothtml, .potm, .potx, .ppa, .ppam, .pps, .ppt, .ppthtml, .pptm, .pptxml, .pwz, .sldm, .sldx, and .thmx file.
CVE-2010-3147 EXPLOITDB c WORKING POC
Windows Address Book <6.00.2900.5512 - Privilege Escalation
Untrusted search path vulnerability in wab.exe 6.00.2900.5512 in Windows Address Book in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 allows local users to gain privileges via a Trojan horse wab32res.dll file in the current working directory, as demonstrated by a directory that contains a Windows Address Book (WAB), VCF (aka vCard), or P7C file, aka "Insecure Library Loading Vulnerability." NOTE: the codebase for this product may overlap the codebase for the product referenced in CVE-2010-3143.
EIP-2026-116603 EXPLOITDB perl WORKING POC
Xlight FTP Server 1.25/1.41 - 'PASS' Remote Buffer Overflow
CVE-2004-1992 EXPLOITDB perl WORKING POC
Serv-U File Server < 5.0.0.6 - Denial of Service via Long -l Parameter
Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read.
CVE-2004-0437 EXPLOITDB perl WORKING POC
Titan FTP Server 3.01 build 163 - Authenticated Denial of Service via LIST -L Command
Titan FTP Server version 3.01 build 163, and possibly other versions before build 169, allows remote authenticated users to cause a denial of service (crash) by disconnecting from the system during a "LIST -L" command, which causes Titan to access an invalid socket.
CVE-2010-3127 EXPLOITDB c WORKING POC
Adobe Photoshop CS2-CS5 - Untrusted Search Path DLL Hijacking via Trojan Horse DLL
Untrusted search path vulnerability in Adobe PhotoShop CS2 through CS5 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse dwmapi.dll or Wintab32.dll that is located in the same folder as a PSD or other file that is processed by PhotoShop. NOTE: some of these details are obtained from third party information.
CVE-2004-2037 EXPLOITDB perl WORKING POC
Mollensoft Lightweight FTP Server 3.6 - Authenticated Buffer Overflow via CWD Command
Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long CWD command, as demonstrated in one example by using the "cd" command in an interactive FTP client.
CVE-2004-2366 EXPLOITDB perl WORKING POC
GlobalSCAPE Secure FTP Server <2.0 - Buffer Overflow
Buffer overflow in GlobalSCAPE Secure FTP Server 2.0 B03.11.2004.2 allows remote attackers to cause a denial of service (crash) via a SITE command with a long argument.
CVE-2008-6813 EXPLOITDB text WORKING POC
phpWebNews 0.2 MySQL Edition - SQL Injection via id_kat Parameter
SQL injection vulnerability in index.php in phpWebNews 0.2 MySQL Edition allows remote attackers to execute arbitrary SQL commands via the id_kat parameter.
CVE-2008-7172 EXPLOITDB text WRITEUP
Lightweight news portal 1.0b - Privilege Escalation
Lightweight news portal (LNP) 1.0b does not properly restrict access to administrator functionality, which allows remote attackers to gain administrator privileges via direct requests to admin.php with the (1) potd_delete, (2) potd, (3) vote_update, (4) vote, or (5) modifynews actions.
EIP-2026-107949 EXPLOITDB text WORKING POC
IPTBB 0.5.6 - 'act' Local File Inclusion
EIP-2026-107148 EXPLOITDB text WRITEUP
FlexCMS 3.2.1 - Persistent Cross-Site Scripting
EIP-2026-103676 EXPLOITDB perl WORKING POC
SX Design sipd 0.1.2/0.1.4 - Remote Format String
EIP-2026-103675 EXPLOITDB perl WORKING POC
SX Design sipd 0.1.2 - Remote Denial of Service
CVE-2004-1940 EXPLOITDB perl WORKING POC
KPhone < 4.0.1 - Denial of Service via STUN Response Packet with Large attrLen Value
sipclient.cpp in KPhone 4.0.1 and earlier allows remote attackers to cause a denial of service (crash) via a STUN response packet with a large attrLen value that causes an out-of-bounds read.
CVE-2018-1000115 EXPLOITDB HIGH c WORKING POC
memcached 1.5.5 - Denial of Service via UDP Traffic Amplification
Memcached version 1.5.5 contains an Insufficient Control of Network Message Volume (Network Amplification, CWE-406) vulnerability in the UDP support of the memcached server that can result in denial of service via network flood (traffic amplification of 1:50,000 has been reported by reliable sources). This attack appear to be exploitable via network connectivity to port 11211 UDP. This vulnerability appears to have been fixed in 1.5.6 due to the disabling of the UDP protocol by default.
CVSS 7.5