str0ke

106 exploits Active since May 1997
CVE-2004-0894 EXPLOITDB c++ WORKING POC
Windows 2000/2003 - Privilege Escalation
LSASS (Local Security Authority Subsystem Service) of Windows 2000 Server and Windows Server 2003 does not properly validate connection information, which allows local users to gain privileges via a specially-designed program.
CVE-2006-0097 EXPLOITDB php WORKING POC
PHP 4.3.10-4.4.2 - Stack-Based Buffer Overflow via mysql_connect Host Argument
Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function.
CVE-2005-1905 EXPLOITDB c++ WORKING POC
Kaspersky Labs Anti-Virus <5.0.335 - Privilege Escalation
The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and 5.0.335 on Windows 2000 allows local users to gain privileges by modifying certain critical code addresses that are later accessed by privileged programs.
CVE-2003-1318 EXPLOITDB perl WORKING POC
Twilight Webserver 1.3.3.0 - Denial of Service via Long URI GET Request
Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial of service (application crash) via a GET request for a long URI, a different vulnerability than CVE-2004-2376.
CVE-2006-4455 EXPLOITDB php WORKING POC
xchat < 2.6.7 - Denial of Service via PRIVMSG Command
Unspecified vulnerability in Xchat 2.6.7 and earlier allows remote attackers to cause a denial of service (crash) via unspecified vectors involving the PRIVMSG command. NOTE: the vendor has disputed this vulnerability, stating that it does not affect 2.6.7 "or any recent version"
CVE-2007-3488 EXPLOITDB html WORKING POC
Sony Network Camera SNC-P5 < 1.29 - Remote Code Execution via PrmSetNetworkParam Method
Heap-based buffer overflow in the viewer ActiveX control in Sony Network Camera SNC-RZ25N before 1.30; SNC-P1 and SNC-P5 before 1.29; SNC-CS10 and SNC-CS11 before 1.06; SNC-DF40N and SNC-DF70N before 1.18; SNC-RZ50N and SNC-CS50N before 2.22; SNC-DF85N, SNC-DF80N, and SNC-DF50N before 1.12; and SNC-RX570N/W, SNC-RX570N/B, SNC-RX550N/W, SNC-RX550N/B, SNC-RX530N/W, and SNC-RX530N/B 3.00 and 2.x before 2.31; allows remote attackers to execute arbitrary code via a long first argument to the PrmSetNetworkParam method.
CVE-2004-1675 EXPLOITDB c WORKING POC
Serv-U File Server 4.x-5.x - Denial of Service via STOU Command with MS-DOS Device Name
Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denial of service (application crash) via a STORE UNIQUE (STOU) command with an MS-DOS device name argument such as (1) COM1, (2) LPT1, (3) PRN, or (4) AUX.
CVE-2004-1305 EXPLOITDB html WORKING POC
Nortel IP Softphone 2050 - Denial of Service
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.
EIP-2026-115950 EXPLOITDB html WORKING POC
Norton AntiVirus < 2005 - Remote Stack Overflow
CVE-2005-0554 EXPLOITDB html WORKING POC
Microsoft Internet Explorer 5.01, 5.5, 6 - Buffer Overflow via Long Hostname URL
Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."
CVE-2009-0075 EXPLOITDB html WORKING POC
Microsoft Internet Explorer 7 - Uninitialized Memory Corruption
Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability."
EIP-2026-114618 EXPLOITDB c WORKING POC
ZeroBoard - Worm Source Code
CVE-2005-0792 EXPLOITDB text WORKING POC
ZPanel 2.0 - SQL Injection via uname or page Parameter
SQL injection vulnerability in ZPanel 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter to index.php or (2) page parameter to zpanel.php.
EIP-2026-113493 EXPLOITDB WORKING POC
WordPress Core 1.5.1.3 - Remote Code Execution (Metasploit)
CVE-2005-2612 EXPLOITDB ruby WORKING POC
WordPress <1.5.1.3 - Code Injection
Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie.
CVE-2005-0511 EXPLOITDB ruby WORKING POC
vBulletin <= 3.0.6 - Remote Code Execution via Template Parameter
misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.
EIP-2026-112987 EXPLOITDB WORKING POC
vBulletin 3.0.6 - 'template' Command Execution (Metasploit)
CVE-2005-0511 EXPLOITDB text WORKING POC
vBulletin <= 3.0.6 - Remote Code Execution via Template Parameter
misc.php for vBulletin 3.0.6 and earlier, when "Add Template Name in HTML Comments" is enabled, allows remote attackers to execute arbitrary PHP code via nested variables in the template parameter.
EIP-2026-112988 EXPLOITDB c SCANNER
vBulletin 3.0.8 - Accessible Database Backup Searcher (3)
EIP-2026-113319 EXPLOITDB html WORKING POC
WEBInsta MM 1.3e - 'absolute_path' Remote File Inclusion
EIP-2026-112684 EXPLOITDB perl WORKING POC
TikiWiki 1.9.8 - 'tiki-graph_formula.php' Command Execution
CVE-2006-4213 EXPLOITDB text WORKING POC
PHP <0.4.6 - Remote Code Execution
PHP remote file inclusion vulnerability in config.php in David Kent Norman Thatware 0.4.6 and possibly earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter.
CVE-2007-2347 EXPLOITDB text WORKING POC
OneClick CMS < 05.10 - Remote File Inclusion via site_path Parameter
PHP remote file inclusion vulnerability in main/forum/komentar.php in OneClick CMS (aka Sisplet CMS) 05.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter.
CVE-2006-4158 EXPLOITDB text WORKING POC
spaminator < 1.7 - Remote File Inclusion via Login.php Page Parameter
PHP remote file inclusion vulnerability in Login.php in Spaminator 1.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the page parameter.
CVE-2008-1462 EXPLOITDB text WRITEUP
RunCMS - Section Module < SQL Injection
SQL injection vulnerability in the sections (Section) module in RunCMS allows remote attackers to execute arbitrary SQL commands via the artid parameter in a viewarticle action.