vlad902

10 exploits Active since Apr 2000
CVE-2013-1690 NOMISEC HIGH WORKING POC
Firefox < 22.0 and Thunderbird < 17.0.7 - Remote Code Execution via onreadystatechange Event Handling
Mozilla Firefox before 22.0, Firefox ESR 17.x before 17.0.7, Thunderbird before 17.0.7, and Thunderbird ESR 17.x before 17.0.7 do not properly handle onreadystatechange events in conjunction with page reloading, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted web site that triggers an attempt to execute data at an unmapped memory location.
14 stars
CVSS 8.8
CVE-2005-0581 EXPLOITDB c WORKING POC
CA License Client and Server 0.1.0.15 - Multiple Buffer Overflow via GCR Request and GETCONFIG Packet
Multiple buffer overflows in Computer Associates (CA) License Client and Server 0.1.0.15 allow remote attackers to execute arbitrary code via (1) certain long fields in the Checksum item in a GCR request, (2) a long IP address, hostname, or netmask values in a GCR request, (3) a long last parameter in a GETCONFIG packet, or (4) long values in a request with an invalid format.
CVE-2003-0027 METASPLOIT ruby WORKING POC
Sun Solaris - Directory Traversal via KCMS KCS_OPEN_PROFILE Procedure
Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.
CVE-2003-0722 METASPLOIT ruby WORKING POC
Solaris - Unauthenticated Remote Privilege Escalation via sadmind AUTH_SYS Spoofing
The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.
CVE-2005-0582 EXPLOITDB c WORKING POC
Computer Associates License Client 0.1.0.15 - Remote Code Execution via Long Filename in PUTOLF Request
Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to execute arbitrary code via a long filename in a PUTOLF request.
CVE-2005-1009 EXPLOITDB c WORKING POC
BakBone NetVault <7 - Buffer Overflow
Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) remote attackers to execute arbitrary code via a modified computer name and length that leads to a heap-based buffer overflow, or (2) local users to execute arbitrary code via a long Name entry in the configure.cfg file.
CVE-2000-0284 EXPLOITDB WORKING POC
University of Washington imapd 4.7 - Authenticated Buffer Overflow via LIST Command
Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
CVE-2000-0284 EXPLOITDB WORKING POC
University of Washington imapd 4.7 - Authenticated Buffer Overflow via LIST Command
Buffer overflow in University of Washington imapd version 4.7 allows users with a valid account to execute commands via LIST or other commands.
CVE-2001-0236 EXPLOITDB WORKING POC
Solaris - Remote Code Execution via SNMP to DMI Mapper Daemon Buffer Overflow
Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long "indication" event.
CVE-2003-0722 EXPLOITDB ruby WORKING POC
Solaris - Unauthenticated Remote Privilege Escalation via sadmind AUTH_SYS Spoofing
The default installation of sadmind on Solaris uses weak authentication (AUTH_SYS), which allows local and remote attackers to spoof Solstice AdminSuite clients and gain root privileges via a certain sequence of RPC packets.