Carsten Eiram

9 exploits Active since Dec 2004
CVE-2012-0284 METASPLOIT ruby WORKING POC
Cisco Linksys PlayerPT <1.0.0.15 - Buffer Overflow
Stack-based buffer overflow in the SetSource method in the Cisco Linksys PlayerPT ActiveX control 1.0.0.15 in PlayerPT.ocx on the Cisco WVC200 Wireless-G PTZ Internet video camera allows remote attackers to execute arbitrary code via a long URL in the first argument (aka the sURL argument).
CVE-2012-0267 METASPLOIT ruby WORKING POC
ntr_activex_control < 1.1.8 - Remote Code Execution via StopModule lModule Parameter
The StopModule method in the NTR ActiveX control before 2.0.4.8 allows remote attackers to execute arbitrary code via a crafted lModule parameter that triggers use of an arbitrary memory address as a function pointer.
CVE-2012-0266 METASPLOIT ruby WORKING POC
NTR ActiveX Control < 2.0.4.8 - Remote Code Execution via Long bstrUrl or bstrParams
Multiple stack-based buffer overflows in the NTR ActiveX control before 2.0.4.8 allow remote attackers to execute arbitrary code via (1) a long bstrUrl parameter to the StartModule method, (2) a long bstrParams parameter to the Check method, a long bstrUrl parameter to the (3) Download or (4) DownloadModule method during construction of a .ntr pathname, or a long bstrUrl parameter to the (5) Download or (6) DownloadModule method during construction of a URL.
CVE-2012-0267 EXPLOITDB ruby WORKING POC
ntr_activex_control < 1.1.8 - Remote Code Execution via StopModule lModule Parameter
The StopModule method in the NTR ActiveX control before 2.0.4.8 allows remote attackers to execute arbitrary code via a crafted lModule parameter that triggers use of an arbitrary memory address as a function pointer.
CVE-2012-0266 EXPLOITDB ruby WORKING POC
NTR ActiveX Control < 2.0.4.8 - Remote Code Execution via Long bstrUrl or bstrParams
Multiple stack-based buffer overflows in the NTR ActiveX control before 2.0.4.8 allow remote attackers to execute arbitrary code via (1) a long bstrUrl parameter to the StartModule method, (2) a long bstrParams parameter to the Check method, a long bstrUrl parameter to the (3) Download or (4) DownloadModule method during construction of a .ntr pathname, or a long bstrUrl parameter to the (5) Download or (6) DownloadModule method during construction of a URL.
CVE-2007-1559 EXPLOITDB html WORKING POC
Roxio CinePlayer 3.2 - Remote Code Execution via Long Property Values or Method Arguments
Multiple stack-based buffer overflows in SonicDVDDashVRNav.dll in Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via (1) unspecified long property values to SonicMediaPlayer.dll or (2) long arguments to unspecified methods in SonicMediaPlayer.dll.
CVE-2012-0284 EXPLOITDB ruby WORKING POC
Cisco Linksys PlayerPT <1.0.0.15 - Buffer Overflow
Stack-based buffer overflow in the SetSource method in the Cisco Linksys PlayerPT ActiveX control 1.0.0.15 in PlayerPT.ocx on the Cisco WVC200 Wireless-G PTZ Internet video camera allows remote attackers to execute arbitrary code via a long URL in the first argument (aka the sURL argument).
CVE-2009-0184 EXPLOITDB text WORKING POC
Free Download Manager <3.0.844 - RCE
Multiple buffer overflows in the torrent parsing implementation in Free Download Manager (FDM) 2.5 Build 758 and 3.0 Build 844 allow remote attackers to execute arbitrary code via (1) a long file name within a torrent file, (2) a long tracker URL in a torrent file, or (3) a long comment in a torrent file.
CVE-2004-1442 EXPLOITDB text WORKING POC
IBM Net.Data 7 and 7.2 - Cross-Site Scripting via Macro Filename
Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in IBM Net.Data 7 and 7.2 allows remote attackers to inject arbitrary web script or HTML via a macro filename, which is not properly handled by error messages such as "DTWP001E."