Core Security

131 exploits Active since Mar 2003
CVE-2009-3576 EXPLOITDB text WRITEUP
Autodesk Softimage 7.x and Softimage XSI 6.x - Remote Code Execution via Scene Table of Contents Script_Content Element
Autodesk Softimage 7.x and Softimage XSI 6.x allow remote attackers to execute arbitrary JavaScript code via a scene package containing a Scene Table of Contents (aka .scntoc) file with a Script_Content element, as demonstrated by code that loads the WScript.Shell ActiveX control.
CVE-2009-4148 EXPLOITDB text WORKING POC
DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 - Remote Code Execution via JavaScript in .ds, .dsa, .dse, or .dsb Files
DAZ Studio 2.3.3.161, 2.3.3.163, and 3.0.1.135 allows remote attackers to execute arbitrary JavaScript code via a (1) .ds, (2) .dsa, (3) .dse, or (4) .dsb file, as demonstrated by code that loads the WScript.Shell ActiveX control, related to a "script injection vulnerability."
CVE-2009-3578 EXPLOITDB text WRITEUP
Autodesk Maya 6.5-2010 and Alias Wavefront Maya 6.5-7.0 - Remote Code Execution via MEL Script Nodes
Autodesk Maya 8.0, 8.5, 2008, 2009, and 2010 and Alias Wavefront Maya 6.5 and 7.0 allow remote attackers to execute arbitrary code via a (1) .ma or (2) .mb file that uses the Maya Embedded Language (MEL) python command or unspecified other MEL commands, related to "Script Nodes."
CVE-2012-2612 EXPLOITDB text WORKING POC
SAP NetWeaver 7.0 EHP1 and EHP2 - Denial of Service via Crafted SAP Diag Packet
The DiagTraceHex function in disp+work.exe 7010.29.15.58313 and 7200.70.18.23869 in the Dispatcher in SAP NetWeaver 7.0 EHP1 and EHP2 allows remote attackers to cause a denial of service (daemon crash) via a crafted SAP Diag packet.
CVE-2013-2577 EXPLOITDB text WRITEUP
XnView < 2.04 - Remote Code Execution via Crafted PCT File
Buffer overflow in XnView before 2.04 allows remote attackers to execute arbitrary code via a crafted PCT file.
CVE-2008-5660 EXPLOITDB text WORKING POC
Vinagre 0.5.x-0.5.1 and 2.x-2.24.1 - Remote Code Execution via Format String in URI or VNC Response
Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response.
CVE-2008-4558 EXPLOITDB text WORKING POC
VLC media player 0.9.2 - Remote Code Execution via XSPF Playlist Negative Identifier Tag
Array index error in VLC media player 0.9.2 allows remote attackers to overwrite arbitrary memory and execute arbitrary code via an XSPF playlist file with a negative identifier tag, which passes a signed comparison.
CVE-2013-1592 EXPLOITDB CRITICAL text WORKING POC
SAP NetWeaver - Buffer Overflow in Message Server _MsJ2EE_AddStatistics() Function
A Buffer Overflow vulnerability exists in the Message Server service _MsJ2EE_AddStatistics() function when sending specially crafted SAP Message Server packets to remote TCP ports 36NN and/or 39NN in SAP NetWeaver 2004s, 7.01 SR1, 7.02 SP06, and 7.30 SP04, which could let a remote malicious user execute arbitrary code.
CVSS 9.8
CVE-2014-0995 EXPLOITDB text WORKING POC
SAP NetWeaver <= 7.01 - Denial of Service via Trace Pattern Wildcard
The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern.
CVE-2011-1984 EXPLOITDB text WORKING POC
Microsoft WINS - Privilege Escalation
WINS in Microsoft Windows Server 2003 SP2 and Server 2008 SP2, R2, and R2 SP1 allows local users to gain privileges by sending crafted packets over the loopback interface, aka "WINS Local Elevation of Privilege Vulnerability."
CVE-2013-5058 EXPLOITDB text WORKING POC
Microsoft Windows - Privilege Escalation
Integer overflow in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges via a crafted application, aka "Win32k Integer Overflow Vulnerability."
CVE-2010-1897 EXPLOITDB text WORKING POC
Windows Kernel win32k.sys - Privilege Escalation via Pseudo-Handle Validation Bypass
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability."
CVE-2014-0980 EXPLOITDB text WRITEUP
Publish-It PUI Buffer Overflow (SEH)
Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file.
CVE-2012-2614 EXPLOITDB text WORKING POC
Lattice Diamond Programmer 1.4.2 - Buffer Overflow
Buffer overflow in programmer.exe in Lattice Diamond Programmer 1.4.2 allows user-assisted remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long string in a version attribute of an ispXCF element in an .xcf file.
CVE-2011-1866 EXPLOITDB text WORKING POC
HP OpenView Storage Data Protector <6.20 - Buffer Overflow
Buffer overflow in omniinet.exe in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allows remote attackers to execute arbitrary code via a crafted request, related to the EXEC_CMD functionality.
CVE-2011-1865 EXPLOITDB text WORKING POC
HP OpenView Storage Data Protector <6.20 - Buffer Overflow
Multiple stack-based buffer overflows in the inet service in HP OpenView Storage Data Protector 6.00 through 6.20 allow remote attackers to execute arbitrary code via a request containing crafted parameters.
CVE-2009-3840 EXPLOITDB text WORKING POC
HP OpenView Network Node Manager 7.51 and 7.53 - Denial of Service via Invalid Error Code Field
The embedded database engine service (aka ovdbrun.exe) in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to cause a denial of service (daemon crash) via an invalid Error Code field in a packet.
CVE-2009-3840 EXPLOITDB text WORKING POC
HP OpenView Network Node Manager 7.51 and 7.53 - Denial of Service via Invalid Error Code Field
The embedded database engine service (aka ovdbrun.exe) in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows remote attackers to cause a denial of service (daemon crash) via an invalid Error Code field in a packet.
CVE-2013-4988 EXPLOITDB text WRITEUP
IcoFX < 2.5 - Remote Code Execution via Long idCount in ICONDIR Structure
Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. NOTE: some of these details are obtained from third party information.
CVE-2003-0220 EXPLOITDB python WORKING POC
Kerio Personal Firewall <2.1.4 - RCE
Buffer overflow in the administrator authentication process for Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attackers to execute arbitrary code via a handshake packet.
CVE-2011-1872 EXPLOITDB text WORKING POC
Microsoft Windows Server <2008 Gold-SP1 - DoS
Hyper-V in Microsoft Windows Server 2008 Gold, SP2, R2, and R2 SP1 allows guest OS users to cause a denial of service (host OS infinite loop) via malformed machine instructions in a VMBus packet, aka "VMBus Persistent DoS Vulnerability."
CVE-2010-3329 EXPLOITDB text WORKING POC
Microsoft Internet Explorer <8 - RCE
mshtmled.dll in Microsoft Internet Explorer 7 and 8 allows remote attackers to execute arbitrary code via a crafted Microsoft Office document that causes the HtmlDlgHelper class destructor to access uninitialized memory, aka "Uninitialized Memory Corruption Vulnerability."
CVE-2009-2958 EXPLOITDB text WRITEUP
dnsmasq < 2.50 - Denial of Service via Malformed TFTP Blksize Option
The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.
CVE-2015-2281 EXPLOITDB text WORKING POC
Fortinet Single Sign On - Stack-based Buffer Overflow via Large PROCESS_HELLO Message
Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164 allows remote attackers to execute arbitrary code via a large PROCESS_HELLO message to the Message Dispatcher on TCP port 8000.
CVE-2009-2620 EXPLOITDB text WRITEUP
Firebird SQL 1.5-1.5.5, 2.0-2.0.5, 2.1-2.1.2, 2.5 Beta 1 - Denial of Service via Malformed op_connect_request Message
src/remote/server.cpp in fbserver.exe in Firebird SQL 1.5 before 1.5.6, 2.0 before 2.0.6, 2.1 before 2.1.3, and 2.5 before 2.5 Beta 2 allows remote attackers to cause a denial of service (daemon crash) via a malformed op_connect_request message that triggers an infinite loop or NULL pointer dereference.