MC

466 exploits Active since Mar 1998
CVE-2007-3147 EXPLOITDB ruby WORKING POC
Yahoo! Messenger - Buffer Overflow in Webcam Upload ActiveX Control
Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information.
CVE-2007-4515 EXPLOITDB ruby WORKING POC
Yahoo! services suite - Buffer Overflow
Buffer overflow in a certain ActiveX control in YVerInfo.dll before 2007.8.27.1 in the Yahoo! services suite for Yahoo! Messenger before 8.1.0.419 allows remote attackers to execute arbitrary code via unspecified vectors involving arguments to the (1) fvCom and (2) info methods. NOTE: some of these details are obtained from third party information.
CVE-2006-5792 EXPLOITDB ruby WORKING POC
XLink Omni-NFS Enterprise - Remote Code Execution
Unspecified vulnerability in XLink Omni-NFS Enterprise allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by vd_xlink2.pm, an "Omni-NFS Enterprise remote exploit." NOTE: this is probably a different vulnerability than CVE-2006-5780. As of 20061107, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2006-5792 EXPLOITDB ruby WORKING POC
XLink Omni-NFS Enterprise - Remote Code Execution
Unspecified vulnerability in XLink Omni-NFS Enterprise allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by vd_xlink2.pm, an "Omni-NFS Enterprise remote exploit." NOTE: this is probably a different vulnerability than CVE-2006-5780. As of 20061107, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes.
CVE-2007-0348 EXPLOITDB ruby WORKING POC
InterActual Player 2.60.12.0717 - Stack-based Buffer Overflow via ApplicationType Property
Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in (1) InterActual Player 2.60.12.0717, (2) Roxio CinePlayer 3.2, (3) WinDVD 7.0.27.172, and possibly other products, allows remote attackers to execute arbitrary code via a long ApplicationType property.
CVE-2008-0065 EXPLOITDB ruby WORKING POC
Nullsoft Winamp 5.21-5.51 - Remote Code Execution via Ultravox Streaming Metadata
Multiple stack-based buffer overflows in in_mp3.dll in Winamp 5.21, 5.5, and 5.51 allow remote attackers to execute arbitrary code via a long (1) artist or (2) name tag in Ultravox streaming metadata, related to construction of stream titles.
CVE-2008-5159 EXPLOITDB ruby WORKING POC
Client Software WinCom LPD Total < 3.0.2.623 - Denial of Service via Large String Length Argument
Integer overflow in the remote administration protocol processing in Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to cause a denial of service (crash) via a large string length argument, which triggers memory corruption.
CVE-2004-1373 EXPLOITDB ruby WORKING POC
SHOUTcast 1.9.4 - Remote Code Execution via Format String in Content URL
Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via format string specifiers in a content URL, as demonstrated in the filename portion of a .mp3 file.
CVE-2006-2630 EXPLOITDB ruby WORKING POC
Symantec Client Security 3.1 and Norton Antivirus 10.1 - Stack-Based Buffer Overflow
Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors.
CVE-2008-5492 EXPLOITDB ruby WORKING POC
VeryDOC PDF Viewer OCX Control <2.0.0.1 - Buffer Overflow
Heap-based buffer overflow in the PDFVIEW.PdfviewCtrl.1 ActiveX control in pdfview.ocx 2.0.0.1 in VeryDOC PDF Viewer OCX Control allows remote attackers to execute arbitrary code via a long first argument to the OpenPDF method. NOTE: some of these details are obtained from third party information.
CVE-2006-1652 EXPLOITDB ruby WORKING POC
UltraVNC and tabbed_viewer - Buffer Overflow via Long String on TCP Port 5900
Multiple buffer overflows in (a) UltraVNC (aka Ultr@VNC) 1.0.1 and earlier and (b) tabbed_viewer 1.29 (1) allow user-assisted remote attackers to execute arbitrary code via a malicious server that sends a long string to a client that connects on TCP port 5900, which triggers an overflow in Log::ReallyPrint; and (2) allow remote attackers to cause a denial of service (server crash) via a long HTTP GET request to TCP port 5800, which triggers an overflow in VNCLog::ReallyPrint.
CVE-2007-1070 EXPLOITDB ruby WORKING POC
Trend Micro ServerProtect for Windows & EMC 5.58-5.62 - RCE
Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll.
CVE-2007-2508 EXPLOITDB ruby WORKING POC
Trend Micro ServerProtect <5.58 - Buffer Overflow
Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2 Build 1174 allow remote attackers to execute arbitrary code via crafted data to (1) TCP port 5168, which triggers an overflow in the CAgRpcClient::CreateBinding function in the AgRpcCln.dll library in SpntSvc.exe; or (2) TCP port 3628, which triggers an overflow in EarthAgent.exe. NOTE: both issues are reachable via TmRpcSrv.dll.
CVE-2007-2508 EXPLOITDB ruby WORKING POC
Trend Micro ServerProtect <5.58 - Buffer Overflow
Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2 Build 1174 allow remote attackers to execute arbitrary code via crafted data to (1) TCP port 5168, which triggers an overflow in the CAgRpcClient::CreateBinding function in the AgRpcCln.dll library in SpntSvc.exe; or (2) TCP port 3628, which triggers an overflow in EarthAgent.exe. NOTE: both issues are reachable via TmRpcSrv.dll.
CVE-2007-2508 EXPLOITDB ruby WORKING POC
Trend Micro ServerProtect <5.58 - Buffer Overflow
Multiple stack-based buffer overflows in Trend Micro ServerProtect 5.58 before Security Patch 2 Build 1174 allow remote attackers to execute arbitrary code via crafted data to (1) TCP port 5168, which triggers an overflow in the CAgRpcClient::CreateBinding function in the AgRpcCln.dll library in SpntSvc.exe; or (2) TCP port 3628, which triggers an overflow in EarthAgent.exe. NOTE: both issues are reachable via TmRpcSrv.dll.
CVE-2007-0325 EXPLOITDB ruby WORKING POC
Trend Micro OfficeScan and Client/Server/Messaging Security - Remote Code Execution via Crafted HTML Document
Multiple buffer overflows in the Trend Micro OfficeScan Web-Deployment SetupINICtrl ActiveX control in OfficeScanSetupINI.dll, as used in OfficeScan 7.0 before Build 1344, OfficeScan 7.3 before Build 1241, and Client / Server / Messaging Security 3.0 before Build 1197, allow remote attackers to execute arbitrary code via a crafted HTML document.
CVE-2002-2226 EXPLOITDB ruby WORKING POC
tftpd32 < 2.21 - Remote Code Execution via Long Filename
Buffer overflow in tftpd of TFTP32 2.21 and earlier allows remote attackers to execute arbitrary code via a long filename argument.
CVE-2006-4318 EXPLOITDB ruby WORKING POC
WFTPD Server 3.23 - Remote Code Execution via Long SIZE Command
Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands.
CVE-2009-1429 EXPLOITDB ruby WORKING POC
Symantec AntiVirus < 9.0 and 10.0-10.1 - Remote Code Execution via Crafted Packet
The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary commands via a crafted packet whose contents are interpreted as a command to be launched in a new process by the CreateProcessA function.
EIP-2026-119184 EXPLOITDB ruby WORKING POC
Symantec System Center Alert Management System - 'hndlrsvc.exe' Arbitrary Command Execution (Metasploit)
CVE-2002-1359 EXPLOITDB ruby WORKING POC
Cisco IOS - Denial of Service via Large SSH Packet Handling
Multiple SSH2 servers and clients do not properly handle large packets or large fields, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code via buffer overflow attacks, as demonstrated by the SSHredder SSH protocol test suite.
CVE-2004-0326 EXPLOITDB ruby WORKING POC
professional_gatekeeper 4.7 - Remote Code Execution via Long GET Request
Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote attackers to execute arbitrary code via a long GET request.
CVE-2009-1029 EXPLOITDB ruby WORKING POC
POP Peeper < 3.4.0.0 - Remote Code Execution via Long Date Header
Stack-based buffer overflow in POP Peeper 3.4.0.0 and earlier allows remote POP3 servers to execute arbitrary code via a long Date header, related to Imap.dll.
CVE-2009-1029 EXPLOITDB ruby WORKING POC
POP Peeper < 3.4.0.0 - Remote Code Execution via Long Date Header
Stack-based buffer overflow in POP Peeper 3.4.0.0 and earlier allows remote POP3 servers to execute arbitrary code via a long Date header, related to Imap.dll.
CVE-2009-0187 EXPLOITDB ruby WORKING POC
Orbit Downloader <2.8.5 - Buffer Overflow
Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and possibly other versions before 2.8.5, allows remote attackers to execute arbitrary code via a crafted HTTP URL with a long host name, which is not properly handled when constructing a "Connecting" log message.