MC

466 exploits Active since Mar 1998
CVE-2010-4742 METASPLOIT ruby WORKING POC
Moxa ActiveX SDK <2.2.0.5 - Buffer Overflow
Stack-based buffer overflow in a certain ActiveX control in MediaDBPlayback.DLL 2.2.0.5 in the Moxa ActiveX SDK allows remote attackers to execute arbitrary code via a long PlayFileName property value.
CVE-2002-0965 METASPLOIT ruby WORKING POC
Oracle 9i - Buffer Overflow via Long SERVICE_NAME Parameter
Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file.
CVE-2010-4142 METASPLOIT ruby WORKING POC
DATAC RealWin <= 2.0 Build 6.1.8.10 - Stack-Based Buffer Overflow via Long SCPC Packet
Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8.10 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) SCPC_INITIALIZE, (2) SCPC_INITIALIZE_RF, or (3) SCPC_TXTEVENT packet. NOTE: it was later reported that 1.06 is also affected by one of these requests.
CVE-2009-3861 METASPLOIT ruby WORKING POC
SafeNet SoftRemote <10.8.9 - Buffer Overflow
Stack-based buffer overflow in SafeNet SoftRemote 10.8.5 (Build 2) and 10.3.5 (Build 6), and possibly other versions before 10.8.9, allows local users to execute arbitrary code via a long string in a (1) TREENAME or (2) GROUPNAME Policy file (spd).
CVE-2008-5159 METASPLOIT ruby WORKING POC
Client Software WinCom LPD Total < 3.0.2.623 - Denial of Service via Large String Length Argument
Integer overflow in the remote administration protocol processing in Client Software WinCom LPD Total 3.0.2.623 and earlier allows remote attackers to cause a denial of service (crash) via a large string length argument, which triggers memory corruption.
CVE-2005-4267 METASPLOIT ruby WORKING POC
Qualcomm WorldMail 3.0 - Remote Code Execution via Long IMAP Command
Stack-based buffer overflow in Qualcomm WorldMail 3.0 allows remote attackers to execute arbitrary code via a long IMAP command that ends with a "}" character, as demonstrated using long (1) LIST, (2) LSUB, (3) SEARCH TEXT, (4) STATUS INBOX, (5) AUTHENTICATE, (6) FETCH, (7) SELECT, and (8) COPY commands.
CVE-2007-4776 METASPLOIT ruby WORKING POC
Microsoft Visual Basic 6.0 and Enterprise Edition 6.0 SP6 - Buffer Overflow via Long Reference Line in VBP File
Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a Visual Basic project (vbp) file containing a long Reference line, related to VBP_Open and OLE. NOTE: there are limited usage scenarios under which this would be a vulnerability.
CVE-2006-6251 METASPLOIT ruby WORKING POC
VUPlayer < 2.44 - Remote Code Execution via Long M3U File String
Stack-based buffer overflow in VUPlayer 2.44 and earlier allows remote attackers to execute arbitrary code via a long string in an M3U file, aka an "M3U UNC Name" attack.
CVE-2010-4142 METASPLOIT ruby WORKING POC
DATAC RealWin <= 2.0 Build 6.1.8.10 - Stack-Based Buffer Overflow via Long SCPC Packet
Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8.10 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) SCPC_INITIALIZE, (2) SCPC_INITIALIZE_RF, or (3) SCPC_TXTEVENT packet. NOTE: it was later reported that 1.06 is also affected by one of these requests.
CVE-2010-0111 METASPLOIT ruby WORKING POC
Symantec AntiVirus Corporate Edition < 10.1 MR10 - Remote Code Execution via UNC Share Pathname
HDNLRSVC.EXE in the Intel Alert Handler service (aka Symantec Intel Handler service) in Intel Alert Management System (aka AMS or AMS2), as used in Symantec AntiVirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary programs by sending msgsys.exe a UNC share pathname, which is used directly in a CreateProcessA (aka CreateProcess) call.
CVE-2008-4322 METASPLOIT ruby WORKING POC
RealWin Server 2.0 - Remote Code Execution via Crafted FC_INFOTAG/SET_CONTROL Packet
Stack-based buffer overflow in RealFlex Technologies Ltd. RealWin Server 2.0, as distributed by DATAC, allows remote attackers to execute arbitrary code via a crafted FC_INFOTAG/SET_CONTROL packet.
CVE-2010-4142 METASPLOIT ruby WORKING POC
DATAC RealWin <= 2.0 Build 6.1.8.10 - Stack-Based Buffer Overflow via Long SCPC Packet
Multiple stack-based buffer overflows in DATAC RealWin 2.0 Build 6.1.8.10 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) SCPC_INITIALIZE, (2) SCPC_INITIALIZE_RF, or (3) SCPC_TXTEVENT packet. NOTE: it was later reported that 1.06 is also affected by one of these requests.
CVE-2008-20001 METASPLOIT HIGH ruby WORKING POC
activePDF WebGrabber 3.8.2.0 - Buffer Overflow
activePDF WebGrabber version 3.8.2.0 contains a stack-based buffer overflow vulnerability in the GetStatus() method of the APWebGrb.ocx ActiveX control. By passing an overly long string to this method, a remote attacker can execute arbitrary code in the context of the vulnerable process. Although the control is not marked safe for scripting, exploitation is possible via crafted HTML content in Internet Explorer under permissive security settings.
CVE-2009-0658 METASPLOIT HIGH ruby WORKING POC
Adobe Reader <9.0 - Buffer Overflow
Buffer overflow in Adobe Reader 9.0 and earlier, and Acrobat 9.0 and earlier, allows remote attackers to execute arbitrary code via a crafted PDF document, related to a non-JavaScript function call and possibly an embedded JBIG2 image stream, as exploited in the wild in February 2009 by Trojan.Pidief.E.
CVSS 7.8
CVE-2006-4318 METASPLOIT ruby WORKING POC
WFTPD Server 3.23 - Remote Code Execution via Long SIZE Command
Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands.
CVE-2011-1566 METASPLOIT ruby WORKING POC
7-Technologies IGSS <9.00.00.11059 - Path Traversal
Directory traversal vulnerability in dc.exe 9.00.00.11059 and earlier in 7-Technologies Interactive Graphical SCADA System (IGSS) allows remote attackers to execute arbitrary programs via ..\ (dot dot backslash) sequences in opcodes (1) 0xa and (2) 0x17 to TCP port 12397.
CVE-2009-1429 METASPLOIT ruby WORKING POC
Symantec AntiVirus < 9.0 and 10.0-10.1 - Remote Code Execution via Crafted Packet
The Intel LANDesk Common Base Agent (CBA) in Symantec Alert Management System 2 (AMS2), as used in Symantec System Center (SSS); Symantec AntiVirus Server; Symantec AntiVirus Central Quarantine Server; Symantec AntiVirus (SAV) Corporate Edition 9 before 9.0 MR7, 10.0 and 10.1 before 10.1 MR8, and 10.2 before 10.2 MR2; Symantec Client Security (SCS) 2 before 2.0 MR7 and 3 before 3.1 MR8; and Symantec Endpoint Protection (SEP) before 11.0 MR3, allows remote attackers to execute arbitrary commands via a crafted packet whose contents are interpreted as a command to be launched in a new process by the CreateProcessA function.
CVE-2006-2961 METASPLOIT ruby WORKING POC
CesarFTP <= 0.99g - Stack-Based Buffer Overflow via MKD Command
Stack-based buffer overflow in CesarFTP 0.99g and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MKD command. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2005-3683 METASPLOIT ruby WORKING POC
freeFTPd < 1.0.9 - Stack-Based Buffer Overflow via Long USER Command
Stack-based buffer overflow in freeFTPd before 1.0.9 with Logging enabled, allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a long USER command.
CVE-2008-2992 METASPLOIT HIGH ruby WORKING POC
Adobe Acrobat and Reader < 8.1.2 - Remote Code Execution via util.printf Format String
Stack-based buffer overflow in Adobe Acrobat and Reader 8.1.2 and earlier allows remote attackers to execute arbitrary code via a PDF file that calls the util.printf JavaScript function with a crafted format string argument, a related issue to CVE-2008-1104.
CVSS 7.8
CVE-2011-0517 METASPLOIT ruby WORKING POC
Sielco Sistemi Winlog Pro < 2.07.00 - Remote Code Execution via Crafted 0x02 Opcode
Stack-based buffer overflow in Sielco Sistemi Winlog Pro 2.07.00 and earlier, when Run TCP/IP server is enabled, allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a crafted 0x02 opcode to TCP port 46823.
CVE-2007-2193 METASPLOIT ruby WORKING POC
ACDSee 9.0/Pro 8.1/Photo Editor 4.0 - Stack-Based Buffer Overflow via Crafted XPM File
Stack-based buffer overflow in the ID_X.apl plugin in ACDSee 9.0 Build 108, Pro 8.1 Build 99, and Photo Editor 4.0 Build 195 allows user-assisted remote attackers to execute arbitrary code via a crafted XPM file with a long section string. NOTE: some of these details are obtained from third party information.
CVE-2008-4654 METASPLOIT ruby WORKING POC
VLC Media Player 0.9.0-0.9.4 - Stack-Based Buffer Overflow in Ty Demux Plugin
Stack-based buffer overflow in the parse_master function in the Ty demux plugin (modules/demux/ty.c) in VLC Media Player 0.9.0 through 0.9.4 allows remote attackers to execute arbitrary code via a TiVo TY media file with a header containing a crafted size value.
CVE-2003-0727 METASPLOIT ruby WORKING POC
Oracle 9i Database Release 2 - Buffer Overflow
Multiple buffer overflows in the XML Database (XDB) functionality for Oracle 9i Database Release 2 allow local users to cause a denial of service or hijack user sessions.
CVE-2007-1070 METASPLOIT ruby WORKING POC
Trend Micro ServerProtect for Windows & EMC 5.58-5.62 - RCE
Multiple stack-based buffer overflows in Trend Micro ServerProtect for Windows and EMC 5.58, and for Network Appliance Filer 5.61 and 5.62, allow remote attackers to execute arbitrary code via crafted RPC requests to TmRpcSrv.dll that trigger overflows when calling the (1) CMON_NetTestConnection, (2) CMON_ActiveUpdate, and (3) CMON_ActiveRollback functions in (a) StCommon.dll, and (4) ENG_SetRealTimeScanConfigInfo and (5) ENG_SendEMail functions in (b) eng50.dll.