Nine:Situations:Group::bruiser

8 exploits Active since Sep 2008
CVE-2008-4471 EXPLOITDB html WORKING POC
Autodesk Design Review and DWF Viewer - Path Traversal and Arbitrary File Write via SaveAS Method
Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via "..\" sequences in the argument to the SaveAS method.
CVE-2008-6922 EXPLOITDB php WORKING POC
CMailServer 5.4.6 - Stack-Based Buffer Overflow via Multiple CMailCOM.dll Methods
Multiple stack-based buffer overflows in CMailCOM.dll in CMailServer 5.4.6 allow remote attackers to execute arbitrary code via a long argument to the (1) CreateUserPath, (2) Logout, (3) DeleteMailByUID, (4) MoveToInbox, (5) MoveToFolder, (6) DeleteMailEx, (7) GetMailDataEx, (8) SetReplySign, (9) SetForwardSign, and (10) SetReadSign methods, which are not properly handled by (a) the POP3 Class ActiveX control (CMailCom.POP3); or a long argument to the (11) AddAttach, (12) SetSubject, (13) SetBcc, (14) SetBody, (15) SetCc, (16) SetFrom, (17) SetTo, and (18) SetFromUID methods, which are not properly handled by the Class ActiveX control (CMailCOM.SMTP), as demonstrated via the indexOfMail parameter to mwmail.asp.
CVE-2008-4342 EXPLOITDB html WORKING POC
BurnAware - Arbitrary File Write via NMSDVDX.DVDEngineX ActiveX Control
NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs.
EIP-2026-119176 EXPLOITDB html WORKING POC
SupportSoft DNA Editor Module - 'dnaedit.dll' Code Execution
CVE-2009-3691 EXPLOITDB php WORKING POC
IBM Informix Client SDK 3.0 and 3.50 - Remote Code Execution via Crafted .nfx File
Multiple integer overflows in setnet32.exe 3.50.0.13752 in IBM Informix Client SDK 3.0 and 3.50 and Informix Connect Runtime 3.x allow remote attackers to execute arbitrary code via a .nfx file with a crafted (1) HostSize, and possibly (2) ProtoSize and (3) ServerSize, field that triggers a stack-based buffer overflow involving a crafted HostList field. NOTE: some of these details are obtained from third party information.
CVE-2008-4472 EXPLOITDB html WORKING POC
Autodesk Design Review and Revit Architecture 2009 - Remote Code Execution via LiveUpdate ActiveX ApplyPatch Method
The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method.
EIP-2026-117137 EXPLOITDB text WRITEUP
EPSON Status Monitor 3 - Local Privilege Escalation
CVE-2008-6953 EXPLOITDB text WORKING POC
ooVoo 1.7.1.35 - Buffer Overflow via Long oovoo: URI
Buffer overflow in oovoo.exe in ooVoo 1.7.1.35, and possibly other versions before 1.7.1.59, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long oovoo: URI.