Nine:Situations:Group

52 exploits Active since Jun 2008
CVE-2008-5750 EXPLOITDB html WORKING POC
Microsoft Internet Explorer 8 beta 2 - Command Injection
Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
CVE-2008-4472 EXPLOITDB html WORKING POC
Autodesk Design Review and Revit Architecture 2009 - Remote Code Execution via LiveUpdate ActiveX ApplyPatch Method
The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method.
EIP-2026-118269 EXPLOITDB html WORKING POC
AOL IWinAmpActiveX Class - 'ConvertFile()' Remote Buffer Overflow
EIP-2026-118209 EXPLOITDB php WORKING POC
Zoom Player Pro 3.30 - '.m3u' Local Buffer Overflow (SEH)
CVE-2009-2261 EXPLOITDB php WORKING POC
PeaZIP <2.6.1-2.5.1 - Command Injection
PeaZIP 2.6.1, 2.5.1, and earlier on Windows allows user-assisted remote attackers to execute arbitrary commands via a .zip archive with a .txt file whose name contains | (pipe) characters and a command.
CVE-2009-1744 EXPLOITDB php WORKING POC
Pinnacle Studio 12 - Denial of Service via Crafted Hollywood FX Archive
InstallHFZ.exe 6.5.201.0 in Pinnacle Hollywood Effects 6, a module in Pinnacle Systems Pinnacle Studio 12, allows remote attackers to cause a denial of service (application crash) via a crafted Hollywood FX Compressed Archive (.hfz) file.
CVE-2009-1039 EXPLOITDB php WORKING POC
CDex 1.70b2 - Remote Code Execution via Crafted Ogg Vorbis Info Header
Buffer overflow in CDex 1.70b2 allows remote attackers to execute arbitrary code via a crafted Info header in an Ogg Vorbis (.ogg) file.
EIP-2026-117137 EXPLOITDB text WRITEUP
EPSON Status Monitor 3 - Local Privilege Escalation
CVE-2009-4676 EXPLOITDB php WORKING POC
JetAudio <7.5.3.15 - Buffer Overflow
Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5.2 and 7.5.3.15 allows remote attackers to execute arbitrary code via a long title in a FLAC file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2009-1068 EXPLOITDB php WORKING POC
BS.Player <=2.34 Build 980 - Stack-based Buffer Overflow via Long Hostname in .bsl Playlist File
Stack-based buffer overflow in BS.Player (bsplayer) 2.32 Build 975 Free and 2.34 Build 980 PRO and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long hostname in a .bsl playlist file.
CVE-2009-2564 EXPLOITDB text WRITEUP
NOS Microsystems getPlus Download Manager - Privilege Escalation
NOS Microsystems getPlus Download Manager, as used in Adobe Reader 1.6.2.36 and possibly other versions, Corel getPlus Download Manager before 1.5.0.48, and possibly other products, installs NOS\bin\getPlus_HelperSvc.exe with insecure permissions (Everyone:Full Control), which allows local users to gain SYSTEM privileges by replacing getPlus_HelperSvc.exe with a Trojan horse program, as demonstrated by use of getPlus Download Manager within Adobe Reader. NOTE: within Adobe Reader, the scope of this issue is limited because the program is deleted and the associated service is not automatically launched after a successful installation and reboot.
EIP-2026-116726 EXPLOITDB python WORKING POC
Adobe Acrobat 9.1.2 NOS - Local Privilege Escalation
CVE-2008-6953 EXPLOITDB text WORKING POC
ooVoo 1.7.1.35 - Buffer Overflow via Long oovoo: URI
Buffer overflow in oovoo.exe in ooVoo 1.7.1.35, and possibly other versions before 1.7.1.59, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long oovoo: URI.
CVE-2009-1915 EXPLOITDB php WORKING POC
ICQ 6.5 - Stack-based Buffer Overflow via Long URL Parameter in .URL File
Stack-based buffer overflow in the URL Search Hook (ICQToolBar.dll) in ICQ 6.5 allows remote attackers to cause a denial of service (persistent crash) and possibly execute arbitrary code via an Internet shortcut .URL file containing a long URL parameter, which triggers a crash when browsing a folder that contains this file.
CVE-2009-1516 EXPLOITDB php WORKING POC
IceWarp Merak Mail Server 9.4.1 - Stack-Based Buffer Overflow via Base64FileEncode Method
Stack-based buffer overflow in the IceWarpServer.APIObject ActiveX control in api.dll in IceWarp Merak Mail Server 9.4.1 might allow context-dependent attackers to execute arbitrary code via a large value in the second argument to the Base64FileEncode method, as possibly demonstrated by a web application that accepts untrusted input for this method.
CVE-2008-2511 EXPLOITDB html WORKING POC
CA Internet Security Suite Plus 2008 - Arbitrary File Write via UmxEventCli ActiveX SaveToFile Method
Directory traversal vulnerability in the UmxEventCli.CachedAuditDataList.1 (aka UmxEventCliLib) ActiveX control in UmxEventCli.dll in CA Internet Security Suite 2008 allows remote attackers to create and overwrite arbitrary files via a .. (dot dot) in the argument to the SaveToFile method. NOTE: this can be leveraged for code execution by writing to a Startup folder. NOTE: some of these details are obtained from third party information.
EIP-2026-115019 EXPLOITDB html WORKING POC
CA Internet Security Suite - 'UmxEventCli.dll' ActiveX Control Arbitrary File Overwrite
EIP-2026-111352 EXPLOITDB php WORKING POC
Pluck CMS 4.5.3 - 'update.php' Remote File Corruption
CVE-2008-3128 EXPLOITDB php WORKING POC
Pivot 1.40.5 - Path Traversal via Search Parameter
Directory traversal vulnerability in search.php in Pivot 1.40.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the t parameter.
EIP-2026-111083 EXPLOITDB text WORKING POC
PHPizabi 0.848b C1 HFP1 - Privilege Escalation
CVE-2009-4796 EXPLOITDB php WORKING POC
glFusion <= 1.1.2 - SQL Injection via Order and Direction Parameters
Multiple SQL injection vulnerabilities in the ExecuteQueries function in private/system/classes/listfactory.class.php in glFusion 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order and (2) direction parameters to search.php.
EIP-2026-107601 EXPLOITDB text WORKING POC
hMAilServer 4.4.2 - 'PHPWebAdmin' File Inclusion
EIP-2026-107368 EXPLOITDB php WORKING POC
Geeklog 1.5.2 - 'SEC_authenticate()' SQL Injection
CVE-2009-1283 EXPLOITDB php WORKING POC
glFusion < 1.1.3 - Unauthenticated Privilege Escalation via Password Hash Cookie
glFusion before 1.1.3 performs authentication with a user-provided password hash instead of a password, which allows remote attackers to gain privileges by obtaining the hash and using it in the glf_password cookie, aka "User Masquerading." NOTE: this can be leveraged with a separate SQL injection vulnerability to steal hashes.
EIP-2026-107367 EXPLOITDB php WORKING POC
Geeklog 1.5.2 - 'savepreferences()/*blocks[]' SQL Injection