Trancer

36 exploits Active since Apr 2003
CVE-2009-4588 EXPLOITDB ruby WORKING POC
WindsPlayerIE.View.1 - Buffer Overflow
Heap-based buffer overflow in the WindsPlayerIE.View.1 ActiveX control in WindsPly.ocx 3.5.0.0 Beta, 3.0.0.5, and earlier in AwingSoft Awakening Web3D Player and Winds3D Viewer allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long SceneUrl property value, a different vulnerability than CVE-2009-2386. NOTE: some of these details are obtained from third party information.
EIP-2026-118288 EXPLOITDB ruby WORKING POC
Autodesk IDrop - ActiveX Control Heap Memory Corruption (Metasploit)
EIP-2026-118268 EXPLOITDB ruby WORKING POC
AOL 9.5 - Phobos.Playlist 'Import()' Remote Buffer Overflow (Metasploit)
CVE-2009-4606 EXPLOITDB ruby WORKING POC
South River Technologies Webdrive - Access Control
South River Technologies WebDrive 9.02 build 2232 installs the WebDrive Service without a security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command.
CVE-2008-0015 EXPLOITDB HIGH ruby WORKING POC
ATL < unknown - Buffer Overflow
Stack-based buffer overflow in the CComVariant::ReadFromStream function in the Active Template Library (ATL), as used in the MPEG2TuneRequest ActiveX control in msvidctl.dll in DirectShow, in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted web page, as exploited in the wild in July 2009, aka "Microsoft Video ActiveX Control Vulnerability."
CVSS 8.8
EIP-2026-116798 EXPLOITDB ruby WORKING POC
AOL 9.5 - 'Phobos.Playlist Import()' Stack Buffer Overflow (Metasploit)
CVE-2009-2484 EXPLOITDB ruby WORKING POC
VLC media player <0.9.9 - Buffer Overflow
Stack-based buffer overflow in the Win32AddConnection function in modules/access/smb.c in VideoLAN VLC media player 0.9.9, when running on Microsoft Windows, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long smb URI in a playlist file.
CVE-2002-1561 EXPLOITDB c WORKING POC
Windows <XP - DoS
The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference.
EIP-2026-106220 EXPLOITDB text WORKING POC
cPanel and WHM 11.25 - 'failurl' HTTP Response Splitting
CVE-2009-0744 EXPLOITDB text WORKING POC
Apple Safari 4 Beta <528.16 - DoS
Apple Safari 4 Beta build 528.16 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a feeds: URI beginning with a (1) % (percent), (2) { (open curly bracket), (3) } (close curly bracket), (4) ^ (caret), (5) ` (backquote), or (6) | (pipe) character, followed by an & (ampersand) character.
EIP-2026-104211 EXPLOITDB text WRITEUP
cPanel - HTTP Response Splitting