callAX

21 exploits Active since Oct 2003
CVE-2008-1647 EXPLOITDB html WORKING POC
ChilkatHttp <2.4.0.0 - Code Injection
The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll 2.4.0.0, 2.3.0.0, and earlier in ChilkatHttp ActiveX expose the unsafe SaveLastError method, which allows remote attackers to overwrite arbitrary files. NOTE: some of these details are obtained from third party information.
CVE-2007-4059 EXPLOITDB html WORKING POC
EMC VMware <5.5.3.42958 - Path Traversal
Absolute path traversal vulnerability in a certain ActiveX control in IntraProcessLogging.dll 5.5.3.42958 in EMC VMware allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SetLogFileName method.
CVE-2008-2015 EXPLOITDB html WORKING POC
WatchFire AppScan 7.0 - Path Traversal
Multiple absolute path traversal vulnerabilities in certain ActiveX controls in WatchFire AppScan 7.0 allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) CompactSave and (2) SaveSession method in one control, and the (3) saveRecordedExploreToFile method in a different control. NOTE: this can be leveraged for code execution by writing to a Startup folder.
CVE-2007-4155 EXPLOITDB html WORKING POC
EMC VMware 6.0.0 - Remote Code Execution via CreateProcess Method Path Traversal
Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first two arguments to the (1) CreateProcess or (2) CreateProcessEx method.
CVE-2007-4058 EXPLOITDB html WORKING POC
EMC VMware 6.0.0 - Remote Code Execution via vielib.dll StartProcess Path Traversal
Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll 2.2.5.42958 in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first argument to the StartProcess method.
EIP-2026-119053 EXPLOITDB html WORKING POC
Program Checker - 'sasatl.dll 1.5.0.531' DebugMsgLog HeapSpray
CVE-2007-3703 EXPLOITDB html WORKING POC
Zenturi Program Checker Pro - Stack-Based Buffer Overflow via Fill Method
Stack-based buffer overflow in a certain ActiveX control in sasatl.dll 1.5.0.531 in Zenturi Program Checker (ProgramChecker) Pro allows remote attackers to execute arbitrary code via a long argument to the Fill method. NOTE: this is probably a different issue than CVE-2007-2987.
CVE-2007-3435 EXPLOITDB html WORKING POC
RKD Software BarCodeAx.dll 4.9 - Stack-Based Buffer Overflow via BeginPrint Method
Stack-based buffer overflow in the BeginPrint method in a certain ActiveX control in RKD Software (barcodetools.com) BarCodeAx.dll 4.9 allows remote attackers to execute arbitrary code via a long argument.
CVE-2008-6898 EXPLOITDB html WORKING POC
SaschArt SasCam Webcam Server 2.6.5 - Buffer Overflow via XHTTP Module Get Method
Buffer overflow in the XHTTP Module 4.1.0.0 in the ActiveX control for SaschArt SasCam Webcam Server 2.6.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Get method and other unspecified methods.
CVE-2008-6898 EXPLOITDB html WORKING POC
SaschArt SasCam Webcam Server 2.6.5 - Buffer Overflow via XHTTP Module Get Method
Buffer overflow in the XHTTP Module 4.1.0.0 in the ActiveX control for SaschArt SasCam Webcam Server 2.6.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Get method and other unspecified methods.
CVE-2007-3785 EXPLOITDB html WORKING POC
EldoS SecureBlackbox 5.1.0.112 - Absolute Path Traversal via SaveToFile Method
Absolute path traversal vulnerability in a certain ActiveX control in PGPBBox.dll in EldoS SecureBlackbox (sbb) 5.1.0.112 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveToFile method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2003-0665 EXPLOITDB c WORKING POC
Microsoft Access Snapshot Viewer - Buffer Overflow via ActiveX Control
Buffer overflow in the ActiveX control for Microsoft Access Snapshot Viewer for Access 97, 2000, and 2002 allows remote attackers to execute arbitrary code via long parameters to the control.
EIP-2026-118761 EXPLOITDB text WORKING POC
McAfee 3.6.0.608 - 'naPolicyManager.dll' ActiveX Arbitrary Data Write
CVE-2008-2463 EXPLOITDB c WORKING POC
Microsoft Office Snapshot Viewer ActiveX snapview.ocx 10.0.5529.0 - RCE via SnapshotPath/CompressedPath
The Microsoft Office Snapshot Viewer ActiveX control in snapview.ocx 10.0.5529.0, as distributed in the standalone Snapshot Viewer and Microsoft Office Access 2000 through 2003, allows remote attackers to download arbitrary files to a client machine via a crafted HTML document or e-mail message, probably involving use of the SnapshotPath and CompressedPath properties and the PrintSnapshot method. NOTE: this can be leveraged for code execution by writing to a Startup folder.
EIP-2026-118916 EXPLOITDB html WORKING POC
mlsrvx.dll 1.8.9.1 ArGoSoft Mail Server - Data Write/Code Execution
CVE-2008-2390 EXPLOITDB html WORKING POC
HP Software Update - Remote Code Execution via Hpufunction.dll Execute Methods
Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument.
CVE-2007-3487 EXPLOITDB html WORKING POC
HP Photo Digital Imaging ActiveX Control - Arbitrary File Write via saveXMLAsFile Method
Absolute path traversal in a certain ActiveX control in hpqxml.dll 2.0.0.133 in Hewlett-Packard (HP) Photo Digital Imaging allows remote attackers to create or overwrite arbitrary files via the argument to the saveXMLAsFile method.
CVE-2008-4584 EXPLOITDB html WORKING POC
Chilkat Mail 7.8 - Arbitrary File Write via SaveLastError Method
Insecure method vulnerability in Chilkat Mail 7.8 ActiveX control (ChilkatCert.dll) allows remote attackers to overwrite arbitrary files via a full pathname to the SaveLastError method.
CVE-2007-3459 EXPLOITDB html WORKING POC
Avaxswf.dll 1.0.0.1 - Path Traversal
A certain ActiveX control in Avaxswf.dll 1.0.0.1 in Civitech Avax Vector 1.3 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the WriteMovie method.
EIP-2026-115594 EXPLOITDB html WORKING POC
McAfee VirusScan 10.0.21 - ActiveX control Stack Overflow (PoC)
CVE-2007-2656 EXPLOITDB html WORKING POC
Hewlett-Packard (HP) Magview ActiveX <1.0.0.309 - Buffer Overflow
Stack-based buffer overflow in the Hewlett-Packard (HP) Magview ActiveX control in hpqvwocx.dll 1.0.0.309 allows remote attackers to cause a denial of service (application crash) and possibly have other impact via a long argument to the DeleteProfile method.