h07

33 exploits Active since Jun 2006
CVE-2008-0623 EXPLOITDB php WORKING POC
Yahoo! Music Jukebox 2.2.2.056 - Stack-Based Buffer Overflow via AddImage Method
Stack-based buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! Music Jukebox 2.2.2.056 allows remote attackers to execute arbitrary code via a long argument to the AddImage method.
CVE-2008-0623 EXPLOITDB html WORKING POC
Yahoo! Music Jukebox 2.2.2.056 - Stack-Based Buffer Overflow via AddImage Method
Stack-based buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! Music Jukebox 2.2.2.056 allows remote attackers to execute arbitrary code via a long argument to the AddImage method.
CVE-2007-4061 EXPLOITDB html WORKING POC
Nessus Vulnerability Scanner <3.0.6 - Path Traversal
Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the saveNessusRC method, which writes text specified by the addsetConfig method, possibly related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll. NOTE: this can be leveraged for code execution by writing to a Startup folder.
CVE-2007-5067 EXPLOITDB python WORKING POC
iMatix Xitami Web Server 2.5c2 - Remote Code Execution via Long If-Modified-Since Header
Multiple buffer overflows in iMatix Xitami Web Server 2.5c2 allow remote attackers to execute arbitrary code via a long If-Modified-Since header to (1) xigui32.exe or (2) xitami.exe.
CVE-2007-3612 EXPLOITDB python WORKING POC
Visual IRC 2.0 - Remote Code Execution via Long JOIN Response
Stack-based buffer overflow in Visual IRC (ViRC) 2.0 allows remote IRC servers to execute arbitrary code via a long response to a JOIN command.
CVE-2008-0624 EXPLOITDB php WORKING POC
Yahoo! Music Jukebox 2.2.2.56 - Buffer Overflow via Datagrid ActiveX AddButton Method
Buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! JukeBox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddButton method, a different vulnerability than CVE-2008-0623.
CVE-2006-4318 EXPLOITDB c WORKING POC
WFTPD Server 3.23 - Remote Code Execution via Long SIZE Command
Buffer overflow in WFTPD Server 3.23 allows remote attackers to execute arbitrary code via long SIZE commands.
CVE-2007-4031 EXPLOITDB html WORKING POC
Nessus Vulnerability Scanner <3.0.6 - Path Traversal
Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via a .. (dot dot) in the argument to the deleteReport method, probably related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll.
CVE-2007-4062 EXPLOITDB html WORKING POC
Nessus Vulnerability Scanner <3.0.6 - Path Traversal
The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via unspecified vectors involving the deleteNessusRC method, probably a directory traversal vulnerability.
CVE-2006-5112 EXPLOITDB c WORKING POC
InterVations NaviCOPA Web Server 2.01 - RCE
Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote attackers to execute arbitrary code via a long HTTP GET request.
CVE-2007-4983 EXPLOITDB html WORKING POC
JetAudio 7.0.3 Basic and 7.0.3.3016 - Path Traversal and Arbitrary File Write via DownloadFromMusicStore Method
Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX control in JetFlExt.dll in jetAudio 7.0.3 Basic and 7.0.3.3016 allows remote attackers to create or overwrite arbitrary local files via a ..\ (dot dot backslash) in the second argument to the DownloadFromMusicStore method. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for code execution by overwriting JetAudio.exe, which is launched by the control after completion of the method call.
CVE-2007-4336 EXPLOITDB html WORKING POC
Microsoft DirectX Media 6.0 - Buffer Overflow
Buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX control in DXTLIPI.DLL 6.0.2.827, as packaged in Microsoft DirectX Media 6.0 SDK, allows remote attackers to execute arbitrary code via a long SourceUrl property value.
CVE-2006-3952 EXPLOITDB python WORKING POC
EFS Software Easy File Sharing FTP Server 2.0 - Stack-Based Buffer Overflow via PASS Command
Stack-based buffer overflow in EFS Software Easy File Sharing FTP Server 2.0 allows remote attackers to execute arbitrary code via a long argument to the PASS command. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
EIP-2026-118336 EXPLOITDB python WORKING POC
BulletProof FTP Client 2.45 - Remote Buffer Overflow
CVE-2008-1472 EXPLOITDB html WORKING POC
ListCtrl ActiveX Control - Buffer Overflow
Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method.
CVE-2006-2961 EXPLOITDB python WORKING POC
CesarFTP <= 0.99g - Stack-Based Buffer Overflow via MKD Command
Stack-based buffer overflow in CesarFTP 0.99g and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MKD command. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
EIP-2026-118352 EXPLOITDB WORKING POC
CesarFTP 0.99g - 'MKD' Remote Buffer Overflow (Metasploit) (1)
CVE-2008-0470 EXPLOITDB html WORKING POC
Comodo AntiVirus 2.0 - Command Injection
A certain ActiveX control in Comodo AntiVirus 2.0 allows remote attackers to execute arbitrary commands via the ExecuteStr method.
CVE-2006-3952 EXPLOITDB python WORKING POC
EFS Software Easy File Sharing FTP Server 2.0 - Stack-Based Buffer Overflow via PASS Command
Stack-based buffer overflow in EFS Software Easy File Sharing FTP Server 2.0 allows remote attackers to execute arbitrary code via a long argument to the PASS command. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
CVE-2007-2770 EXPLOITDB python WORKING POC
Eudora 7.1 - Remote Code Execution via Long SMTP Reply
Stack-based buffer overflow in Eudora 7.1 allows user-assisted, remote SMTP servers to execute arbitrary code via a long SMTP reply. NOTE: the user must click through a warning about a possible buffer overflow exploit to trigger this issue.
CVE-2007-3166 EXPLOITDB python WORKING POC
Qualcomm Eudora 7.1.0.9 - Buffer Overflow via Long IMAP FLAGS Response
Buffer overflow in Qualcomm Eudora 7.1.0.9 allows user-assisted, remote IMAP servers to execute arbitrary code via a long FLAGS response to a SELECT INBOX command.
CVE-2006-4974 EXPLOITDB c WORKING POC
Ipswitch WS_FTP Limited Edition 5.08 - Remote Code Execution via Long PASV Response
Buffer overflow in Ipswitch WS_FTP Limited Edition (LE) 5.08 allows remote FTP servers to execute arbitrary code via a long response to a PASV command.
CVE-2008-3182 EXPLOITDB python WORKING POC
Download Accelerator Plus <8.6.6.3 - Buffer Overflow
Stack-based buffer overflow in DAP.exe in Download Accelerator Plus (DAP) 7.0.1.3, 8.6.6.3, and other 8.x versions allows user-assisted remote attackers to execute arbitrary code via an M3U (.m3u) file containing a long MP3 URL.
CVE-2007-5487 EXPLOITDB python WORKING POC
jetAudio Basic 7.0.3 - Stack-Based Buffer Overflow via Long URL in EXTM3U Section
Stack-based buffer overflow in COWON America jetAudio Basic 7.0.3 allows user-assisted remote attackers to execute arbitrary code via a long URL in an EXTM3U section of a .m3u file.
CVE-2008-0624 EXPLOITDB html WORKING POC
Yahoo! Music Jukebox 2.2.2.56 - Buffer Overflow via Datagrid ActiveX AddButton Method
Buffer overflow in the YMP Datagrid ActiveX control (datagrid.dll) in Yahoo! JukeBox 2.2.2.56 allows remote attackers to execute arbitrary code via a long argument to the AddButton method, a different vulnerability than CVE-2008-0623.