hdm

397 exploits Active since Jan 1997
CVE-2003-0352 EXPLOITDB ruby WORKING POC
Microsoft Windows - Buffer Overflow
Buffer overflow in a certain DCOM interface for RPC in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a malformed message, as exploited by the Blaster/MSblast/LovSAN and Nachi/Welchia worms.
CVE-2003-0719 EXPLOITDB ruby WORKING POC
Microsoft Windows and NetMeeting - Remote Code Execution via PCT Handshake Packet
Buffer overflow in the Private Communications Transport (PCT) protocol implementation in the Microsoft SSL library, as used in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via PCT 1.0 handshake packets.
CVE-2009-1136 EXPLOITDB ruby WORKING POC
Microsoft Office Web Components Spreadsheet ActiveX Control - Remote Code Execution via msDataSourceObject Method
The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."
CVE-2009-3023 EXPLOITDB ruby WORKING POC
Microsoft Internet Information Server 5.0-6.0 - Authenticated Remote Code Execution via FTP NLST Command Buffer Overflow
Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability."
CVE-2003-0109 EXPLOITDB ruby WORKING POC
Windows 2000 - Remote Code Execution via WebDAV Request
Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
CVE-2001-0241 EXPLOITDB ruby WORKING POC
Windows 2000 - Buffer Overflow in Internet Printing ISAPI Extension
Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.
EIP-2026-118787 EXPLOITDB ruby WORKING POC
Microsoft IIS - WebDAV Write Access Code Execution (Metasploit)
CVE-2005-4734 EXPLOITDB ruby WORKING POC
RSA Authentication Agent for Web <5.3 - Buffer Overflow
Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long url parameter in the Redirect method.
CVE-2003-0822 EXPLOITDB ruby WORKING POC
Microsoft FrontPage Server Extensions <2002 - RCE
Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
CVE-2004-1134 EXPLOITDB ruby WORKING POC
Microsoft w3who.dll - Buffer Overflow via Long Query String
Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string.
CVE-2003-0349 EXPLOITDB ruby WORKING POC
Microsoft Windows Media Services <5.0 - RCE
Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll.
CVE-2003-0714 EXPLOITDB ruby WORKING POC
Exchange Server 5.5 and 2000 - Denial of Service via SMTP Extended Verb Request
The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000.
CVE-2007-1748 EXPLOITDB ruby WORKING POC
Windows 2000 Server SP4 and Server 2003 SP1/SP2 - Remote Code Execution via DNS RPC Zone Name Overflow
Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.
CVE-2007-1748 EXPLOITDB ruby WORKING POC
Windows 2000 Server SP4 and Server 2003 SP1/SP2 - Remote Code Execution via DNS RPC Zone Name Overflow
Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.
CVE-2005-0684 EXPLOITDB ruby WORKING POC
MySQL MaxDB < 7.5.00.26 - Remote Code Execution via WebDAV Lock-Token Header
Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%") sign or (2) a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c.
CVE-2005-4145 EXPLOITDB ruby WORKING POC
Lyris ListManager <8.9b - Info Disclosure
The MSDE version of Lyris ListManager 5.0 through 8.9b configures the sa account in the database to use a password with a small search space ("lyris" and up to 5 digits, possibly from the process ID), which allows remote attackers to gain access via a brute force attack.
CVE-2005-0260 EXPLOITDB ruby WORKING POC
BrightStor ARCserve Backup 11.1 and earlier - Remote Code Execution via UDP Discovery Service
Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to execute arbitrary code via a long packet to UDP port 41524, which is not properly handled in a recvfrom call.
CVE-2005-1272 EXPLOITDB ruby WORKING POC
BrightStor ARCserve Backup Agent for SQL Server 11.0 - Buffer Overflow
Stack-based buffer overflow in the Backup Agent for Microsoft SQL Server in BrightStor ARCserve Backup Agent for SQL Server 11.0 allows remote attackers to execute arbitrary code via a long string sent to port (1) 6070 or (2) 6050.
CVE-2003-1192 EXPLOITDB ruby WORKING POC
IA WebMail Server 3.1.0 - Stack-Based Buffer Overflow via Long GET Request
Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote attackers to execute arbitrary code via a long GET request.
CVE-2007-1819 EXPLOITDB perl WORKING POC
HP Mercury Quality Center 9.0 - Stack-Based Buffer Overflow via SPIDERLib.Loader ActiveX ProgColor Property
Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control (Spider90.ocx) 9.1.0.4353 in TestDirector (TD) for Mercury Quality Center 9.0 before Patch 12.1, and 8.2 SP1 before Patch 32, allows remote attackers to execute arbitrary code via a long ProgColor property.
CVE-2004-0297 EXPLOITDB ruby WORKING POC
Ipswitch IMail - Buffer Overflow via LDAP Message with Large Tag Length
Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length.
EIP-2026-118601 EXPLOITDB ruby WORKING POC
GE Proficy Real Time Information Portal - Credentials Leak Sniffer (Metasploit)
CVE-2006-6055 EXPLOITDB ruby WORKING POC
D-Link DWL-G132 A5AGU.SYS 1.0.1.41 - Stack-Based Buffer Overflow via 802.11 Beacon Rates IE
Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 wireless adapter allows remote attackers to execute arbitrary code via a 802.11 beacon request with a long Rates information element (IE).
CVE-2005-1018 EXPLOITDB ruby WORKING POC
CA BrightStor ARCserve Backup - Buffer Overflow
Buffer overflow in the UniversalAgent for Computer Associates (CA) BrightStor ARCserve Backup allows remote authenticated users to cause a denial of service or execute arbitrary code via an agent request to TCP port 6050 with a large argument before the option field.
CVE-2005-2535 EXPLOITDB ruby WORKING POC
BrightStor ARCserve Backup 9.0-11.1 - Remote Code Execution via Discovery Service Buffer Overflow
Buffer overflow in the Discovery Service in BrightStor ARCserve Backup 9.0 through 11.1 allows remote attackers to execute arbitrary commands via a large packet to TCP port 41523, a different vulnerability than CVE-2005-0260.