hdm

395 exploits Active since Jan 1997
CVE-2009-1136 EXPLOITDB ruby WORKING POC
Microsoft Isa Server - Code Injection
The Microsoft Office Web Components Spreadsheet ActiveX control (aka OWC10 or OWC11), as distributed in Office XP SP3 and Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 Gold and SP1, and Office Small Business Accounting 2006, when used in Internet Explorer, allows remote attackers to execute arbitrary code via a crafted call to the msDataSourceObject method, as exploited in the wild in July and August 2009, aka "Office Web Components HTML Script Vulnerability."
CVE-2009-3023 EXPLOITDB ruby WORKING POC
Microsoft Internet Information Server < 6.0 - Buffer Overflow
Buffer overflow in the FTP Service in Microsoft Internet Information Services (IIS) 5.0 through 6.0 allows remote authenticated users to execute arbitrary code via a crafted NLST (NAME LIST) command that uses wildcards, leading to memory corruption, aka "IIS FTP Service RCE and DoS Vulnerability."
CVE-2003-0109 EXPLOITDB ruby WORKING POC
Microsoft Windows 2000 - Buffer Overflow
Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.
CVE-2001-0241 EXPLOITDB ruby WORKING POC
Microsoft Windows 2000 - Buffer Overflow
Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.
EIP-2026-118787 EXPLOITDB ruby WORKING POC
Microsoft IIS - WebDAV Write Access Code Execution (Metasploit)
CVE-2005-4734 EXPLOITDB ruby WORKING POC
RSA Authentication Agent for Web <5.3 - Buffer Overflow
Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long url parameter in the Redirect method.
CVE-2003-0822 EXPLOITDB ruby WORKING POC
Microsoft FrontPage Server Extensions <2002 - RCE
Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
CVE-2004-1134 EXPLOITDB ruby WORKING POC
Microsoft W3who.dll - Buffer Overflow
Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string.
CVE-2003-0349 EXPLOITDB ruby WORKING POC
Microsoft Windows Media Services <5.0 - RCE
Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll.
CVE-2003-0714 EXPLOITDB ruby WORKING POC
Exchange Server <5.5-2000 - DoS
The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 allows remote attackers to cause a denial of service (memory exhaustion) by directly connecting to the SMTP service and sending a certain extended verb request, possibly triggering a buffer overflow in Exchange 2000.
CVE-2007-1748 EXPLOITDB ruby WORKING POC
Microsoft Windows 2000 - Memory Corruption
Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.
CVE-2007-1748 EXPLOITDB ruby WORKING POC
Microsoft Windows 2000 - Memory Corruption
Stack-based buffer overflow in the RPC interface in the Domain Name System (DNS) Server Service in Microsoft Windows 2000 Server SP 4, Server 2003 SP 1, and Server 2003 SP 2 allows remote attackers to execute arbitrary code via a long zone name containing character constants represented by escape sequences.
CVE-2005-0684 EXPLOITDB ruby WORKING POC
Mysql Maxdb - Buffer Overflow
Multiple buffer overflows in the web tool for MySQL MaxDB before 7.5.00.26 allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long file parameter after a percent ("%") sign or (2) a long Lock-Token string to the WebDAV functionality, which is not properly handled by the getLockTokenHeader function in WDVHandler_CommonUtils.c.
CVE-2005-4145 EXPLOITDB ruby WORKING POC
Lyris ListManager <8.9b - Info Disclosure
The MSDE version of Lyris ListManager 5.0 through 8.9b configures the sa account in the database to use a password with a small search space ("lyris" and up to 5 digits, possibly from the process ID), which allows remote attackers to gain access via a brute force attack.
CVE-2005-0260 EXPLOITDB ruby WORKING POC
Broadcom Brightstor Arcserve Backup - Buffer Overflow
Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to execute arbitrary code via a long packet to UDP port 41524, which is not properly handled in a recvfrom call.
CVE-2005-1272 EXPLOITDB ruby WORKING POC
BrightStor ARCserve Backup Agent for SQL Server 11.0 - Buffer Overflow
Stack-based buffer overflow in the Backup Agent for Microsoft SQL Server in BrightStor ARCserve Backup Agent for SQL Server 11.0 allows remote attackers to execute arbitrary code via a long string sent to port (1) 6070 or (2) 6050.
CVE-2003-1192 EXPLOITDB ruby WORKING POC
Truenorth Software IA Webmail Server - Buffer Overflow
Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote attackers to execute arbitrary code via a long GET request.
CVE-2007-1819 EXPLOITDB perl WORKING POC
HP Mercury Quality Center - Memory Corruption
Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control (Spider90.ocx) 9.1.0.4353 in TestDirector (TD) for Mercury Quality Center 9.0 before Patch 12.1, and 8.2 SP1 before Patch 32, allows remote attackers to execute arbitrary code via a long ProgColor property.
CVE-2004-0297 EXPLOITDB ruby WORKING POC
Ipswitch Imail - Buffer Overflow
Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length.
EIP-2026-118601 EXPLOITDB ruby WORKING POC
GE Proficy Real Time Information Portal - Credentials Leak Sniffer (Metasploit)
CVE-2006-6055 EXPLOITDB ruby WORKING POC
D-link Dwl-g132 - Buffer Overflow
Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 wireless adapter allows remote attackers to execute arbitrary code via a 802.11 beacon request with a long Rates information element (IE).
CVE-2005-1018 EXPLOITDB ruby WORKING POC
CA BrightStor ARCserve Backup - Buffer Overflow
Buffer overflow in the UniversalAgent for Computer Associates (CA) BrightStor ARCserve Backup allows remote authenticated users to cause a denial of service or execute arbitrary code via an agent request to TCP port 6050 with a large argument before the option field.
CVE-2005-2535 EXPLOITDB ruby WORKING POC
Broadcom Arcserve Backup 2000 - Buffer Overflow
Buffer overflow in the Discovery Service in BrightStor ARCserve Backup 9.0 through 11.1 allows remote attackers to execute arbitrary commands via a large packet to TCP port 41523, a different vulnerability than CVE-2005-0260.
CVE-2010-0103 EXPLOITDB ruby WORKING POC
Energizer Duo Usb - Code Injection
UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777.
CVE-2006-0476 EXPLOITDB ruby WORKING POC
Nullsoft Winamp - Buffer Overflow
Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field).