hdm

397 exploits Active since Jan 1997
CVE-2003-0349 METASPLOIT ruby WORKING POC
Microsoft Windows Media Services <5.0 - RCE
Buffer overflow in the streaming media component for logging multicast requests in the ISAPI for the logging capability of Microsoft Windows Media Services (nsiislog.dll), as installed in IIS 5.0, allows remote attackers to execute arbitrary code via a large POST request to nsiislog.dll.
CVE-2001-0800 METASPLOIT ruby WORKING POC
IRIX < 6.5.13f - Remote Code Execution via lpsched Shell Metacharacters
lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute arbitrary commands via shell metacharacters.
CVE-2009-2477 METASPLOIT ruby WORKING POC
Firefox 3.5 - Remote Code Execution via TraceMonkey JIT Escape Function
js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a document containing P and FONT elements.
CVE-2003-0822 METASPLOIT ruby WORKING POC
Microsoft FrontPage Server Extensions <2002 - RCE
Buffer overflow in the debug functionality in fp30reg.dll of Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to execute arbitrary code via a crafted chunked encoded request.
CVE-2005-4734 METASPLOIT ruby WORKING POC
RSA Authentication Agent for Web <5.3 - Buffer Overflow
Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long url parameter in the Redirect method.
CVE-2004-1134 METASPLOIT ruby WORKING POC
Microsoft w3who.dll - Buffer Overflow via Long Query String
Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long query string.
CVE-2006-0295 METASPLOIT ruby WORKING POC
Mozilla Firefox <1.5, Thunderbird <1.5 - RCE
Mozilla Firefox 1.5, Thunderbird 1.5 if Javascript is enabled in mail, and SeaMonkey before 1.0 might allow remote attackers to execute arbitrary code via the QueryInterface method of the built-in Location and Navigator objects, which leads to memory corruption.
CVE-2008-5353 METASPLOIT ruby WORKING POC
Sun Java Calendar Deserialization Privilege Escalation
The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and JRE 1.4.2_18 and earlier does not properly enforce context of ZoneInfo objects during deserialization, which allows remote attackers to run untrusted applets and applications in a privileged context, as demonstrated by "deserializing Calendar objects".
CVE-2007-2175 METASPLOIT ruby WORKING POC
Apple QuickTime Java extensions - RCE
Apple QuickTime Java extensions (QTJava.dll), as used in Safari and other browsers, and when Java is enabled, allows remote attackers to execute arbitrary code via parameters to the toQTPointer method in quicktime.util.QTHandleRef, which can be used to modify arbitrary memory when creating QTPointerRef objects, as demonstrated during the "PWN 2 0WN" contest at CanSecWest 2007.
CVE-2005-2668 METASPLOIT ruby WORKING POC
Computer Associates CAM/CAFT <1.11 Build 29_13 - Buffer Overflow
Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allow remote attackers to execute arbitrary code via unknown vectors.
CVE-2006-3677 METASPLOIT ruby WORKING POC
Mozilla Firefox <1.5.0.5 & SeaMonkey <1.0.3 - RCE
Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 allows remote attackers to execute arbitrary code by changing certain properties of the window navigator object (window.navigator) that are accessed when Java starts up, which causes a crash that leads to code execution.
CVE-2005-0581 METASPLOIT ruby WORKING POC
CA License Client and Server 0.1.0.15 - Multiple Buffer Overflow via GCR Request and GETCONFIG Packet
Multiple buffer overflows in Computer Associates (CA) License Client and Server 0.1.0.15 allow remote attackers to execute arbitrary code via (1) certain long fields in the Checksum item in a GCR request, (2) a long IP address, hostname, or netmask values in a GCR request, (3) a long last parameter in a GETCONFIG packet, or (4) long values in a request with an invalid format.
CVE-2002-0649 METASPLOIT ruby WORKING POC
Microsoft SQL Server 2000 and MSDE 2000 - Remote Code Execution via UDP Port 1434
Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.
CVE-2002-1643 METASPLOIT ruby WORKING POC
RealNetworks Helix Universal Server 9.0.2.768 - Remote Code Execution via RTSP/HTTP Request Buffer Overflow
Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 (9.0.2.768) allow remote attackers to execute arbitrary code via (1) a long Transport field in a SETUP RTSP request, (2) a DESCRIBE RTSP request with a long URL argument, or (3) two simultaneous HTTP GET requests with long arguments.
CVE-2010-0103 METASPLOIT ruby WORKING POC
Energizer DUO USB - Remote Code Execution via TCP Port 7777
UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777.
CVE-2005-0353 METASPLOIT ruby WORKING POC
Sentinel License Manager 7.2.0.2 - Remote Code Execution via UDP Port 5093 Buffer Overflow
Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel License Manager 7.2.0.2 allows remote attackers to execute arbitrary code by sending a large amount of data to UDP port 5093.
CVE-2005-1009 METASPLOIT ruby WORKING POC
BakBone NetVault <7 - Buffer Overflow
Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) remote attackers to execute arbitrary code via a modified computer name and length that leads to a heap-based buffer overflow, or (2) local users to execute arbitrary code via a long Name entry in the configure.cfg file.
CVE-2005-0581 METASPLOIT ruby WORKING POC
CA License Client and Server 0.1.0.15 - Multiple Buffer Overflow via GCR Request and GETCONFIG Packet
Multiple buffer overflows in Computer Associates (CA) License Client and Server 0.1.0.15 allow remote attackers to execute arbitrary code via (1) certain long fields in the Checksum item in a GCR request, (2) a long IP address, hostname, or netmask values in a GCR request, (3) a long last parameter in a GETCONFIG packet, or (4) long values in a request with an invalid format.
CVE-2004-1172 METASPLOIT ruby WORKING POC
Veritas Backup Exec 8.x-9.x - Stack-Based Buffer Overflow via Long Hostname in Agent Browser Registration
Stack-based buffer overflow in the Agent Browser in Veritas Backup Exec 8.x before 8.60.3878 Hotfix 68, and 9.x before 9.1.4691 Hotfix 40, allows remote attackers to execute arbitrary code via a registration request with a long hostname.
CVE-2005-2265 METASPLOIT ruby WORKING POC
Firefox < 1.0.5 and Mozilla < 1.7.9 - Denial of Service via InstallVersion.compareTo
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.
CVE-2005-4145 METASPLOIT ruby WORKING POC
Lyris ListManager <8.9b - Info Disclosure
The MSDE version of Lyris ListManager 5.0 through 8.9b configures the sa account in the database to use a password with a small search space ("lyris" and up to 5 digits, possibly from the process ID), which allows remote attackers to gain access via a brute force attack.
CVE-2006-5216 METASPLOIT ruby WORKING POC
Sergey Lyubka Simple HTTPD <1.34 - RCE
Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.34 allows remote attackers to execute arbitrary code via a long URI.
CVE-2002-0392 METASPLOIT ruby WORKING POC
Apache HTTP Server 1.3-1.3.24 & 2.0-2.0.36 - DoS & RCE via Chunk-Encoded Request
Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
CVE-2004-2086 METASPLOIT ruby WORKING POC
Sambar Server <6.0 - Buffer Overflow
Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter.
CVE-2004-1080 METASPLOIT ruby WORKING POC
Microsoft Windows NT/2000/Server 2003 - RCE
The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Windows 2000 Server, and Windows Server 2003 allows remote attackers to write to arbitrary memory locations and possibly execute arbitrary code via a modified memory pointer in a WINS replication packet to TCP port 42, aka the "Association Context Vulnerability."