hdm

395 exploits Active since Jan 1997
CVE-2017-17562 METASPLOIT HIGH ruby WORKING POC
Embedthis GoAhead <3.6.5 - Remote Code Execution
Embedthis GoAhead before 3.6.5 allows remote code execution if CGI is enabled and a CGI program is dynamically linked. This is a result of initializing the environment of forked CGI scripts using untrusted HTTP request parameters in the cgiHandler function in cgi.c. When combined with the glibc dynamic linker, this behaviour can be abused for remote code execution using special parameter names such as LD_PRELOAD. An attacker can POST their shared object payload in the body of the request, and reference it using /proc/self/fd/0.
CVSS 8.1
CVE-2017-15944 METASPLOIT CRITICAL ruby WORKING POC
Palo Alto Network PAN-OS - Remote Code Execution
Palo Alto Networks PAN-OS before 6.1.19, 7.0.x before 7.0.19, 7.1.x before 7.1.14, and 8.0.x before 8.0.6 allows remote attackers to execute arbitrary code via vectors involving the management interface.
CVSS 9.8
CVE-2013-2751 METASPLOIT ruby WORKING POC
NETGEAR ReadyNAS <4.1.12 & <4.2.24 - Code Injection
Eval injection vulnerability in frontview/lib/np_handler.pl in the FrontView web interface in NETGEAR ReadyNAS RAIDiator before 4.1.12 and 4.2.x before 4.2.24 allows remote attackers to execute arbitrary Perl code via a crafted request, related to the "forgot password workflow."
CVE-2002-0392 EXPLOITDB ruby WORKING POC
Apache HTTP Server < 1.3.24 - Denial of Service
Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
EIP-2026-119266 EXPLOITDB ruby WORKING POC
WebDAV - Application DLL Hijacker (Metasploit)
CVE-1999-0256 EXPLOITDB ruby WORKING POC
Jgaa Warftpd < 1.66 - Buffer Overflow
Buffer overflow in War FTP allows remote execution of commands.
CVE-2006-5216 EXPLOITDB ruby WORKING POC
Sergey Lyubka Simple HTTPD <1.34 - RCE
Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.34 allows remote attackers to execute arbitrary code via a long URI.
CVE-2006-1148 EXPLOITDB ruby WORKING POC
PeerCast <0.1217 - RCE
Multiple stack-based buffer overflows in the procConnectArgs function in servmgr.cpp in PeerCast before 0.1217 allow remote attackers to execute arbitrary code via an HTTP GET request with a long (1) parameter name or (2) value in a URL, which triggers the overflow in the nextCGIarg function in servhs.cpp.
CVE-2006-5156 EXPLOITDB ruby WORKING POC
Mcafee Epolicy Orchestrator - Buffer Overflow
Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header.
CVE-2005-0491 EXPLOITDB ruby WORKING POC
Knox Software Arkeia Server Backup - Buffer Overflow
Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows remote attackers to execute arbitrary code via a long type 77 request.
CVE-2005-2668 EXPLOITDB ruby WORKING POC
Computer Associates CAM/CAFT <1.11 Build 29_13 - Buffer Overflow
Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allow remote attackers to execute arbitrary code via unknown vectors.
CVE-2005-2265 EXPLOITDB ruby WORKING POC
Mozilla Firefox - Denial of Service
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.
CVE-2005-2265 EXPLOITDB ruby WORKING POC
Mozilla Firefox - Denial of Service
Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 allows remote attackers to cause a denial of service (access violation and crash), and possibly execute arbitrary code, by calling InstallVersion.compareTo with an object instead of a string.
CVE-2005-0353 EXPLOITDB ruby WORKING POC
Safenet Sentinel License Manager - Buffer Overflow
Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel License Manager 7.2.0.2 allows remote attackers to execute arbitrary code by sending a large amount of data to UDP port 5093.
CVE-2005-0478 EXPLOITDB ruby WORKING POC
Trackercam < 5.12 - Buffer Overflow
Multiple buffer overflows in TrackerCam 5.12 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via (1) an HTTP request with a long User-Agent header or (2) a long argument to an arbitrary PHP script.
CVE-2004-1172 EXPLOITDB ruby WORKING POC
Symantec Veritas Backup Exec - Buffer Overflow
Stack-based buffer overflow in the Agent Browser in Veritas Backup Exec 8.x before 8.60.3878 Hotfix 68, and 9.x before 9.1.4691 Hotfix 40, allows remote attackers to execute arbitrary code via a registration request with a long hostname.
CVE-2005-0773 EXPLOITDB ruby WORKING POC
Symantec Veritas Backup Exec - Buffer Overflow
Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for Netware allows remote attackers to execute arbitrary code via a CONNECT_CLIENT_AUTH request with authentication method type 3 (Windows credentials) and a long password argument.
CVE-2004-2086 EXPLOITDB ruby WORKING POC
Sambar Server <6.0 - Buffer Overflow
Stack-based buffer overflow in results.stm for Sambar Server before the 6.0 production release allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP POST request with a long query parameter.
CVE-2006-2369 EXPLOITDB ruby WORKING POC
Realvnc - Authentication Bypass
RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, as originally demonstrated using a long password.
CVE-2006-0992 EXPLOITDB ruby WORKING POC
Novell Groupwise Messenger - Buffer Overflow
Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accidentally referenced CVE-2006-0092. This is the correct identifier.
CVE-2003-1141 EXPLOITDB ruby WORKING POC
Network Instruments Niprint Lpd-lpr Print Server - Buffer Overflow
Buffer overflow in NIPrint 4.10 allows remote attackers to execute arbitrary code via a long string to TCP port 515.
CVE-2005-1323 EXPLOITDB ruby WORKING POC
NetTerm <5.1.1 - RCE
Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote attackers to execute arbitrary code via a long USER command.
CVE-2005-0059 EXPLOITDB ruby WORKING POC
Microsoft Windows 2000 - Buffer Overflow
Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.
CVE-2007-3039 EXPLOITDB ruby WORKING POC
Microsoft Message Queuing - Memory Corruption
Stack-based buffer overflow in the Microsoft Message Queuing (MSMQ) service in Microsoft Windows 2000 Server SP4, Windows 2000 Professional SP4, and Windows XP SP2 allows attackers to execute arbitrary code via a long string in an opnum 0x06 RPC call to port 2103. NOTE: this is remotely exploitable on Windows 2000 Server.
CVE-2003-0533 EXPLOITDB ruby WORKING POC
Microsoft Windows - Buffer Overflow
Stack-based buffer overflow in certain Active Directory service functions in LSASRV.DLL of the Local Security Authority Subsystem Service (LSASS) in Microsoft Windows NT 4.0 SP6a, 2000 SP2 through SP4, XP SP1, Server 2003, NetMeeting, Windows 98, and Windows ME, allows remote attackers to execute arbitrary code via a packet that causes the DsRolerUpgradeDownlevelServer function to create long debug entries for the DCPROMO.LOG log file, as exploited by the Sasser worm.