jduck

336 exploits Active since Mar 1998
EIP-2026-118318 EXPLOITDB ruby WORKING POC
BigAnt Server 2.52 - USV Buffer Overflow (Metasploit)
CVE-2009-1612 EXPLOITDB ruby WORKING POC
Baofeng Storm - Memory Corruption
Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote attackers to execute arbitrary code via a long argument to the OnBeforeVideoDownload method, as exploited in the wild in April and May 2009. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 3.09.04.17 and earlier are also affected.
CVE-2009-4850 EXPLOITDB ruby WORKING POC
Awingsoft Awakening Winds3d Viewer Plugin - Memory Corruption
The Awingsoft Awakening Winds3D Viewer plugin 3.5.0.9 allows remote attackers to execute arbitrary programs via a SceneURL property value with a URL for a .exe file.
CVE-2009-4588 EXPLOITDB ruby WORKING POC
WindsPlayerIE.View.1 - Buffer Overflow
Heap-based buffer overflow in the WindsPlayerIE.View.1 ActiveX control in WindsPly.ocx 3.5.0.0 Beta, 3.0.0.5, and earlier in AwingSoft Awakening Web3D Player and Winds3D Viewer allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long SceneUrl property value, a different vulnerability than CVE-2009-2386. NOTE: some of these details are obtained from third party information.
CVE-2010-1799 EXPLOITDB ruby WORKING POC
Apple Quicktime - Memory Corruption
Stack-based buffer overflow in the error-logging functionality in Apple QuickTime before 7.6.7 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file.
CVE-2008-4193 EXPLOITDB ruby WORKING POC
Alt-n Securitygateway - Memory Corruption
Stack-based buffer overflow in SecurityGateway.dll in Alt-N Technologies SecurityGateway 1.0.1 allows remote attackers to execute arbitrary code via a long username parameter.
CVE-2010-1318 EXPLOITDB ruby WORKING POC
AgentX++ <1.4.16 - Buffer Overflow
Stack-based buffer overflow in the AgentX::receive_agentx function in AgentX++ 1.4.16, as used in RealNetworks Helix Server and Helix Mobile Server 11.x through 13.x and other products, allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2010-2883 EXPLOITDB HIGH ruby WORKING POC
Adobe Reader/Acrobat <9.4-8.2.5 - Buffer Overflow
Stack-based buffer overflow in CoolType.dll in Adobe Reader and Acrobat 9.x before 9.4, and 8.x before 8.2.5 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a PDF document with a long field in a Smart INdependent Glyphlets (SING) table in a TTF font, as exploited in the wild in September 2010. NOTE: some of these details are obtained from third party information.
CVSS 7.3
EIP-2026-118045 EXPLOITDB ruby WORKING POC
VariCAD 2010-2.05 EN - '.DWB' Local Stack Buffer Overflow (Metasploit)
CVE-2007-2888 EXPLOITDB ruby WORKING POC
UltraISO <8.6.2.2011 - Buffer Overflow
Stack-based buffer overflow in UltraISO 8.6.2.2011 and earlier allows user-assisted remote attackers to execute arbitrary code via a long FILE string (filename) in a .cue file, a related issue to CVE-2007-2761. NOTE: some details are obtained from third party information.
CVE-2009-1260 EXPLOITDB ruby WORKING POC
Ezbsystems Ultraiso < 9.3.3 - Memory Corruption
Multiple stack-based buffer overflows in UltraISO 9.3.3.2685 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted (1) CCD or (2) IMG file.
CVE-2006-0564 EXPLOITDB ruby WORKING POC
Microsoft Html Help - Buffer Overflow
Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702.0, and possibly earlier versions, and as included in the Microsoft HTML Help 1.4 SDK, allows context-dependent attackers to execute arbitrary code via a .hhp file with a long Contents file field.
CVE-2009-3214 EXPLOITDB ruby WORKING POC
Photodex Proshow Gold - Memory Corruption
Multiple stack-based buffer overflows in Photodex ProShow Gold 4.0.2549 allow remote attackers to execute arbitrary code via a crafted Slideshow project (.psh) file, related to the (1) cell[n].images[m].image and (2) cell[n].sound.file fields.
CVE-2010-0688 EXPLOITDB ruby WORKING POC
Orbital Viewer 1.04 - Buffer Overflow
Stack-based buffer overflow in Orbital Viewer 1.04 allows user-assisted remote attackers to execute arbitrary code via a crafted (1) .orb or (2) .ov file.
EIP-2026-117599 EXPLOITDB ruby WORKING POC
Millenium MP3 Studio 2.0 - '.pls' Local Stack Buffer Overflow (Metasploit)
CVE-2010-3333 EXPLOITDB HIGH ruby WORKING POC
Microsoft Office - Buffer Overflow
Stack-based buffer overflow in Microsoft Office XP SP3, Office 2003 SP3, Office 2007 SP2, Office 2010, Office 2004 and 2008 for Mac, Office for Mac 2011, and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via crafted RTF data, aka "RTF Stack Buffer Overflow Vulnerability."
CVSS 7.8
CVE-2010-3888 EXPLOITDB ruby WORKING POC
Microsoft Windows - Privilege Escalation
Unspecified vulnerability in Microsoft Windows on 32-bit platforms allows local users to gain privileges via unknown vectors, as exploited in the wild in July 2010 by the Stuxnet worm, and identified by Kaspersky Lab researchers and other researchers.
CVE-2010-3970 EXPLOITDB ruby WORKING POC
Microsoft Windows Server 2003 - Memory Corruption
Stack-based buffer overflow in the CreateSizedDIBSECTION function in shimgvw.dll in the Windows Shell graphics processor (aka graphics rendering engine) in Microsoft Windows XP SP2 and SP3, Server 2003 SP2, Vista SP1 and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a crafted .MIC or unspecified Office document containing a thumbnail bitmap with a negative biClrUsed value, as reported by Moti and Xu Hao, aka "Windows Shell Graphics Processing Overrun Vulnerability."
CVE-2010-0033 EXPLOITDB ruby WORKING POC
Microsoft Powerpoint - Memory Corruption
Stack-based buffer overflow in Microsoft Office PowerPoint 2003 SP3 allows remote attackers to execute arbitrary code via a crafted PowerPoint document, aka "PowerPoint Viewer TextBytesAtom Record Stack Overflow Vulnerability."
CVE-2009-0133 EXPLOITDB ruby WORKING POC
Microsoft HTML Help Workshop <4.74 - Buffer Overflow
Buffer overflow in Microsoft HTML Help Workshop 4.74 and earlier allows context-dependent attackers to execute arbitrary code via a .hhp file with a long "Index file" field, possibly a related issue to CVE-2006-0564.
CVE-2006-0564 EXPLOITDB ruby WORKING POC
Microsoft Html Help - Buffer Overflow
Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702.0, and possibly earlier versions, and as included in the Microsoft HTML Help 1.4 SDK, allows context-dependent attackers to execute arbitrary code via a .hhp file with a long Contents file field.
CVE-2009-3129 EXPLOITDB HIGH ruby WORKING POC
Microsoft Excel - Out-of-Bounds Write
Microsoft Office Excel 2002 SP3, 2003 SP3, and 2007 SP1 and SP2; Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; Office Excel Viewer 2003 SP3; Office Excel Viewer SP1 and SP2; and Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allows remote attackers to execute arbitrary code via a spreadsheet with a FEATHEADER record containing an invalid cbHdrData size element that affects a pointer offset, aka "Excel Featheader Record Memory Corruption Vulnerability."
CVSS 7.8
CVE-2009-1028 EXPLOITDB ruby WORKING POC
Edisys Ezip Wizard - Memory Corruption
Stack-based buffer overflow in ediSys eZip Wizard 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file.
CVE-2010-1818 EXPLOITDB ruby WORKING POC
Apple QuickTime <7.6.8 - RCE
The IPersistPropertyBag2::Read function in QTPlugin.ocx in Apple QuickTime 6.x, 7.x before 7.6.8, and other versions allows remote attackers to execute arbitrary code via the _Marshaled_pUnk attribute, which triggers unmarshalling of an untrusted pointer.
CVE-2009-2485 EXPLOITDB ruby WORKING POC
HT-MP3Player 1.0 - Buffer Overflow
Stack-based buffer overflow in HT-MP3Player 1.0 allows remote attackers to execute arbitrary code via a long string in a .ht3 file.