rgod

470 exploits Active since Jul 2005
CVE-2008-4771 EXPLOITDB html WORKING POC
4xem Vatctrl Class - Memory Corruption
Stack-based buffer overflow in VATDecoder.VatCtrl.1 ActiveX control in (1) 4xem VatCtrl Class (VATDecoder.dll 1.0.0.27 and 1.0.0.51), (2) D-Link MPEG4 SHM Audio Control (VAPGDecoder.dll 1.7.0.5), (3) Vivotek RTSP MPEG4 SP Control (RtspVapgDecoderNew.dll 2.0.0.39), and possibly other products, allows remote attackers to execute arbitrary code via a long Url property. NOTE: some of these details are obtained from third party information.
EIP-2026-118356 EXPLOITDB html WORKING POC
Chilkat Software FTP2 - ActiveX Component Remote Code Execution
EIP-2026-118359 EXPLOITDB ruby WORKING POC
Cisco Linksys PlayerPT - ActiveX Control Buffer Overflow (Metasploit)
EIP-2026-118405 EXPLOITDB ruby WORKING POC
Dell Webcam CrazyTalk - ActiveX BackImage (Metasploit)
EIP-2026-118375 EXPLOITDB ruby WORKING POC
Cogent DataHub - HTTP Server Buffer Overflow (Metasploit)
EIP-2026-118406 EXPLOITDB text WORKING POC
Dell Webcam Software Bundled - ActiveX Remote Buffer Overflow
CVE-2010-0219 EXPLOITDB text WORKING POC
Apache Axis2 - Credentials Management
Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service.
CVE-2008-0380 EXPLOITDB html WORKING POC
Digital Data Communications Rtspvapgdecoder.dll - Memory Corruption
Buffer overflow in the Digital Data Communications RtspVaPgCtrl ActiveX control (RtspVapgDecoder.dll 1.1.0.29) allows remote attackers to execute arbitrary code via a long MP4Prefix property.
CVE-2007-6493 EXPLOITDB text WORKING POC
iMesh <7.1.0.x - RCE
The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method.
CVE-2013-4812 EXPLOITDB ruby WORKING POC
HP ProCurve Manager <4.0 - RCE
UpdateCertificatesServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the fileName argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.
CVE-2013-2367 EXPLOITDB ruby WORKING POC
HP SiteScope <11.21 - RCE
Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, when SOAP is used, allow remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1678.
CVE-2008-4549 EXPLOITDB html WORKING POC
Imageshack Toolbar - Improper Input Validation
The ImageShack Toolbar ActiveX control (ImageShackToolbar.dll) in ImageShack Toolbar 4.5.7, possibly including 4.5.7.69, allows remote attackers to force the upload of arbitrary image files to the ImageShack site via a file: URI argument to the BuildSlideShow method.
CVE-2013-4811 EXPLOITDB ruby WORKING POC
HP ProCurve Manager <4.0 - RCE
UpdateDomainControllerServlet in the SNAC registration server in HP ProCurve Manager (PCM) 3.20 and 4.0, PCM+ 3.20 and 4.0, and Identity Driven Manager (IDM) 4.0 does not properly validate the adCert argument, which allows remote attackers to upload .jsp files and consequently execute arbitrary code via unspecified vectors, aka ZDI-CAN-1743.
CVE-2013-4837 EXPLOITDB ruby WORKING POC
HP LoadRunner <11.52 - RCE
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1832.
EIP-2026-118648 EXPLOITDB html WORKING POC
HP Photo Creative 2.x audio.Record.1 - ActiveX Control Remote Stack Buffer Overflow
CVE-2007-6493 EXPLOITDB html WORKING POC
iMesh <7.1.0.x - RCE
The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method.
EIP-2026-118617 EXPLOITDB text WRITEUP
Google Talk - 'gtalk://' Deprecated URI Handler Injection
EIP-2026-118644 EXPLOITDB ruby WORKING POC
HP Application Lifecycle Management - 'XGO.ocx' ActiveX 'SetShapeNodeType()' Remote Code Execution (Metasploit)
CVE-2012-5201 EXPLOITDB ruby WORKING POC
HP iMC <5.2 E0401 - RCE
Unspecified vulnerability in HP Intelligent Management Center (iMC) and Intelligent Management Center for Automated Network Manager (ANM) before 5.2 E0401 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1611.
CVE-2007-5779 EXPLOITDB html WORKING POC
Gom Player - Memory Corruption
Buffer overflow in the GomManager (GomWeb Control) ActiveX control in GomWeb3.dll 1.0.0.12 in Gretech Online Movie Player (GOM Player) 2.1.6.3499 allows remote attackers to execute arbitrary code via a long argument to the OpenUrl method.
CVE-2012-0874 EXPLOITDB text WORKING POC
JBoss EAP/EWP/BRMS/SOA <5.2.0-5.3.1 - RCE
The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors. NOTE: this issue can only be exploited when the interceptor is not properly configured with a "second layer of authentication," or when used in conjunction with other vulnerabilities that bypass this second layer.
CVE-2011-5227 EXPLOITDB ruby WORKING POC
Enterasys Netsight < 4.1.0.79 - Memory Corruption
Stack-based buffer overflow in the Syslog service (nssyslogd.exe) in Enterasys Network Management Suite (NMS) before 4.1.0.80 allows remote attackers to execute arbitrary code via a long PRIO field in a message to UDP port 514.
CVE-2013-4822 EXPLOITDB ruby WORKING POC
HP iMC/BIMS - RCE
Unspecified vulnerability in HP Intelligent Management Center (iMC) and HP IMC Branch Intelligent Management System Software Module (aka BIMS) allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1606.
EIP-2026-118592 EXPLOITDB php WORKING POC
FTPDMIN 0.96 (Windows XP SP3) - 'RNFR' Remote Buffer Overflow
CVE-2006-6853 EXPLOITDB php WORKING POC
Durian Web App Server 3.02 - RCE
Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002.