shinnai

212 exploits Active since Dec 2006
CVE-2010-0356 EXPLOITDB ruby WORKING POC
Viscom Software Movie Player Pro SDK ActiveX 6.8 - Stack-Based Buffer Overflow via DrawText strFontName Parameter
Stack-based buffer overflow in the MOVIEPLAYER.MoviePlayerCtrl.1 ActiveX control in MoviePlayer.ocx 6.8.0.0 in Viscom Software Movie Player Pro SDK ActiveX 6.8 allows remote attackers to execute arbitrary code via a long strFontName parameter to the DrawText method.
EIP-2026-119331 EXPLOITDB html WORKING POC
Zenturi ProgramChecker - 'ActiveX NavigateUrl()' Insecure Method
CVE-2007-3984 EXPLOITDB html WORKING POC
Zenturi ProgramChecker - Buffer Overflow via Scan Method in NixonMyPrograms ActiveX Control
Buffer overflow in a certain ActiveX control in the NixonMyPrograms class in sasatl.dll 1.5.0.531 in Zenturi ProgramChecker allows remote attackers to execute arbitrary code via a long argument to the Scan method. NOTE: this is probably a different issue than CVE-2007-2987.
CVE-2007-4582 EXPLOITDB html WORKING POC
ACTi Network Video Recorder SP2 2.0 - Remote Code Execution via nvUnifiedControl.AUnifiedControl.1 SetText Method
Buffer overflow in the nvUnifiedControl.AUnifiedControl.1 ActiveX control in nvUnifiedControl.dll 1.1.45.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allows remote attackers to execute arbitrary code via a long second argument to the SetText method.
CVE-2007-3493 EXPLOITDB html WORKING POC
NCTAudioStudio <2.7 - Path Traversal
A certain ActiveX control in NCTWavChunksEditor2.dll 2.6.1.148 in NCTAudioStudio (NCTAudioStudio2) 2.7, as used by Sienzo DMM and probably other products, allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the CreateFile method, a different product than CVE-2007-3400.
CVE-2007-4982 EXPLOITDB html WORKING POC
MW6 QRCode ActiveX < 3.0.0.1 - Arbitrary File Write via SaveAsBMP or SaveAsWMF Method
Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCode.1 ActiveX control in MW6QRCode.dll in MW6 Technologies QRCode ActiveX 3.0.0.1 and earlier allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveAsBMP or (2) SaveAsWMF method. NOTE: some of these details are obtained from third party information.
EIP-2026-118947 EXPLOITDB html WORKING POC
NCTsoft - 'AudFile.dll' ActiveX Control Remote Buffer Overflow
CVE-2007-4583 EXPLOITDB html WORKING POC
ACTi Network Video Recorder SP2 2.0 - Path Traversal and Arbitrary File Write via nvUtility.Utility.1 ActiveX Control
Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1) create or overwrite arbitrary files via a full pathname in the first argument to the SaveXMLFile method or (2) delete arbitrary files via a full pathname in the argument to the DeleteXMLFile method.
CVE-2007-3400 EXPLOITDB html WORKING POC
NCTAudioEditor and NCTAudioStudio - Arbitrary File Write via NCTWMAFile2.dll CreateFile Method
The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as distributed in NCTAudioEditor and NCTAudioStudio 2.7, allows remote attackers to overwrite arbitrary files via the CreateFile method.
CVE-2007-2563 EXPLOITDB html WORKING POC
VersalSoft HTTP File Upload < - RCE
Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ActiveX control (UFileUploaderD.dll) allows remote attackers to execute arbitrary code via a long argument.
CVE-2008-3878 EXPLOITDB html WORKING POC
Ultra Office Control <2.0.2008.801 - Buffer Overflow
Stack-based buffer overflow in the Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 in Ultra Shareware Ultra Office Control allows remote attackers to execute arbitrary code via long strUrl, strFile, and strPostData parameters to the HttpUpload method.
CVE-2007-4902 EXPLOITDB html WORKING POC
Ultra Crypto Component <= 2.0 - Arbitrary File Write via CryptoX.dll SaveToFile Method
Absolute path traversal vulnerability in a certain ActiveX control in CryptoX.dll 2.0 and earlier in the Ultra Crypto Component allows remote attackers to write to arbitrary files via a full pathname in the argument to the SaveToFile method.
CVE-2007-4903 EXPLOITDB html WORKING POC
Ultra Crypto Component <= 2.0 - Remote Code Execution via CryptoX.dll ActiveX Buffer Overflow
Multiple buffer overflows in a certain ActiveX control in CryptoX.dll 2.0 and earlier in the Ultra Crypto Component allow remote attackers to execute arbitrary code via (1) a long string in the first argument to the AcquireContext method or (2) an unspecified vector to the DeleteContext method.
CVE-2023-31067 EXPLOITDB CRITICAL text WRITEUP
TSplus Remote Access <16.0.2.14 - Info Disclosure
An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\Clients\www.
CVSS 9.8
EIP-2026-119135 EXPLOITDB html WORKING POC
Sienzo Digital Music Mentor - 'DSKernel2.dll' ActiveX Control Stack Buffer Overflow
CVE-2007-3233 EXPLOITDB html WORKING POC
TEC-IT TBarCode OCX <7.0.2.3524 - RCE
The TEC-IT TBarCode OCX ActiveX control (TBarCode7.ocx) 7.0.2.3524 allows remote attackers to overwrite arbitrary files via the SaveImage method.
CVE-2007-2755 EXPLOITDB html WORKING POC
PrecisionID Barcode 1.9 - Path Traversal
The PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll, when Internet Explorer 6 is used, allows remote attackers to overwrite arbitrary files via a full pathname to the SaveToFile function, a different vulnerability than CVE-2007-2744.
CVE-2007-6516 EXPLOITDB html WORKING POC
RavWare Software MAS Flic ActiveX Control <1.0.0.1 - Buffer Overflow
Buffer overflow in RavWare Software MAS Flic ActiveX Control (masflc.ocx) 1.0.0.1 allows remote attackers to execute arbitrary code via a long FileName property.
CVE-2023-31069 EXPLOITDB CRITICAL text WRITEUP
TSplus Remote Access <16.0.2.14 - Info Disclosure
An issue was discovered in TSplus Remote Access through 16.0.2.14. Credentials are stored as cleartext within the HTML source code of the login page.
CVSS 9.8
CVE-2007-5320 EXPLOITDB html WORKING POC
Pegasus Imaging ImagXpress 8.0 - Path Traversal via CacheFile and CompactFile Attributes
Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll).
CVE-2008-3878 EXPLOITDB ruby WORKING POC
Ultra Office Control <2.0.2008.801 - Buffer Overflow
Stack-based buffer overflow in the Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 in Ultra Shareware Ultra Office Control allows remote attackers to execute arbitrary code via long strUrl, strFile, and strPostData parameters to the HttpUpload method.
CVE-2007-4583 EXPLOITDB html WORKING POC
ACTi Network Video Recorder SP2 2.0 - Path Traversal and Arbitrary File Write via nvUtility.Utility.1 ActiveX Control
Multiple absolute path traversal vulnerabilities in the nvUtility.Utility.1 ActiveX control in nvUtility.dll 1.0.14.0 in ACTi Network Video Recorder (NVR) SP2 2.0 allow remote attackers to (1) create or overwrite arbitrary files via a full pathname in the first argument to the SaveXMLFile method or (2) delete arbitrary files via a full pathname in the argument to the DeleteXMLFile method.
EIP-2026-119031 EXPLOITDB html WORKING POC
Pegasus Imaging ThumbnailXpress 1.0 - Arbitrary File Deletion
CVE-2023-31068 EXPLOITDB CRITICAL text WRITEUP
TSplus Remote Access <16.0.2.14 - Info Disclosure
An issue was discovered in TSplus Remote Access through 16.0.2.14. There are Full Control permissions for Everyone on some directories under %PROGRAMFILES(X86)%\TSplus\UserDesktop\themes.
CVSS 9.8
EIP-2026-119050 EXPLOITDB html WORKING POC
PrecisionID Barcode - 'PrecisionID_Barcode.dll' ActiveX 1.9 Control Arbitrary File Overwrite