shinnai

212 exploits Active since Dec 2006
CVE-2008-2283 EXPLOITDB html WORKING POC
IDAutomation Barcode Components - Arbitrary File Write via SaveBarCode and SaveEnhWMF
IDAutomation allows remote attackers to overwrite arbitrary files via the argument to the (1) SaveBarCode and (2) SaveEnhWMF methods in (a) the IDAuto.BarCode.1 ActiveX control in IDAutomationLinear6.dll (aka IDAutomation Linear BarCode) 1.6.0.6, (b) the IDAuto.Datamatrix.1 ActiveX control in IDAutomationDMATRIX6.DLL (aka IDautomation Datamatrix Barcode) 1.6.0.6, (c) the IDAuto.PDF417.1 ActiveX control in IDAutomationPDF417_6.dll (aka IDautomation PDF417 Barcode) 1.6.0.6, and (d) the IDAuto.Aztec.1 ActiveX control in IDAutomationAZTEC.dll (aka IDautomation Aztec Barcode) 1.7.1.0.
CVE-2008-5002 EXPLOITDB ruby WORKING POC
Chilkat Crypt ActiveX Control - Arbitrary File Write via WriteFile Method
Insecure method vulnerability in the ChilkatCrypt2.ChilkatCrypt2.1 ActiveX control (ChilkatCrypt2.dll 4.3.2.1) in Chilkat Crypt ActiveX Component allows remote attackers to create and overwrite arbitrary files via the WriteFile method. NOTE: this could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.
CVE-2007-3649 EXPLOITDB html WORKING POC
HP Photo Digital Imaging ActiveX Control - Arbitrary File Write via SaveToFile Method
Absolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via the second argument to the SaveToFile method.
EIP-2026-118661 EXPLOITDB html WORKING POC
Hummingbird Deployment Wizard 10 - 'DeployRun.dll' ActiveX Control Multiple Security Vulnerabilities
CVE-2009-4219 EXPLOITDB html WORKING POC
MyActiveX <1.4.8.0 - Buffer Overflow
Stack-based buffer overflow in the MYACTIVEX.MyActiveXCtrl.1 ActiveX control in MyActiveX.ocx 1.4.8.0 in Haihaisoft Universal Player allows remote attackers to execute arbitrary code via a long URL property value. NOTE: some of these details are obtained from third party information.
CVE-2008-4728 EXPLOITDB html WORKING POC
Hummingbird Deployment Wizard 2008 - Unauthenticated Remote Code Execution via DeployRun ActiveX Methods
Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders.
CVE-2007-4420 EXPLOITDB html WORKING POC
EDraw Office Viewer Component 5.1 - Path Traversal
Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDownloadFile method, a different vulnerability than CVE-2007-3168 and CVE-2007-3169.
CVE-2007-1190 EXPLOITDB text WRITEUP
EmbeddedWB Web Browser - Remote Code Execution
Unspecified vulnerability in the EmbeddedWB Web Browser ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2008-4728 EXPLOITDB html WORKING POC
Hummingbird Deployment Wizard 2008 - Unauthenticated Remote Code Execution via DeployRun ActiveX Methods
Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders.
CVE-2007-3071 EXPLOITDB html WORKING POC
eSellerate SDK 3.6.5.0 - Buffer Overflow via GetWebStoreURL ActiveX Control
Buffer overflow in the GetWebStoreURL function in a certain ActiveX control in eSellerateControl365.dll 3.6.5.0 in eSellerate SDK allows user-assisted remote attackers to execute arbitrary code via a long first argument.
CVE-2008-6447 EXPLOITDB html WORKING POC
QuikSoft EasyMail MailStore ActiveX emmailstore.dll 6.5.0.3 - Buffer Overflow via CreateStore Method
Buffer overflow in emmailstore.dll 6.5.0.3 in the QuikSoft EasyMail MailStore ActiveX control allows remote attackers to execute arbitrary code via a long first argument to the CreateStore method.
CVE-2007-5111 EXPLOITDB html WORKING POC
EB Design ebCrypt - Denial of Service via AddString Method
A certain ActiveX control in EBCRYPT.DLL 2.0 in EB Design ebCrypt allows remote attackers to cause a denial of service (crash) via a string argument to the AddString method.
CVE-2007-2725 EXPLOITDB html WORKING POC
DB Software Laboratory DeWizardX - Buffer Overflow
The DB Software Laboratory DeWizardX (DEWizardAX.ocx) ActiveX control allows remote attackers to overwrite arbitrary files via the SaveToFile function.
CVE-2007-5826 EXPLOITDB html WORKING POC
EDraw Flowchart ActiveX <2.0.2005.1104 - Path Traversal
Absolute path traversal vulnerability in the EDraw Flowchart ActiveX control in EDImage.ocx 2.0.2005.1104 allows remote attackers to create or overwrite arbitrary files with arbitrary contents via a full pathname in the second argument to the HttpDownloadFile method, a different product than CVE-2007-4420.
CVE-2007-3983 EXPLOITDB html WORKING POC
ActiveReports 2.5.0.1308 - Arbitrary File Write via SaveLayout Method
Absolute path traversal vulnerability in the Data Dynamics DDActiveReports2.ActiveReport.2 (ActiveReports) ActiveX control in arpro2.dll in ActiveReports 2.0 Professional Edition 2.5.0.1308 (SP5 RC) allows remote attackers to create or overwrite arbitrary files via a full pathname in an argument to the SaveLayout method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
CVE-2007-3168 EXPLOITDB html WORKING POC
EDraw Office Viewer Component < 5.0 - Arbitrary File Deletion via DeleteLocalFile Method
A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFile method.
CVE-2008-4728 EXPLOITDB html WORKING POC
Hummingbird Deployment Wizard 2008 - Unauthenticated Remote Code Execution via DeployRun ActiveX Methods
Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders.
CVE-2008-4750 EXPLOITDB html WORKING POC
DB Software Laboratory VImp X 4.8.8.0 - Stack-Based Buffer Overflow via Long LogFile Property
Stack-based buffer overflow in the VImpX.VImpAX ActiveX control (VImpX.ocx) 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allows remote attackers to execute arbitrary code via a long LogFile property.
CVE-2020-5147 EXPLOITDB MEDIUM text WRITEUP
SonicWall NetExtender <10.2.300 - Privilege Escalation
SonicWall NetExtender Windows client vulnerable to unquoted service path vulnerability, this allows a local attacker to gain elevated privileges in the host operating system. This vulnerability impact SonicWall NetExtender Windows client version 10.2.300 and earlier.
CVSS 5.3
CVE-2008-2693 EXPLOITDB html WORKING POC
Black Ice Barcode SDK 5.01 - Stack-Based Buffer Overflow via BITiffCtrl SetByteOrder Method
Stack-based buffer overflow in the BITIFF.BITiffCtrl.1 ActiveX control in BITiff.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to execute arbitrary code via a long first argument to the SetByteOrder method.
CVE-2008-2745 EXPLOITDB html WORKING POC
Black Ice Software Annotation Plugin 10.95 - Stack-based Buffer Overflow via AnnoSaveToTiff Method
Stack-based buffer overflow in BiAnno ActiveX Control (BiAnno.ocx) in Black Ice Software Annotation Plugin 10.95 allows remote attackers to execute arbitrary code via a long parameter to the AnnoSaveToTiff method.
CVE-2008-2745 EXPLOITDB html WORKING POC
Black Ice Software Annotation Plugin 10.95 - Stack-based Buffer Overflow via AnnoSaveToTiff Method
Stack-based buffer overflow in BiAnno ActiveX Control (BiAnno.ocx) in Black Ice Software Annotation Plugin 10.95 allows remote attackers to execute arbitrary code via a long parameter to the AnnoSaveToTiff method.
CVE-2008-2683 EXPLOITDB ruby WORKING POC
Black Ice Barcode SDK - Arbitrary File Write via BIDIB.BIDIBCtrl.1 DownloadImageFileURL Method
The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to force the download and storage of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL method, and the local filename in the second argument. NOTE: some of these details are obtained from third party information.
CVE-2007-2239 EXPLOITDB html WORKING POC
AXIS Network Cameras < 2.39 - Stack-Based Buffer Overflow via SaveBMP Method
Stack-based buffer overflow in the SaveBMP method in the AXIS Camera Control (aka CamImage) ActiveX control before 2.40.0.0 in AxisCamControl.ocx in AXIS 2100, 2110, 2120, 2130 PTZ, 2420, 2420-IR, 2400, 2400+, 2401, 2401+, 2411, and Panorama PTZ allows remote attackers to cause a denial of service (Internet Explorer crash) or execute arbitrary code via a long argument.
CVE-2008-2683 EXPLOITDB ruby WORKING POC
Black Ice Barcode SDK - Arbitrary File Write via BIDIB.BIDIBCtrl.1 DownloadImageFileURL Method
The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to force the download and storage of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL method, and the local filename in the second argument. NOTE: some of these details are obtained from third party information.