shinnai

212 exploits Active since Dec 2006
CVE-2008-2683 EXPLOITDB ruby WORKING POC
Black Ice Barcode SDK - Arbitrary File Write via BIDIB.BIDIBCtrl.1 DownloadImageFileURL Method
The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to force the download and storage of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL method, and the local filename in the second argument. NOTE: some of these details are obtained from third party information.
CVE-2008-2683 EXPLOITDB ruby WORKING POC
Black Ice Barcode SDK - Arbitrary File Write via BIDIB.BIDIBCtrl.1 DownloadImageFileURL Method
The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to force the download and storage of arbitrary files by specifying the origin URL in the first argument to the DownloadImageFileURL method, and the local filename in the second argument. NOTE: some of these details are obtained from third party information.
CVE-2008-2745 EXPLOITDB html WORKING POC
Black Ice Software Annotation Plugin 10.95 - Stack-based Buffer Overflow via AnnoSaveToTiff Method
Stack-based buffer overflow in BiAnno ActiveX Control (BiAnno.ocx) in Black Ice Software Annotation Plugin 10.95 allows remote attackers to execute arbitrary code via a long parameter to the AnnoSaveToTiff method.
CVE-2008-2745 EXPLOITDB html WORKING POC
Black Ice Software Annotation Plugin 10.95 - Stack-based Buffer Overflow via AnnoSaveToTiff Method
Stack-based buffer overflow in BiAnno ActiveX Control (BiAnno.ocx) in Black Ice Software Annotation Plugin 10.95 allows remote attackers to execute arbitrary code via a long parameter to the AnnoSaveToTiff method.
CVE-2008-2684 EXPLOITDB html WORKING POC
Black Ice Barcode SDK 5.01 - Remote Code Execution via BIDIB.BIDIBCtrl.1 ActiveX DownloadImageFileURL Method
The BIDIB.BIDIBCtrl.1 ActiveX control in BIDIB.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to execute arbitrary code via long strings in the two arguments to the DownloadImageFileURL method, which trigger memory corruption. NOTE: some of these details are obtained from third party information.
CVE-2008-2693 EXPLOITDB html WORKING POC
Black Ice Barcode SDK 5.01 - Stack-Based Buffer Overflow via BITiffCtrl SetByteOrder Method
Stack-based buffer overflow in the BITIFF.BITiffCtrl.1 ActiveX control in BITiff.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to execute arbitrary code via a long first argument to the SetByteOrder method.
CVE-2008-2693 EXPLOITDB html WORKING POC
Black Ice Barcode SDK 5.01 - Stack-Based Buffer Overflow via BITiffCtrl SetByteOrder Method
Stack-based buffer overflow in the BITIFF.BITiffCtrl.1 ActiveX control in BITiff.ocx 10.9.3.0 in Black Ice Barcode SDK 5.01 allows remote attackers to execute arbitrary code via a long first argument to the SetByteOrder method.
CVE-2008-0392 EXPLOITDB python WORKING POC
Microsoft Visual Basic Enterprise Edition 6.0 SP6 - Buffer Overflow via .dsr File ConnectionName or CommandName
Multiple buffer overflows in Microsoft Visual Basic Enterprise Edition 6.0 SP6 allow user-assisted remote attackers to execute arbitrary code via a .dsr file with a long (1) ConnectionName or (2) CommandName line.
CVE-2008-1709 EXPLOITDB python WORKING POC
Microsoft Visual InterDev 6.0 (SP6) - Buffer Overflow
Buffer overflow in Microsoft Visual InterDev 6.0 (SP6) allows user-assisted attackers to execute arbitrary code via a Studio Solution (.SLN) file with a long malformed Project line beginning with a 'Project("{}") =' sequence, probably a different vector than CVE-2008-0250.
CVE-2007-4776 EXPLOITDB python WORKING POC
Microsoft Visual Basic 6.0 and Enterprise Edition 6.0 SP6 - Buffer Overflow via Long Reference Line in VBP File
Buffer overflow in Microsoft Visual Basic 6.0 and Enterprise Edition 6.0 SP6 allows user-assisted remote attackers to execute arbitrary code via a Visual Basic project (vbp) file containing a long Reference line, related to VBP_Open and OLE. NOTE: there are limited usage scenarios under which this would be a vulnerability.
EIP-2026-117845 EXPLOITDB python WORKING POC
Realtek Sound Manager 1.15.0.0 - Playlist Overwrite (SEH)
CVE-2008-5664 EXPLOITDB python WORKING POC
Realtek Media Player <1.15.0.0 - Buffer Overflow
Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound Manager, RtlRack, or rtlrack.exe) 1.15.0.0 allows remote attackers to execute arbitrary code via a crafted playlist (PLA) file.
CVE-2007-5653 EXPLOITDB php WORKING POC
PHP < 5.2.4 - OS Command Injection via COM Functions
The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill bit set in the corresponding ActiveX control Compatibility Flags, executing programs via a function in compatUI.dll, invoking wscript.shell via wscript.exe, invoking Scripting.FileSystemObject via wshom.ocx, and adding users via a function in shgina.dll, related to the com_load_typelib function.
CVE-2007-5447 EXPLOITDB php WORKING POC
ionCube Loader 6.5 for PHP 5.2.4 - Safe Mode and Function Restriction Bypass via ioncube_read_file
ioncube_loader_win_5.2.dll in the ionCube Loader 6.5 extension for PHP 5.2.4 does not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by reading arbitrary files via the ioncube_read_file function.
CVE-2007-4010 EXPLOITDB php WORKING POC
PHP 5.2.3 - Remote Code Execution via win_shell_execute Function
The win32std extension in PHP 5.2.3 does not follow safe_mode and disable_functions restrictions, which allows remote attackers to execute arbitrary commands via the win_shell_execute function.
CVE-2007-1413 EXPLOITDB php WORKING POC
PHP < 5.2.3 - Buffer Overflow in SNMP Extension via snmpget Function
Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary code via a long value in the third argument (object id).
CVE-2022-47636 EXPLOITDB HIGH text WRITEUP
OutSystems Service Studio 11 11.53.30 - Uncontrolled Search Path Element via .oml File Handling
A DLL hijacking vulnerability has been discovered in OutSystems Service Studio 11 11.53.30 build 61739. When a user open a .oml file (OutSystems Modeling Language), the application will load the following DLLs from the same directory av_libGLESv2.dll, libcef.DLL, user32.dll, and d3d10warp.dll. Using a crafted DLL, it is possible to execute arbitrary code in the context of the current logged in user.
CVSS 7.8
CVE-2007-2576 EXPLOITDB html WORKING POC
East Wind Software advdaudio.ocx <1.5.1.1 - Buffer Overflow
Buffer overflow in the East Wind Software advdaudio.ocx 1.5.1.1 ActiveX control allows user-assisted remote attackers to execute arbitrary code via a long OpenDVD property value. NOTE: this issue might be related to CVE-2007-0976.
CVE-2023-31468 EXPLOITDB HIGH text WRITEUP
Inosoft VisiWin <2022-2.1 - Privilege Escalation
An issue was discovered in Inosoft VisiWin 7 through 2022-2.1 (Runtime RT7.3 RC3 20221209.5). The "%PROGRAMFILES(X86)%\INOSOFT GmbH" folder has weak permissions for Everyone, allowing an attacker to insert a Trojan horse file that runs as SYSTEM. 2024-1 is a fixed version.
CVSS 7.8
CVE-2007-0256 EXPLOITDB python WORKING POC
VideoLAN VLC 0.8.6a - Denial of Service via Crafted WMV File
VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file.
CVE-2007-2563 EXPLOITDB html WORKING POC
VersalSoft HTTP File Upload < - RCE
Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ActiveX control (UFileUploaderD.dll) allows remote attackers to execute arbitrary code via a long argument.
CVE-2008-3879 EXPLOITDB html WORKING POC
Ultra Office Control 2.0.2008.801 - RCE
The Ultra.OfficeControl ActiveX control in OfficeCtrl.ocx 2.0.2008.801 and earlier in Ultra Shareware Ultra Office Control allows remote attackers to force the download of arbitrary files onto a client system via a URL in the first argument to the Open method, in conjunction with a full destination pathname in the first argument (SaveAsDocument argument) to the Save method.
EIP-2026-116443 EXPLOITDB text WRITEUP
UCanCode - Multiple Vulnerabilities
EIP-2026-116344 EXPLOITDB text WRITEUP
SumatraPDF 2.0.1 - '.chm' / '.mobi' Memory Corruption
CVE-2007-2526 EXPLOITDB html WORKING POC
SmartCode VNC Manager 3.6 - Buffer Overflow
Heap-based buffer overflow in the ConnectAsyncEx function in VNC Viewer ActiveX control (scvncctrl.dll) in the SmartCode VNC Manager 3.6 allows remote attackers to execute arbitrary code via a long argument.