shinnai

212 exploits Active since Dec 2006
CVE-2007-6605 EXPLOITDB html WORKING POC
SkyFexClient <1.0 - Buffer Overflow
Buffer overflow in a certain ActiveX control in SkyFexClient.ocx 1.0.2.77 in SkyFex Client 1.0 allows remote attackers to execute arbitrary code via long strings in the first four arguments to the Start method.
CVE-2007-6326 EXPLOITDB python WORKING POC
Sergey Lyubka Simple HTTPD 1.3 - DoS
Sergey Lyubka Simple HTTPD (shttpd) 1.3 on Windows allows remote attackers to cause a denial of service via a request that includes an MS-DOS device name, as demonstrated by the /aux URI.
EIP-2026-116209 EXPLOITDB python WORKING POC
Sami HTTP Server 2.0.1 - POST Denial of Service
CVE-2007-0548 EXPLOITDB python WORKING POC
Karjasoft Sami HTTP Server - Denial of Service
KarjaSoft Sami HTTP Server 2.0.1 allows remote attackers to cause a denial of service (daemon hang) via a large number of requests for nonexistent objects.
CVE-2007-2623 EXPLOITDB html WORKING POC
Remote Display Dev kit 1.2.1.0 - Buffer Overflow
Multiple buffer overflows in RControl.dll in Remote Display Dev kit 1.2.1.0 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via (1) a long first argument to the connect function or (2) a long InternalServer property value, possibly involving ntdll.dll.
CVE-2007-0766 EXPLOITDB python WORKING POC
Remotesoft .NET Explorer 2.0.1 - Buffer Overflow
Stack-based buffer overflow in Remotesoft .NET Explorer 2.0.1 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file.
EIP-2026-116641 EXPLOITDB python WORKING POC
Zervit Web Server 0.3 - Remote Denial of Service
EIP-2026-116632 EXPLOITDB text WORKING POC
Yahoo! CD Player - ActiveX Control 'open()' Method Stack Buffer Overflow
CVE-2008-5626 EXPLOITDB python WORKING POC
XM Easy Personal FTP Server 5.6.0 - DoS
XM Easy Personal FTP Server 5.6.0 allows remote authenticated users to cause a denial of service via a crafted argument to the NLST command, as demonstrated by a -1 argument.
CVE-2006-6751 EXPLOITDB python WORKING POC
XM Easy Personal FTP Server <5.2.1 - DoS
Format string vulnerability in XM Easy Personal FTP Server 5.2.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in the USER command or certain other available or nonexistent commands. NOTE: It was later reported that 5.3.0 is also vulnerable.
CVE-2007-2496 EXPLOITDB html WORKING POC
WordViewer.ocx 3.2.0.5 - DoS
The WordOCX ActiveX control in WordViewer.ocx 3.2.0.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) GotoPage, (6) Save, (7) SaveWebFile, (8) HttpDownloadFile, (9) Open, (10) OpenWebFile, (11) SaveAs, or (12) ShowWordStandardDialog property value.
CVE-2006-6673 EXPLOITDB python WORKING POC
WinFtp Server 2.0.2 - DoS
WinFtp Server 2.0.2 allows remote attackers to cause a denial of service (crash) via long (1) PASV, (2) LIST, (3) USER, (4) PORT, and possibly other commands.
CVE-2009-3707 EXPLOITDB python WORKING POC
Vmware Ace - Format String Vulnerability
VMware Authentication Daemon 1.0 in vmware-authd.exe in the VMware Authorization Service in VMware Workstation 7.0 before 7.0.1 build 227600 and 6.5.x before 6.5.4 build 246459, VMware Player 3.0 before 3.0.1 build 227600 and 2.5.x before 2.5.4 build 246459, VMware ACE 2.6 before 2.6.1 build 227600 and 2.5.x before 2.5.4 build 246459, and VMware Server 2.x allows remote attackers to cause a denial of service (process crash) via a \x25\xFF sequence in the USER and PASS commands, related to a "format string DoS" issue. NOTE: some of these details are obtained from third party information.
CVE-2008-3892 EXPLOITDB html WORKING POC
VMware <5.5.8-6.0.5-1.0.8-2.0.5-1.0.7 - Buffer Overflow
Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call to the GuestInfo method in which there is a long string argument, and an assignment of a long string value to the result of this call. NOTE: this may overlap CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, or CVE-2008-3696.
CVE-2008-2959 EXPLOITDB text WORKING POC
Microsoft Visual Basic Enterprise Edition - Memory Corruption
Buffer overflow in a certain ActiveX control (vb6skit.dll) in Microsoft Visual Basic Enterprise Edition 6.0 SP6 might allow remote attackers to execute arbitrary code via a long lpstrLinkPath argument to the fCreateShellLink function.
CVE-2007-5911 EXPLOITDB html WORKING POC
Viewpoint Media Player - Memory Corruption
Multiple stack-based buffer overflows in the AxMetaStream ActiveX control in AxMetaStream.dll 3.3.2.26 in Viewpoint Media Player 3.2 allow remote attackers to execute arbitrary code via a long string argument to the (1) BroadcastKey, (2) BroadcastKeyFileURL, (3) Component, (4) ComponentClassID, (5) ComponentFileName, (6) ExtraProperty, (7) Properties, (8) RequiredVersions, (9) Source, or (10) XMLText method.
CVE-2007-0256 EXPLOITDB python WORKING POC
Videolan Vlc Media Player - Denial of Service
VideoLAN VLC 0.8.6a allows remote attackers to cause a denial of service (application crash) via a crafted .wmv file.
CVE-2009-1602 EXPLOITDB python WORKING POC
Pablosoftwaresolutions Quick'n Easy Mail Server - Memory Corruption
Pablo Software Solutions Quick 'n Easy Mail Server 3.3 allows remote attackers to cause a denial of service (daemon outage or CPU consumption) via multiple long SMTP commands, as demonstrated by HELO commands.
CVE-2006-6759 EXPLOITDB html WORKING POC
RealNetworks RealPlayer 10.5 - DoS
A certain ActiveX control in rpau3260.dll in RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer crash) by invoking the RealPlayer.Initialize method with certain arguments.
CVE-2006-6847 EXPLOITDB html WORKING POC
RealPlayer 10.5 - DoS
An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the RealPlayer.OpenURLInPlayerBrowser method with a long second argument.
EIP-2026-116163 EXPLOITDB python WORKING POC
RealNetwork RealPlayer 10.5 - '.MID' File Handling Remote Denial of Service
CVE-2007-2744 EXPLOITDB html WORKING POC
PrecisionID Barcode 1.9 - Buffer Overflow
Stack-based buffer overflow in the PrecisionID Barcode 1.9 ActiveX control in PrecisionID_Barcode.dll allows remote attackers to cause a denial of service (Internet Explorer 6 crash), and possibly execute arbitrary code, via a long argument to the SaveBarCode method. NOTE: this issue might overlap CVE-2007-2657.
CVE-2007-2657 EXPLOITDB html WORKING POC
PrecisionID Barcode <1.3 - DoS
Unspecified vulnerability in the PrecisionID Barcode 1.3 ActiveX control in PrecisionID_DataMatrix.DLL allows remote attackers to cause a denial of service via a long argument to the SaveBarCode method.
CVE-2007-2494 EXPLOITDB html WORKING POC
PowerPointViewer.ocx 3.1.0.3 - Buffer Overflow
Multiple stack-based buffer overflows in the PowerPointOCX ActiveX control in PowerPointViewer.ocx 3.1.0.3 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) OpenWebFile property value. NOTE: some of these details are obtained from third party information.
CVE-2007-4507 EXPLOITDB php WORKING POC
PHP 5.2.3 - Buffer Overflow
Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getusergroups, or (4) ntuser_getdomaincontroller functions.