skape

24 exploits Active since Jun 2003
CVE-2007-0038 EXPLOITDB ruby WORKING POC
Microsoft Windows 2000 SP4 through Vista - Remote Code Execution via Animated Cursor RIFF File
Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.
CVE-2007-0038 METASPLOIT ruby WORKING POC
Microsoft Windows 2000 SP4 through Vista - Remote Code Execution via Animated Cursor RIFF File
Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.
CVE-2003-0344 METASPLOIT ruby WORKING POC
Microsoft Internet Explorer <6.0 - RCE
Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.
CVE-2004-0636 METASPLOIT ruby WORKING POC
AOL Instant Messenger <5.5.3595 - RCE
Buffer overflow in the goaway function in the aim:goaway URI handler for AOL Instant Messenger (AIM) 5.5, including 5.5.3595, allows remote attackers to execute arbitrary code via a long Away message.
CVE-2006-3961 METASPLOIT ruby WORKING POC
McAfee Security Center 6.0.23 - Buffer Overflow via mcsubmgr.dll Long String Parameters
Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf.
CVE-2006-4777 METASPLOIT ruby WORKING POC
Internet Explorer 6.0 SP1 - Buffer Overflow
Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446.
CVE-2004-0541 METASPLOIT ruby WORKING POC
Squid Web Proxy Cache 2.5.x and 3.x - Remote Code Execution via NTLM Authentication Password Overflow
Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable).
CVE-2007-1765 METASPLOIT ruby WORKING POC
Microsoft Windows 2000 and 2003 Server - Remote Code Execution via Malformed ANI File
Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.
CVE-1978-1234 METASPLOIT ruby STUB
Sample Linux Priv Esc
This exploit module illustrates how a vulnerability could be exploited in an linux command for priv esc.
CVE-2004-2221 METASPLOIT ruby WORKING POC
Mercantec SoftCart 4.00b - Remote Code Execution via Long HTTP GET Parameter
Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows remote attackers to execute arbitrary code via a long parameter in an HTTP GET request.
CVE-2007-0038 EXPLOITDB ruby WORKING POC
Microsoft Windows 2000 SP4 through Vista - Remote Code Execution via Animated Cursor RIFF File
Stack-based buffer overflow in the animated cursor code in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a large length value in the second (or later) anih block of a RIFF .ANI, cur, or .ico file, which results in memory corruption when processing cursors, animated cursors, and icons, a variant of CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this might be a duplicate of CVE-2007-1765; if so, then CVE-2007-0038 should be preferred.
CVE-2006-3961 EXPLOITDB ruby WORKING POC
McAfee Security Center 6.0.23 - Buffer Overflow via mcsubmgr.dll Long String Parameters
Buffer overflow in McSubMgr ActiveX control (mcsubmgr.dll) in McAfee Security Center 6.0.23 for Internet Security Suite 2006, Wireless Home Network Security, Personal Firewall Plus, VirusScan, Privacy Service, SpamKiller, AntiSpyware, and QuickClean allows remote user-assisted attackers to execute arbitrary commands via long string parameters, which are later used in vsprintf.
CVE-2004-2221 EXPLOITDB ruby WORKING POC
Mercantec SoftCart 4.00b - Remote Code Execution via Long HTTP GET Parameter
Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows remote attackers to execute arbitrary code via a long parameter in an HTTP GET request.
CVE-2006-4777 EXPLOITDB ruby WORKING POC
Internet Explorer 6.0 SP1 - Buffer Overflow
Heap-based buffer overflow in the DirectAnimation Path Control (DirectAnimation.PathControl) COM object (daxctle.ocx) for Internet Explorer 6.0 SP1, on Chinese and possibly other Windows distributions, allows remote attackers to execute arbitrary code via unknown manipulations in arguments to the KeyFrame method, possibly related to an integer overflow, as demonstrated by daxctle2, and a different vulnerability than CVE-2006-4446.
CVE-2003-0344 EXPLOITDB ruby WORKING POC
Microsoft Internet Explorer <6.0 - RCE
Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code via / (slash) characters in the Type property of an Object tag in a web page.
CVE-2007-1765 EXPLOITDB ruby WORKING POC
Microsoft Windows 2000 and 2003 Server - Remote Code Execution via Malformed ANI File
Unspecified vulnerability in Microsoft Windows 2000 SP4 through Vista allows remote attackers to execute arbitrary code or cause a denial of service (persistent reboot) via a malformed ANI file, which results in memory corruption when processing cursors, animated cursors, and icons, a similar issue to CVE-2005-0416, as originally demonstrated using Internet Explorer 6 and 7. NOTE: this issue might be a duplicate of CVE-2007-0038; if so, then use CVE-2007-0038 instead of this identifier.
EIP-2026-118687 EXPLOITDB ruby WORKING POC
Intel Centrino ipw2200BG - Wireless Driver Remote Buffer Overflow (Metasploit)
CVE-2007-1819 EXPLOITDB perl WORKING POC
HP Mercury Quality Center 9.0 - Stack-Based Buffer Overflow via SPIDERLib.Loader ActiveX ProgColor Property
Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control (Spider90.ocx) 9.1.0.4353 in TestDirector (TD) for Mercury Quality Center 9.0 before Patch 12.1, and 8.2 SP1 before Patch 32, allows remote attackers to execute arbitrary code via a long ProgColor property.
CVE-2006-6055 EXPLOITDB ruby WORKING POC
D-Link DWL-G132 A5AGU.SYS 1.0.1.41 - Stack-Based Buffer Overflow via 802.11 Beacon Rates IE
Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 wireless adapter allows remote attackers to execute arbitrary code via a 802.11 beacon request with a long Rates information element (IE).
CVE-2006-5882 EXPLOITDB ruby WORKING POC
Linksys WPC300N Wireless-N Notebook Adapter Driver - Stack-Based Buffer Overflow via Long SSID in 802.11 Response Frame
Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver 3.50.21.10, as used in Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products, allows remote attackers to execute arbitrary code via an 802.11 response frame containing a long SSID field.
CVE-2004-0636 EXPLOITDB ruby WORKING POC
AOL Instant Messenger <5.5.3595 - RCE
Buffer overflow in the goaway function in the aim:goaway URI handler for AOL Instant Messenger (AIM) 5.5, including 5.5.3595, allows remote attackers to execute arbitrary code via a long Away message.
CVE-2004-0541 EXPLOITDB ruby WORKING POC
Squid Web Proxy Cache 2.5.x and 3.x - Remote Code Execution via NTLM Authentication Password Overflow
Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable).
CVE-2004-0541 EXPLOITDB ruby WORKING POC
Squid Web Proxy Cache 2.5.x and 3.x - Remote Code Execution via NTLM Authentication Password Overflow
Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable).
CVE-2004-2221 EXPLOITDB ruby WORKING POC
Mercantec SoftCart 4.00b - Remote Code Execution via Long HTTP GET Parameter
Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows remote attackers to execute arbitrary code via a long parameter in an HTTP GET request.