Exploitdb Exploits
2,012 exploits tracked across all sources.
MetaProducts MetaTreeX 1.5.100 - ActiveX File Overwrite
by Houssamix
Ciansoft PDFBuilderX 2.2 - ActiveX Arbitrary File Overwrite
by Alfons Luja
EDraw Office Viewer 5.4 - 'HttpDownloadFile()' Insecure Method
by Cyber-Zone
EasyGrid ActiveX <3.51 - DoS
Insecure method vulnerability in the EasyGrid.SGCtrl.32 ActiveX control in EasyGrid.ocx 1.0.0.1 in AAA EasyGrid ActiveX 3.51 allows remote attackers to create and overwrite arbitrary files via the (1) DoSaveFile or (2) DoSaveHtmlFile method. NOTE: vector 1 could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.
by Houssamix
Word Viewer OCX 3.2 - ActiveX 'Save' Remote File Overwrite
by Houssamix
PowerPoint Viewer OCX 3.1 - Remote Command Execution
by Cyber-Zone
Office Viewer ActiveX Control 3.0.1 - Remote Command Execution
by Houssamix
Office Viewer ActiveX Control 3.0.1 - 'Save' Remote File Overwrite
by Houssamix
ExcelOCX ActiveX 3.2 - Download File Insecure Method
by Alfons Luja
Comersus Cart 6 - User Email and User Password Unauthorized Access
by ajann
Microsoft Internet Explorer - JavaScript screen[ ] Denial of Service
by Skylined
Apple Safari - Memory Corruption
Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a JavaScript function, possibly a related issue to CVE-2008-2307.
by Skylined
Megacubo - Code Injection
Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers to inject and execute arbitrary PHP code via the play action in a mega:// URI.
by JJunior
Megacubo - Code Injection
Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers to inject and execute arbitrary PHP code via the play action in a mega:// URI.
by Nine:Situations:Group
Saschart Sascam Webcam Server - Memory Corruption
Buffer overflow in the XHTTP Module 4.1.0.0 in the ActiveX control for SaschArt SasCam Webcam Server 2.6.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Get method and other unspecified methods.
by callAX
Chilkat Mail <7.8 - File Overwrite
Insecure method vulnerability in Chilkat Mail 7.8 ActiveX control (ChilkatCert.dll) allows remote attackers to overwrite arbitrary files via a full pathname to the SaveLastError method.
by callAX
Google Chrome <1.0.154.36 - Command Injection
Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission.
by Nine:Situations:Group
Microsoft Internet Explorer 8 beta 2 - Command Injection
Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
by Nine:Situations:Group
Phoenician Casino FlashAX <1.0.0.7 - Buffer Overflow
Heap-based buffer overflow in the Phoenician Casino FlashAX ActiveX control 1.0.0.7 allows remote attackers to execute arbitrary code via a long argument to the SetID method.
by e.wiZz!
Microsoft Internet Explorer - Resource Management Error
Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
by krafty
By Source