Exploitdb Exploits
2,009 exploits tracked across all sources.
Ciansoft PDFBuilderX 2.2 - ActiveX Arbitrary File Overwrite
by Alfons Luja
EDraw Office Viewer 5.4 - 'HttpDownloadFile()' Insecure Method
by Cyber-Zone
EasyGrid.SGCtrl.32 ActiveX 1.0.0.1 - Arbitrary File Write via DoSaveFile or DoSaveHtmlFile Method
Insecure method vulnerability in the EasyGrid.SGCtrl.32 ActiveX control in EasyGrid.ocx 1.0.0.1 in AAA EasyGrid ActiveX 3.51 allows remote attackers to create and overwrite arbitrary files via the (1) DoSaveFile or (2) DoSaveHtmlFile method. NOTE: vector 1 could be leveraged for code execution by creating executable files in Startup folders or by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.
by Houssamix
Word Viewer OCX 3.2 - ActiveX 'Save' Remote File Overwrite
by Houssamix
PowerPoint Viewer OCX 3.1 - Remote Command Execution
by Cyber-Zone
Office Viewer ActiveX Control 3.0.1 - Remote Command Execution
by Houssamix
Office Viewer ActiveX Control 3.0.1 - 'Save' Remote File Overwrite
by Houssamix
ExcelOCX ActiveX 3.2 - Download File Insecure Method
by Alfons Luja
Comersus Cart 6 - User Email and User Password Unauthorized Access
by ajann
Microsoft Internet Explorer - JavaScript screen[ ] Denial of Service
by Skylined
Apple Safari - Integer Signedness Error in JavaScript Function Arguments Array
Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a JavaScript function, possibly a related issue to CVE-2008-2307.
by Skylined
Megacubo 5.0.7 - Remote Code Execution via mega:// URI Play Action
Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers to inject and execute arbitrary PHP code via the play action in a mega:// URI.
by JJunior
Megacubo 5.0.7 - Remote Code Execution via mega:// URI Play Action
Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers to inject and execute arbitrary PHP code via the play action in a mega:// URI.
by Nine:Situations:Group
SaschArt SasCam Webcam Server 2.6.5 - Buffer Overflow via XHTTP Module Get Method
Buffer overflow in the XHTTP Module 4.1.0.0 in the ActiveX control for SaschArt SasCam Webcam Server 2.6.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Get method and other unspecified methods.
by callAX
Chilkat Mail 7.8 - Arbitrary File Write via SaveLastError Method
Insecure method vulnerability in Chilkat Mail 7.8 ActiveX control (ChilkatCert.dll) allows remote attackers to overwrite arbitrary files via a full pathname to the SaveLastError method.
by callAX
Google Chrome <1.0.154.36 - Command Injection
Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission.
by Nine:Situations:Group
Microsoft Internet Explorer 8 beta 2 - Command Injection
Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
by Nine:Situations:Group
Phoenician Casino FlashAX <1.0.0.7 - Buffer Overflow
Heap-based buffer overflow in the Phoenician Casino FlashAX ActiveX control 1.0.0.7 allows remote attackers to execute arbitrary code via a long argument to the SetID method.
by e.wiZz!
Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 - Use-After-Free via DSO Bindings
Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
by krafty
Microsoft Internet Explorer 7.0 - Info Disclosure
Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."
by krafty
EvansFTP - 'EvansFTP.ocx' Remote Buffer Overflow (PoC)
by Bl@ckbe@rD
By Source