Exploitdb Exploits

2,012 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-4800 EXPLOITDB html VERIFIED
Microsoft Debug Diagnostic Tool - Resource Management Error
The DebugDiag ActiveX control in CrashHangExt.dll, possibly 1.0, in Microsoft Debug Diagnostic Tool allows remote attackers to cause a denial of service (NULL pointer dereference and Internet Explorer 6.0 crash) via a large negative integer argument to the GetEntryPointForThread method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
by suN8Hclf
CVE-2008-4795 EXPLOITDB html VERIFIED
Opera < 9.61 - XSS
The links panel in Opera before 9.62 processes Javascript within the context of the "outermost page" of a frame, which allows remote attackers to inject arbitrary web script or HTML via cross-site scripting (XSS) attacks.
by Stefano Di Paola
CVE-2008-4919 EXPLOITDB html VERIFIED
Visagesoft Expert Pdf Viewer Activex - Improper Input Validation
Insecure method vulnerability in VISAGESOFT eXPert PDF Viewer X ActiveX control (VSPDFViewerX.ocx) 3.0.990.0 allows remote attackers to overwrite arbitrary files via a full pathname to the savePageAsBitmap method.
by Marco Torti
CVE-2008-4926 EXPLOITDB html VERIFIED
MW6 Technologies PDF417 <3.0.0.1 - Code Injection
Multiple insecure method vulnerabilities in MW6 Technologies PDF417 ActiveX control (MW6PDF417Lib.PDF417, MW6PDF417.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods.
by DeltahackingTEAM
CVE-2008-4925 EXPLOITDB html VERIFIED
MW6 Technologies DataMatrix ActiveX control <3.0.0.1 - RCE
Multiple insecure method vulnerabilities in MW6 Technologies DataMatrix ActiveX control (DATAMATRIXLib.MW6DataMatrix, DataMatrix.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods.
by DeltahackingTEAM
CVE-2008-4924 EXPLOITDB html VERIFIED
MW6 Technologies 1D Barcode ActiveX control <3.0.0.1 - Code Injection
Multiple insecure method vulnerabilities in MW6 Technologies 1D Barcode ActiveX control (BARCODELib.MW6Barcode, Barcode.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods.
by DeltahackingTEAM
CVE-2008-4923 EXPLOITDB html VERIFIED
MW6 Technologies Aztec ActiveX control - File Overwrite
Multiple insecure method vulnerabilities in MW6 Technologies Aztec ActiveX control (AZTECLib.MW6Aztec, Aztec.dll) 3.0.0.1 allow remote attackers to overwrite arbitrary files via a full pathname argument to the (1) SaveAsBMP and (2) SaveAsWMF methods.
by DeltahackingTEAM
CVE-2008-4787 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 6 - Info Disclosure
Visual truncation vulnerability in Microsoft Internet Explorer 6 allows remote attackers to spoof the address bar via a URL with a hostname containing many &nbsp; (Non-Blocking Space character) sequences, which are rendered as whitespace, aka MSRC ticket MSRC7899, a related issue to CVE-2003-1025.
by Amit Klein
CVE-2008-4652 EXPLOITDB html VERIFIED
Dart Powertcp FTP For Activex - Memory Corruption
Buffer overflow in the ActiveX control (DartFtp.dll) in Dart Communications PowerTCP FTP for ActiveX 2.0.2 0 allows remote attackers to execute arbitrary code via a long SecretKey property.
by Shahriyar Jalayeri
CVE-2008-4749 EXPLOITDB html VERIFIED
VImpX.VImpAX ActiveX control <4.8.8.0 - RCE
Multiple insecure method vulnerabilities in the VImpX.VImpAX ActiveX control (VImpX.ocx) 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allow remote attackers to overwrite arbitrary files via (1) the LogFile property and ClearLogFile method, and (2) the SaveToFile method.
by shinnai
CVE-2008-4750 EXPLOITDB html VERIFIED
Dbsoftlab Vimp X - Memory Corruption
Stack-based buffer overflow in the VImpX.VImpAX ActiveX control (VImpX.ocx) 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allows remote attackers to execute arbitrary code via a long LogFile property.
by shinnai
CVE-2008-4748 EXPLOITDB html VERIFIED
Kvirc - Improper Input Validation
Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in the irc:// URI.
by LiquidWorm
EIP-2026-118998 EXPLOITDB html VERIFIED
Opera 9.52/9.60 - Persistent Cross-Site Scripting Code Execution
by Aviv Raff
CVE-2008-4652 EXPLOITDB html VERIFIED
Dart Powertcp FTP For Activex - Memory Corruption
Buffer overflow in the ActiveX control (DartFtp.dll) in Dart Communications PowerTCP FTP for ActiveX 2.0.2 0 allows remote attackers to execute arbitrary code via a long SecretKey property.
by InTeL
CVE-2008-4728 EXPLOITDB html VERIFIED
DeployRun <10.0.0.44 - RCE
Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders.
by shinnai
CVE-2008-4728 EXPLOITDB html VERIFIED
DeployRun <10.0.0.44 - RCE
Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders.
by shinnai
CVE-2008-4728 EXPLOITDB html VERIFIED
DeployRun <10.0.0.44 - RCE
Multiple insecure method vulnerabilities in the DeployRun.DeploymentSetup.1 (DeployRun.dll) ActiveX control 10.0.0.44 in Hummingbird Deployment Wizard 2008 allow remote attackers to execute arbitrary programs via the (1) Run and (2) PerformUpdateAsync methods, and (3) modify arbitrary registry values via the SetRegistryValueAsString method. NOTE: the SetRegistryValueAsString method could be leveraged for code execution by specifying executable file values to Startup folders.
by shinnai
EIP-2026-118661 EXPLOITDB html VERIFIED
Hummingbird Deployment Wizard 10 - 'DeployRun.dll' ActiveX Control Multiple Security Vulnerabilities
by shinnai
EIP-2026-118662 EXPLOITDB html VERIFIED
Hummingbird HostExplorer 6.2/8.0 - ActiveX Control 'PlainTextPassword()' Remote Buffer Overflow
by Thomas Pollet
CVE-2008-4729 EXPLOITDB html VERIFIED
Hummingbird Exceed < 13.0 - Memory Corruption
Stack-based buffer overflow in Hummingbird.XWebHostCtrl.1 ActiveX control (hclxweb.dll) in Hummingbird Xweb ActiveX Control 13.0 and earlier allows remote attackers to execute arbitrary code via a long PlainTextPassword property. NOTE: code execution might not be possible in 13.0.
by Thomas Pollet
CVE-2008-5698 EXPLOITDB html VERIFIED
Konqueror in KDE 3.5.9-3.5.10 - DoS
HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 allows remote attackers to cause a denial of service (application crash) via an invalid document.load call that triggers use of a deleted object. NOTE: some of these details are obtained from third party information.
by Jeremy Brown
CVE-2008-5663 EXPLOITDB html VERIFIED
Kusaba <1.0.4 - RCE
Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and earlier allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) load_receiver.php or (2) a shipainter action to paint_save.php, then accessing the uploaded file via a direct request to this file in their user directory.
by Sausage
CVE-2008-4493 EXPLOITDB html VERIFIED
Microsoft Digital Image - Improper Input Validation
Microsoft PicturePusher ActiveX control (PipPPush.DLL 7.00.0709), as used in Microsoft Digital Image 2006 Starter Edition, allows remote attackers to force the upload of arbitrary files by using the AddString and Post methods and a modified PostURL to construct an HTTP POST request. NOTE: this issue might only be exploitable in limited environments or non-default browser settings.
by Nine:Situations:Group
CVE-2008-5697 EXPLOITDB html VERIFIED
Skype extension BETA 2.2.0.95 - Code Injection
The skype_tool.copy_num method in the Skype extension BETA 2.2.0.95 for Firefox allows remote attackers to write arbitrary data to the clipboard via a string argument.
by irk4z
CVE-2008-4582 EXPLOITDB html VERIFIED
Debian Linux - Access Control
Mozilla Firefox 3.0.1 through 3.0.3, Firefox 2.x before 2.0.0.18, and SeaMonkey 1.x before 1.1.13, when running on Windows, do not properly identify the context of Windows .url shortcut files, which allows user-assisted remote attackers to bypass the Same Origin Policy and obtain sensitive information via an HTML document that is directly accessible through a filesystem, as demonstrated by documents in (1) local folders, (2) Windows share folders, and (3) RAR archives, and as demonstrated by IFRAMEs referencing shortcuts that point to (a) about:cache?device=memory and (b) about:cache?device=disk, a variant of CVE-2008-2810.
by Liu Die Yu
By Source
All 2,012 Exploitdb 50,121 Writeup 46,717 Nomisec 21,135 Metasploit 3,189 Github 2,247 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,737 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 260 c++ 247 shell 68 go 41 postscript 25 xml 24