Exploitdb Exploits
2,009 exploits tracked across all sources.
LinkedIn Toolbar 3.0.2.1098 - Buffer Overflow via IEContextMenu search Method
Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in LinkedInIEToolbar.dll in the LinkedIn Toolbar 3.0.2.1098 allows remote attackers to execute arbitrary code via a long second argument (varBrowser argument) to the search method. NOTE: some of these details are obtained from third party information.
by Jared DeMott
Webbler CMS 3.1.3 - Mail A Friend Open Email Relay
by Adrian Pastor
Zenturi ProgramChecker - Buffer Overflow via Scan Method in NixonMyPrograms ActiveX Control
Buffer overflow in a certain ActiveX control in the NixonMyPrograms class in sasatl.dll 1.5.0.531 in Zenturi ProgramChecker allows remote attackers to execute arbitrary code via a long argument to the Scan method. NOTE: this is probably a different issue than CVE-2007-2987.
by shinnai
Dora Emlak 1.0 - Cross-Site Scripting via Adiniz and Soyadiniz Parameters
Multiple cross-site scripting (XSS) vulnerabilities in default.asp in Dora Emlak 1.0, when the goster parameter is set to iletisim, allow remote attackers to inject arbitrary web script or HTML via the (1) Adiniz and (2) Soyadiniz parameters; and possibly other unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by GeFORC3
Asp cvmatik < 1.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in cv.asp in Asp cvmatik 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Adiniz (Ady), (2) Soyadiniz (Soyady), (3) Ehliyet, (4) Askerlik, and (5) GSM parameters; and possibly other unspecified vectors.
by GeFORC3
Data Dynamics ActiveReports < 2.5 - Arbitrary File Write via SaveLayout Method Path Traversal
Absolute path traversal vulnerability in the Data Dynamics ActiveReport (ActiveReports) ActiveX control in actrpt2.dll 2.5 and earlier allows remote attackers to create or overwrite arbitrary files via a full pathname in the first argument to the SaveLayout method.
by shinnai
JBlog 1.0 - Unauthenticated Arbitrary Account Creation via admin/ajoutaut.php
admin/ajoutaut.php in JBlog 1.0 does not require authentication, which allows remote attackers to create arbitrary accounts via modified mot and droit parameters.
by s4mi
JBlog 1.0 - Cross-Site Scripting via id Parameter or search Parameter
Multiple cross-site scripting (XSS) vulnerabilities in JBlog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, or the (2) search parameter or (3) theme cookie to (b) recherche.php.
by s4mi
ActiveReports 2.5.0.1308 - Arbitrary File Write via SaveLayout Method
Absolute path traversal vulnerability in the Data Dynamics DDActiveReports2.ActiveReport.2 (ActiveReports) ActiveX control in arpro2.dll in ActiveReports 2.0 Professional Edition 2.5.0.1308 (SP5 RC) allows remote attackers to create or overwrite arbitrary files via a full pathname in an argument to the SaveLayout method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by shinnai
JBlog 1.0 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in JBlog 1.0 allow (1) remote attackers to execute arbitrary SQL commands via the id parameter to index.php, and allow (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter to admin/modifpost.php.
by s4mi
VersalSoft HTTP File Upload < - RCE
Buffer overflow in the AddFile function in VersalSoft HTTP File Upload ActiveX control (UFileUploaderD.dll) allows remote attackers to execute arbitrary code via a long argument.
by shinnai
SpoonLabs Vivvo Article Management CMS < 3.40 - SQL Injection via Category Parameter
SQL injection vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) CMS 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter.
by ajann
Data Dynamics ActiveBar <3.2 - Path Traversal
The Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.2 and earlier allows remote attackers to create or overwrite files via a full pathname in (1) the second argument to the Save method, or the first argument to the (2) SaveLayoutChanges or (3) SaveMenuUsageData method.
by shinnai
EldoS SecureBlackbox 5.1.0.112 - Absolute Path Traversal via SaveToFile Method
Absolute path traversal vulnerability in a certain ActiveX control in PGPBBox.dll in EldoS SecureBlackbox (sbb) 5.1.0.112 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveToFile method. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by callAX
Program Checker - 'sasatl.dll 1.5.0.531' DebugMsgLog HeapSpray
by callAX
Zenturi Program Checker Pro - Stack-Based Buffer Overflow via Fill Method
Stack-based buffer overflow in a certain ActiveX control in sasatl.dll 1.5.0.531 in Zenturi Program Checker (ProgramChecker) Pro allows remote attackers to execute arbitrary code via a long argument to the Fill method. NOTE: this is probably a different issue than CVE-2007-2987.
by callAX
McAfee NeoTrace and Visual Trace 3.25 - Stack-Based Buffer Overflow via TraceTarget Method
Stack-based buffer overflow in the NeoTraceExplorer.NeoTraceLoader ActiveX control (NeoTraceExplorer.dll) in NeoTrace Express 3.25 and NeoTrace Pro (aka McAfee Visual Trace) 3.25 allows remote attackers to execute arbitrary code via a long argument string to the TraceTarget method. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
by nitr0us
Chilkat Zip ActiveX Control - Absolute Path Traversal via SaveLastError Method
Absolute path traversal vulnerability in the Chilkat Software Chilkat Zip ActiveX control in ChilkatZip2.dll 12.4.2.0 allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveLastError method and probably the (2) WriteExe method.
by shinnai
HP Photo Digital Imaging ActiveX Control - Arbitrary File Write via SaveToFile Method
Absolute path traversal vulnerability in a certain ActiveX control in hpqvwocx.dll 2.1.0.556 in Hewlett-Packard (HP) Digital Imaging allows remote attackers to create or overwrite arbitrary files via the second argument to the SaveToFile method.
by shinnai
EnjoySAP - Denial of Service via ActiveX Control
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to cause a denial of service (process crash) via unspecified vectors.
by Mark Litchfield
EnjoySAP - Denial of Service via ActiveX Control
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to cause a denial of service (process crash) via unspecified vectors.
by Mark Litchfield
SAP EnjoySAP - Heap-Based Buffer Overflow via LaunchGui Function
Heap-based buffer overflow in the rfcguisink.rfcguisink.1 ActiveX control in the EnjoySAP SAP GUI, on systems using ASCII versions, allows remote attackers to execute arbitrary code via a long first argument to the LaunchGui function.
by Mark Litchfield
EnjoySAP SAP GUI - Stack-Based Buffer Overflow via PrepareToPostHTML Function
Stack-based buffer overflow in the kweditcontrol.kwedit.1 ActiveX control in FrontEnd\SapGui\kwedit.dll in the EnjoySAP SAP GUI allows remote attackers to execute arbitrary code via a long argument to the PrepareToPostHTML function.
by Mark Litchfield
EnjoySAP SAP GUI - Unspecified Vuln
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors.
by Mark Litchfield
EnjoySAP SAP GUI - Unspecified Vuln
Multiple unspecified vulnerabilities in ActiveX controls in the EnjoySAP SAP GUI allow remote attackers to create certain files via unspecified vectors.
by Mark Litchfield
By Source