Microsoft SQL Server Hello buffer overflow

Added: 08/07/2006 CVE: CVE-2002-1123 BID: 5411 OSVDB: 10132 Background Microsoft SQL Server is a database server package for Windows platforms. Problem Microsoft SQL Server 2000 is affected by a buffer overflow vulnerability in the code which handles user authentication. This allows a remote...

IMail LDAP buffer overflow

Added: 07/06/2006 CVE: CVE-2004-0297 BID: 9682 OSVDB: 3984 Background IMail is an e-mail server for Windows platforms. It includes a service which implements the Lightweight Directory Access Protocol LDAP. Problem A buffer overflow in IMail's LDAP service allows a remote attacker to overwrite the...

VERITAS Backup Exec Agent Browser hostname buffer overflow

Added: 04/07/2006 CVE: CVE-2004-1172 BID: 11974 OSVDB: 12418 Background VERITAS Backup Exec for Windows is a data backup and recovery solution. Problem A buffer overflow in the VERITAS Backup Exec Agent Browser allows a remote attacker to execute commands by sending a long, specially crafted...

WS_FTP MKD command buffer overflow

Added: 03/10/2006 CVE: CVE-2004-1135 BID: 11772 OSVDB: 12509 Background WSFTP Server is an FTP server for Windows platforms. Problem A buffer overflow vulnerability in the MKD command could allow an attacker to execute commands on the server. If the anonymous FTP account is enabled, the attacker...

Mercury Mail Transport System Phonebook service buffer overflow

Added: 02/02/2006 CVE: CVE-2005-4411 BID: 16396 OSVDB: 22103 Background Mercury Mail Transport System is a free mail server for Windows and Netware platforms. It includes a Phone Book service which runs on port 105/TCP. Problem A buffer overflow vulnerability in the Phone Book service allows remo...

Microsoft Exchange X-LINK2STATE buffer overflow

Added: 01/13/2006 CVE: CVE-2005-0560 BID: 13118 OSVDB: 15467 Background Microsoft Exchange is an e-mail server for Microsoft Windows operating systems. Problem A buffer overflow condition in the handling of the X-LINK2STATE extended verb could allow a remote attacker to execute arbitrary commands...

Sybase EAServer WebConsole buffer overflow

Added: 11/04/2005 CVE: CVE-2005-2297 BID: 14287 OSVDB: 17995 Background Sybase EAServer is a web application server. Problem A buffer overflow in the Sybase EAServer WebConsole allows a remote attcker to execute arbitrary commands by requesting /WebConsole/Login.jsp with a long query string...

Ivanti Sentry handleMessage authentication bypass and command execution

Added: 06/11/2026 Background Ivanti Sentry, formerly MobileIron Sentry, is an in-line gateway that manages, encrypts, and secures traffic between the mobile device and back-end enterprise systems. Problem An authentication bypass and command execution vulnerability in the handleMessage endpoint...

D-Link Cookie command injection

Added: 07/30/2015 Background D-Link produces a variety of routers, switches, and other network equipment for home users and businesses. Problem A command injection vulnerability allows remote attackers to execute arbitrary commands by sending a specially crafted cookie in an HTTP request...

TRENDnet Shell

Added: 06/24/2014 Background TRENDnet routers are vulnerable to a range of SQL injection, command injection, and buffer overflow vulnerabilities. Current supported devices include: TEW-654TR - Remote Root Shell TEW-732BR - Remote Root Shell Problem A SQL injection vulnerability allows the attacke...

ActFax RAW Server Stack Buffer Overflow

Added: 04/12/2013 BID: 57789 OSVDB: 89944 Background ActFax is a Windows-based software package that sends, receives and electronically stores faxes. Problem The ActFax RAW server is vulnerable to a boundary error when processing the @F000 data field, which could result in stack-based buffer...

Nagios XI Graph Explorer Component OS Command Injection Vulnerability

Added: 01/23/2013 BID: 54263 OSVDB: 83552 Background Nagios XI is a network host and service monitoring and management system. Problem Nagios XI Graph Explorer Component is vulnerable to arbitrary command execution by authenticated users. The vulnerability is due to the visApi.php script not...

WibuKey Runtime WkWin32.dll module DisplayMessageDialog overflow

Added: 12/27/2012 BID: 56678 OSVDB: 87881 Background WibuKey is a software protection and licensing solution. Problem A vulnerability in the WkWin32.dll ActiveX control in WibuKey Runtime allows command execution when a web page calls the DisplayMessageDialog method with a long, specially crafted...

HP Application Lifecycle Management XGO.ocx ActiveX SetShapeNodeType Method Vulnerability

Added: 09/13/2012 BID: 55272 OSVDB: 85152 Background HP Application Lifecycle Management ALM is a software product designed to manage the application lifecycle from requirements through readiness for delivery from a single repository, providing a consistent user experience and customizable...

SAP NetWeaver SAPHostControl Command Injection

Added: 08/29/2012 BID: 55084 OSVDB: 84821 Background SAP NetWeaver is a technology platform for building and integrating SAP business applications. Problem The NetWeaver management console exposes an authenticated SOAP web service interface. During the authentication phase, user-supplied values...

Symantec Web Gateway pbcontrol.php Command Injection

Added: 08/24/2012 CVE: CVE-2012-2953 BID: 54426 OSVDB: 84120 Background Symantec Web Gateway protects organizations against multiple types of Web-based malware and prevents data loss over the Web. Problem Symantec Web Gateway 5.0.x.x before 5.0.3.18 is vulnerable to command injection due to...

Oracle Business Transaction Management FlashTunnelService WriteToFile Vulnerability

Added: 08/17/2012 BID: 54839 Background Oracle Business Transaction Management BTM is a component of several Oracle Enterprise Manager Management Packs, including WebLogic Server Management Pack Enterprise Edition. Oracle BTM provides capability in three key areas: transaction visibility,...

Adobe Photoshop U3D.8BI Library Collada Asset Elements Handling

Added: 05/30/2012 BID: 53464 OSVDB: 81832 Background Adobe Photoshop is an application for editing digital images. Problem Adobe Photoshop 12.1 in Creative Suite CS 5.1 20110328.r.145 is vulnerable to a stack-based buffer overflow that could be exploited to perform arbitrary remote code execution...

Cisco Linksys PTZ Internet Video Camera PlayerPT ActiveX Overflow

Added: 04/19/2012 BID: 52673 OSVDB: 80297 Background The Cisco WVC200 Wireless-G PTZ Internet Video Camera sends live video through the Internet to a web browser anywhere in the world. Viewers can access the video stream through an HTTP service, which requires an ActiveX client to be installed in...

Hastymail rs parameter command injection

Added: 12/28/2011 CVE: CVE-2011-4542 BID: 50791 OSVDB: 77331 Background Hastymail is a fast, secure, rfc-compliant, cross-platform IMAP/SMTP client application written in PHP providing a clean web interface for sending and reading E-mail. Problem Hastymail2 fails to properly sanitize user-supplie...

Computech Wordlist Builder DIC File Buffer Overflow

Added: 09/26/2011 BID: 47113 Background Computech Wordlist Builder is a simple utility that generates sorted wordlists based on contents of documents. Problem A stack overflow condition exists in Wordlist Builder 1.0 due the use of a fixed-length buffer used to read words from the .DIC file...

Crack OS X 10.7 Hashes

Added: 07/14/2011 Background This tool attempts to crack the passwords retreived by the "Mac OS X Hash grab" exploit tool. Accounts are cracked using dictionaries/Commonpwlong.txt Limitations An existing macosxhashgrab.out file must exist in the /exploits directory. Platforms Mac OS X...

Get OS X 10.7 Hashes

Added: 07/14/2011 Background This tool attempts to retrieve the SHA 512 password hashes stored by OS X Lion 10.7.x Acounts are enumerated using dscl . list /Users/ and password hashes are eunmerated using dscl . read /Users/ Limitations A connection to the target is required to run this tool. The...

RealFlex RealWin FC_RFUSER_FCS_LOGIN Buffer Overflow

Added: 04/01/2011 CVE: CVE-2011-1563 BID: 46937 Background RealWin is a Supervisory Control and Data Acquisition SCADA server which is distributed by DATAC. Problem A buffer overflow vulnerability in RealWin Server allows remote attackers to execute arbitrary commands by sending a long, specially...

Foxit Reader Crafted PDF Title Handling Stack Buffer Overflow

Added: 11/22/2010 OSVDB: 68648 Background Foxit Reader is a free PDF reader for Microsoft Windows systems. Problem Foxit Reader for Windows is vulnerable to a stack buffer overflow which could allow execution of arbitrary code. A remote attacker can exploit this vulnerability by enticing a user t...

Novell iManager getMultiPartParameters file upload vulnerability

Added: 10/11/2010 BID: 43635 OSVDB: 68320 Background Novell iManager is a web-based management interface for other Novell products. Problem The getMultiPartParameters function in the nps.jar web application in Novell iManager allows remote attackers to upload arbitrary files to the server. By...

ARP Spoof

Added: 08/23/2010 Background The Address Resolution Protocol ARP is used to resolve IP addresses into the hardware addresses which are used for delivering packets on a local network. Problem It is possible to send a computer a forged ARP reply, which is then stored in that computer's cache. This...

Cross-site scripting cookie theft

Added: 03/09/2010 Background Many web sites include scripts, which are lists of commands which, when executed in sequence, provide some enhancement to a web page. Web browsers are able to recognize scripts in web pages by the tag and handle them accordingly. Problem By sending an HTTP request...

Xi Software Net Transport eDonkey Protocol Buffer Overflow

Added: 02/22/2010 OSVDB: 61435 Background Net Transport, also known as NetXfer, is a download manager for Windows made by Xi Software. Among the protocols Net Transport can handle is eDonkey, a decentrailized peer to peer network for file sharing. Problem The Net Transport download manager fails ...

BigAnt Messenger Server USV Command Buffer Overflow

Added: 02/09/2010 BID: 37520 OSVDB: 61386 Background BigAnt Messenger Server offers secure instant messaging, file transfer, voip, video chat, web conferencing and more. Problem BigAnt server version 2.52 and earlier are vulnerable to a remote, unauthenticated buffer overflow attack. The...

HP OpenView Storage Data Protector Cell Manager buffer overflow

Added: 01/29/2010 Background HP Data Protector is an automated data backup solution. Problem A buffer overflow vulnerability in HP OpenView Storage Data Protector allows remote attackers to execute arbitrary commands by sending a specially crafted request to the Cell Manager service. Resolution...

HP LoadRunner XUpload ActiveX control MakeHttpRequest file download

Added: 10/21/2009 CVE: CVE-2009-3693 BID: 36550 Background HP LoadRunner is a software performance testing solution. HP LoadRunner includes the XUpload.ocx ActiveX control for performing file exchanges. Problem The MakeHttpRequest method in the XUpload.ocx ActiveX control can be used to download...

Microsoft DirectX DirectShow QuickTime movie parsing vulnerability

Added: 06/03/2009 CVE: CVE-2009-1537 BID: 35139 OSVDB: 54797 Background DirectX is a feature of the Windows operating system used for streaming media. Within DirectX, the DirectShow technology performs client-side audio and video sourcing, manipulation and rendering. Problem A command execution...

Flash drive/CD autoplay command execution

Added: 04/07/2009 Background This tool allows you to create a USB flash drive which, when inserted into a Windows computer, prompts a user to run a program which creates a command connection. The program is disguised as the "Open Folder" option in the AutoPlay dialog to entice the user to run it...

Flash drive/CD autoplay command execution

Added: 04/07/2009 Background This tool allows you to create a USB flash drive which, when inserted into a Windows computer, prompts a user to run a program which creates a command connection. The program is disguised as the "Open Folder" option in the AutoPlay dialog to entice the user to run it...

IBM Access Support ActiveX GetXMLValue buffer overflow

Added: 04/01/2009 CVE: CVE-2009-0215 BID: 34228 OSVDB: 52958 Background The IBM Access Support ActiveX control is used to collect system information. It comes with certain IBM and Lenovo computer systems. Problem A buffer overflow vulnerability allows command execution when a user loads a page...

Download connection

Added: 03/18/2009 Background This tool allows you to download a file which, when executed, establishes a command connection. Limitations This tool requires a user to execute the downloaded file in order to succeed. The target field must be a licensed target but is unused. Platforms Windows Linux...

Winamp skin file MAKI script buffer overflow

Added: 03/10/2009 BID: 34009 Background Winamp is a media player for Windows. Problem A buffer overflow in Winamp allows command execution when a user opens a skin file containing a compiled MAKI script with a specially crafted string having an incorrect length field. Resolution Upgrade to Winamp...

Oracle Secure Backup NDMP_CONECT_CLIENT_AUTH buffer overflow

Added: 01/28/2009 CVE: CVE-2008-5444 BID: 33177 OSVDB: 51340 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A buffer overflow vulnerability in Oracle Secure Backup when handling the NDMP protocol allows remote attackers to execute...

Oracle Secure Backup NDMP_CONECT_CLIENT_AUTH buffer overflow

Added: 01/28/2009 CVE: CVE-2008-5444 BID: 33177 OSVDB: 51340 Background Oracle Secure Backup is a centralized tape backup management solution for Oracle Database. Problem A buffer overflow vulnerability in Oracle Secure Backup when handling the NDMP protocol allows remote attackers to execute...

LPViewer ActiveX Control url property buffer overflow

Added: 11/21/2008 CVE: CVE-2008-4384 BID: 31604 OSVDB: 48946 Background The LPViewer ActiveX Control installs with the iseemedia ZOOM control viewer and allows viewing of images created with iseemedia software. Problem A buffer overflow vulnerability allows command execution when a user opens a w...

LPViewer ActiveX Control url property buffer overflow

Added: 11/21/2008 CVE: CVE-2008-4384 BID: 31604 OSVDB: 48946 Background The LPViewer ActiveX Control installs with the iseemedia ZOOM control viewer and allows viewing of images created with iseemedia software. Problem A buffer overflow vulnerability allows command execution when a user opens a w...

Adobe PageMaker key strings buffer overflow

Added: 11/10/2008 CVE: CVE-2007-6432 BID: 31999 OSVDB: 50055 Background Adobe PageMaker is page layout software. Problem A buffer overflow vulnerability in AldFs32.dll allows command execution when a user opens a specially crafted PMD file. Resolution See the solution referenced in APSA08-10...

Microsoft Rich Textbox ActiveX control SaveFile vulnerability

Added: 10/07/2008 CVE: CVE-2008-0237 BID: 27201 OSVDB: 40234 Background Microsoft Rich Textbox is an ActiveX control which comes with Visual Basic and allows creation of formatted text in RTF files. It is located in the Richtx32.ocx file. Problem The SaveFile method in the Rich Textbox ActiveX...

Read Address Book

Added: 10/07/2008 Background This tool attempts to gather e-mail addresses from Outlook and Outlook Express address book files .WAB, .PAB on the target. Limitations A connection to the target is required to run this tool. Recent versions of Microsoft Outlook no longer store address books locally ...

DNS zone transfer

Added: 09/24/2008 CVE: CVE-1999-0532 OSVDB: 492 Background A DNS zone transfer is the process by which a secondary name server copies all DNS records for a domain from a primary name server. Problem If DNS zone transfers are not restricted, they can allow attackers to enumerate hosts in a domain...

Windows Media Encoder 9 wmex.dll ActiveX buffer overflow

Added: 09/09/2008 CVE: CVE-2008-3008 BID: 31065 OSVDB: 47962 Background Windows Media Encoder is a tool for content producers to capture and compress audio and video content. Windows Media Encoder 9 installs the wmex.dll ActiveX control. Problem A buffer overflow vulnerability in the wmex.dll...

WebEx Meeting Manager atucfobj.dll ActiveX buffer overflow

Added: 08/22/2008 CVE: CVE-2008-3558 BID: 30578 OSVDB: 47344 Background The WebEx Meeting Manager is automatically installed when a user starts or joins a meeting. Problem A buffer overflow vulnerability in the atucfobj.dll ActiveX control allows command execution when a user loads a web page whi...

Orbit Downloader URL Unicode conversion buffer overflow

Added: 07/07/2008 CVE: CVE-2008-1602 BID: 28541 OSVDB: 44036 Background Orbit Downloader is a download manager supporting various protocols. Problem A buffer overflow vulnerability during Unicode conversion in the download failure notification message allows command execution when Orbit Downloade...

Novell iPrint Client ienipp.ocx ActiveX control buffer overflow

Added: 06/25/2008 CVE: CVE-2008-2908 BID: 29736 OSVDB: 46194 Background Novell iPrint is an application which allows users to install and manage printers. Novell iPrint installs the Novell iPrint Control ActiveX control named ienipp.ocx. Problem Multiple buffer overflow vulnerabilities in the...