Skylined

62 exploits Active since Dec 2004
CVE-2005-1988 EXPLOITDB html WORKING POC
Internet Explorer <6.0 - RCE
Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to execute arbitrary code via a web site or an HTML e-mail containing a crafted JPEG image that causes memory corruption, aka "JPEG Image Rendering Memory Corruption Vulnerability".
CVE-2005-1989 EXPLOITDB html WORKING POC
Internet Explorer <6.0 - Info Disclosure
Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to obtain information and possibly execute code when browsing from a web site to a web folder view using WebDAV, aka "Web Folder Behaviors Cross-Domain Vulnerability".
CVE-2009-0071 EXPLOITDB html WORKING POC
Firefox <= 3.0.7 - Denial of Service via designMode Query Command Calls
Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call. NOTE: it was later reported that 3.0.6 and 3.0.7 are also affected.
CVE-2004-2111 EXPLOITDB c WORKING POC
Serv-U FTP Server <4.2 - Buffer Overflow
Stack-based buffer overflow in the site chmod command in Serv-U FTP Server before 4.2 allows remote attackers to execute arbitrary code via a long filename.
CVE-2005-2871 EXPLOITDB html WORKING POC
Mozilla Firefox <1.0.6 - Buffer Overflow
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
CVE-2010-3552 EXPLOITDB text WORKING POC
Oracle Java SE/Jav for Bus 6 - Info Disclosure
Unspecified vulnerability in the New Java Plug-in component in Oracle Java SE and Java for Business 6 Update 21 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors.
CVE-2015-1730 EXPLOITDB html WORKING POC
Microsoft Internet Explorer 9 - Remote Code Execution or Denial of Service via Memory Corruption
Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
CVE-2005-2127 EXPLOITDB perl WORKING POC
Microsoft Internet Explorer 5.01-6 - Remote Code Execution via Unsafe COM Object Instantiation
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, as originally demonstrated using the (1) DDS Library Shape Control (Msdds.dll) COM object, and other objects including (2) Blnmgrps.dll, (3) Ciodm.dll, (4) Comsvcs.dll, (5) Danim.dll, (6) Htmlmarq.ocx, (7) Mdt2dd.dll (as demonstrated using a heap corruption attack with uninitialized memory), (8) Mdt2qd.dll, (9) Mpg4ds32.ax, (10) Msadds32.ax, (11) Msb1esen.dll, (12) Msb1fren.dll, (13) Msb1geen.dll, (14) Msdtctm.dll, (15) Mshtml.dll, (16) Msoeacct.dll, (17) Msosvfbr.dll, (18) Mswcrun.dll, (19) Netshell.dll, (20) Ole2disp.dll, (21) Outllib.dll, (22) Psisdecd.dll, (23) Qdvd.dll, (24) Repodbc.dll, (25) Shdocvw.dll, (26) Shell32.dll, (27) Soa.dll, (28) Srchui.dll, (29) Stobject.dll, (30) Vdt70.dll, (31) Vmhelper.dll, and (32) Wbemads.dll, aka a variant of the "COM Object Instantiation Memory Corruption vulnerability."
CVE-2009-1547 EXPLOITDB HIGH text WORKING POC
Internet Explorer 5.01 SP4, 6, 6 SP1, 7 - Remote Code Execution via Crafted Data Stream Header
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability."
CVSS 8.8
CVE-2009-1547 EXPLOITDB HIGH text WORKING POC
Internet Explorer 5.01 SP4, 6, 6 SP1, 7 - Remote Code Execution via Crafted Data Stream Header
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability."
CVSS 8.8
CVE-2011-1999 EXPLOITDB html WORKING POC
Microsoft Internet Explorer 8 - RCE
Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability."
CVE-2006-0187 EXPLOITDB perl WORKING POC
Microsoft Visual Studio .NET - Remote Code Execution via Malicious Project File
By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file.
EIP-2026-118799 EXPLOITDB html WORKING POC
Microsoft Internet Explorer - '.ANI' Remote Stack Overflow (MS05-002) (2)
CVE-2014-6363 EXPLOITDB html WORKING POC
Microsoft VBScript 5.6-5.8 - Remote Code Execution via Memory Corruption
vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."
CVE-2004-1050 EXPLOITDB html WORKING POC
Avaya Ip600 Media Servers - Buffer Overflow
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."
EIP-2026-118804 EXPLOITDB html WORKING POC
Microsoft Internet Explorer - DHTML Object Memory Corruption
CVE-2005-2087 EXPLOITDB html WORKING POC
Microsoft IE - Resource Management Error
Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.
CVE-2005-1990 EXPLOITDB html WORKING POC
Microsoft IE - Denial of Service
Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087.
CVE-2007-1819 EXPLOITDB perl WORKING POC
HP Mercury Quality Center 9.0 - Stack-Based Buffer Overflow via SPIDERLib.Loader ActiveX ProgColor Property
Stack-based buffer overflow in the SPIDERLib.Loader ActiveX control (Spider90.ocx) 9.1.0.4353 in TestDirector (TD) for Mercury Quality Center 9.0 before Patch 12.1, and 8.2 SP1 before Patch 32, allows remote attackers to execute arbitrary code via a long ProgColor property.
CVE-2004-2074 EXPLOITDB c WORKING POC
Dream FTP 1.02 - Denial of Service via Format String in PASS or RETR Commands
Format string vulnerability in Dream FTP 1.02 allows local users to cause a denial of service (crash) via format string specifiers in the (1) PASS or (2) RETR commands.
EIP-2026-116474 EXPLOITDB html WORKING POC
VBScript 5.8.7600.16385/5.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read
EIP-2026-116016 EXPLOITDB html WORKING POC
Oracle Java - APPLET Tag Children Property Memory Corruption
CVE-2010-2745 EXPLOITDB html WORKING POC
Microsoft Windows Media Player <12 - Code Injection
Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability."
CVE-2016-3325 EXPLOITDB LOW html WORKING POC
Microsoft Edge and Internet Explorer 11 - Information Disclosure via Crafted Web Site
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
CVSS 3.1
EIP-2026-115831 EXPLOITDB python WORKING POC
Microsoft Windows XP/Vista - '.ani tagBITMAPINFOHEADER' Denial of Service