Exploitdb Exploits
2,012 exploits tracked across all sources.
Microsoft Internet Explorer - Use After Free
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
by anonymous
CVSS 8.1
Crystal Report Viewer 8.0.0.371 - ActiveX Denial of Service
by Matthew Bergin
VideoLAN VLC Media Player 1.1.x - Calling Convention Remote Buffer Overflow
by shinnai
Mozilla Firefox - Memory Corruption
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
by anonymous
CVSS 9.8
Mozilla Firefox - Memory Corruption
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
by extraexploit
CVSS 9.8
Mozilla Firefox - Memory Corruption
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
by Daniel Veditz
CVSS 9.8
Nitrosecurity Nitroview Esm Software - Improper Input Validation
ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the Request parameter to ess.
by s_n
sNews CMS - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
VideoLAN VLC Media Player 1.1.4 Mozilla MultiMedia Plugin - Remote Code Execution
by shinnai
Travel Portal Script - Cross-Site Request Forgery (Admin Password Change)
by KnocKout
sNews 1.7 - 'snews.php' Cross-Site Scripting / HTML Injection
by High-Tech Bridge SA
Event Ticket Portal Script Admin Password Change - Cross-Site Request Forgery
by KnocKout
Mozilla Firefox <3.5.14 & <3.6.11 - Buffer Overflow
Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method.
by Alexander Miller
Oracle Java - APPLET Tag Children Property Memory Corruption
by Skylined
Microsoft Windows Media Player <12 - Code Injection
Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability."
by Skylined
OPEN IT OverLook 5.0 - XSS
Cross-site scripting (XSS) vulnerability in title.php in OPEN IT OverLook 5.0 allows remote attackers to inject arbitrary web script or HTML via the frame parameter.
by Anatolia Security
Docebo 3.6 - 'description' Cross-Site Scripting
by High-Tech Bridge SA
Research In Motion BlackBerry Device Software 4.7.1 - Cross Domain Information Disclosure
by 599eme Man
GetSimple CMS 2.01 - XSS
Cross-site scripting (XSS) vulnerability in admin/changedata.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the post-title parameter.
by High-Tech Bridge SA
Microsoft Windows 7 - Code Injection
The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vulnerability."
by Abysssec
Novell iPrint Client Browser Plugin - ExecuteRequest debug Stack Overflow
by Abysssec
By Source