Exploitdb Exploits
2,009 exploits tracked across all sources.
VideoLAN VLC Media Player 1.1.x - Calling Convention Remote Buffer Overflow
by shinnai
Mozilla Firefox 3.5.x-3.5.14 and 3.6.x-3.6.11 - Remote Code Execution via nsCSSFrameConstructor
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
by anonymous
CVSS 9.8
Mozilla Firefox 3.5.x-3.5.14 and 3.6.x-3.6.11 - Remote Code Execution via nsCSSFrameConstructor
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
by extraexploit
CVSS 9.8
Mozilla Firefox 3.5.x-3.5.14 and 3.6.x-3.6.11 - Remote Code Execution via nsCSSFrameConstructor
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
by Daniel Veditz
CVSS 9.8
NitroSecurity NitroView ESM 8.4.0a - Remote Command Execution via Request Parameter
ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the Request parameter to ess.
by s_n
sNews CMS - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
VideoLAN VLC Media Player 1.1.4 Mozilla MultiMedia Plugin - Remote Code Execution
by shinnai
Travel Portal Script - Cross-Site Request Forgery (Admin Password Change)
by KnocKout
sNews 1.7 - 'snews.php' Cross-Site Scripting / HTML Injection
by High-Tech Bridge SA
Event Ticket Portal Script Admin Password Change - Cross-Site Request Forgery
by KnocKout
Mozilla Firefox <3.5.14 & <3.6.11 - Buffer Overflow
Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method.
by Alexander Miller
Oracle Java - APPLET Tag Children Property Memory Corruption
by Skylined
Microsoft Windows Media Player <12 - Code Injection
Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability."
by Skylined
OPEN IT OverLook 5.0 - Cross-Site Scripting via Frame Parameter
Cross-site scripting (XSS) vulnerability in title.php in OPEN IT OverLook 5.0 allows remote attackers to inject arbitrary web script or HTML via the frame parameter.
by Anatolia Security
Docebo 3.6 - 'description' Cross-Site Scripting
by High-Tech Bridge SA
Research In Motion BlackBerry Device Software 4.7.1 - Cross Domain Information Disclosure
by 599eme Man
GetSimple CMS 2.01 - Stored Cross-Site Scripting via Post-Title Parameter
Cross-site scripting (XSS) vulnerability in admin/changedata.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the post-title parameter.
by High-Tech Bridge SA
Windows XP SP2/SP3, Vista SP1/SP2, and Windows 7 - Remote Code Execution via Crafted Media File
The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vulnerability."
by Abysssec
Novell iPrint Client Browser Plugin - ExecuteRequest debug Stack Overflow
by Abysssec
Microsoft Internet Explorer 6-8 - Info Disclosure
Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability."
by Chris Evans
Trend Micro Internet Security Pro 2010 - ActiveX 'extSetOwner()' Remote Code Execution (2)
by Abysssec
By Source