Exploitdb Exploits
2,012 exploits tracked across all sources.
MagnetoSoft NetworkResources 4.0.0.5 - ActiveX NetFileClose Overwrite (SEH) (PoC)
by s4squatch
MagnetoSoft NetworkResources - ActiveX NetConnectionEnum Overwrite (SEH) (PoC)
by s4squatch
MagnetoSoft DNS 4.0.0.9 - ActiveX DNSLookupHostWithServer (PoC)
by s4squatch
Uiga Proxy - RCE
PHP remote file inclusion vulnerability in include/template.php in Uiga Proxy, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter.
by ITSecTeam
Prediction League 0.3.8 - Cross-Site Request Forgery (Add Admin)
by indoushka
Nodesforum <1.045 - RCE
Multiple PHP remote file inclusion vulnerabilities in Nodesforum 1.033 and 1.045, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _nodesforum_path_from_here_to_nodesforum_folder parameter to erase_user_data.php and the (2) _nodesforum_code_path parameter to pre_output.php. NOTE: some of these details are obtained from third party information.
by ITSecTeam
Microsoft Internet Explorer <6 - RCE
The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability."
by ZSploit.com
IncrediMail 2.0 - Buffer Overflow
Buffer overflow in the Authenticate method in the INCREDISPOOLERLib.Pop ActiveX control in ImSpoolU.dll in IncrediMail 2.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in the first argument.
by d3b4g
Cmsmadesimple Cms Made Simple < 1.8.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that reset the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by pratul agrawal
Safari <3.1.3 - DoS/Code Injection
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving document.write calls with long crafted strings.
by Nishant Das Patnaik
Safari <3.1.3 - DoS
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long exception string in a throw statement, possibly a related issue to CVE-2009-1514.
by Nishant Das Patnaik
Mozilla Firefox - Memory Corruption
The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform certain deletions, which allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via an HTML document containing invisible Unicode characters, as demonstrated by the U+FEFF, U+FFF9, U+FFFA, and U+FFFB characters.
by Jesse Ruderman
Adult Video Site Script - Multiple Vulnerabilities
by indoushka
Mozilla Firefox - Access Control
The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image's URL, which might allow remote attackers to cause a denial of service (application crash or hang) or hijack the functionality of the browser's add-ons via a crafted SRC attribute of an IMG element, as demonstrated by remote command execution through an ssh: URL in a configuration that supports gnome-vfs with a nonstandard network.gnomevfs.supported-protocols setting.
by Josh Soref
Clain_TIger_CMS - Cross-Site Request Forgery
by pratul agrawal
Liquid XML Studio 2010 < 8.061970 - 'LtXmlComHelp8.dll OpenFile()' Remote Overflow
by mr_me
Apple Safari < 4.0.4 - Resource Management Error
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality.
by wushi
KDPics 1.18 - '/admin/index.php' Authentication Bypass
by snakespc
DeDeCMS 5.5 - '_SESSION[dede_admin_id]' Authentication Bypass
by Wolves Security Team
By Source