Exploitdb Exploits
2,009 exploits tracked across all sources.
MagnetoSoft DNS 4.0.0.9 - ActiveX DNSLookupHostWithServer (PoC)
by s4squatch
Uiga Proxy - Remote Code Execution via Template Content Parameter
PHP remote file inclusion vulnerability in include/template.php in Uiga Proxy, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the content parameter.
by ITSecTeam
Prediction League 0.3.8 - Cross-Site Request Forgery (Add Admin)
by indoushka
Nodesforum 1.033 and 1.045 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in Nodesforum 1.033 and 1.045, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) _nodesforum_path_from_here_to_nodesforum_folder parameter to erase_user_data.php and the (2) _nodesforum_code_path parameter to pre_output.php. NOTE: some of these details are obtained from third party information.
by ITSecTeam
Microsoft Internet Explorer <6 - RCE
The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability."
by ZSploit.com
IncrediMail 2.0 - Buffer Overflow in Authenticate Method via Long String
Buffer overflow in the Authenticate method in the INCREDISPOOLERLib.Pop ActiveX control in ImSpoolU.dll in IncrediMail 2.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in the first argument.
by d3b4g
CMS Made Simple < 1.8.1 - Cross-Site Request Forgery to Reset Admin Password
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that reset the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by pratul agrawal
Safari - Remote Code Execution via Long Crafted Strings in document.write
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving document.write calls with long crafted strings.
by Nishant Das Patnaik
Safari - Remote Code Execution via Long Exception String in Throw Statement
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long exception string in a throw statement, possibly a related issue to CVE-2009-1514.
by Nishant Das Patnaik
Firefox 3.6 - Memory Corruption via Invisible Unicode Characters
The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform certain deletions, which allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via an HTML document containing invisible Unicode characters, as demonstrated by the U+FEFF, U+FFF9, U+FFFA, and U+FFFB characters.
by Jesse Ruderman
Adult Video Site Script - Multiple Vulnerabilities
by indoushka
Firefox < 3.6.2 - Denial of Service via IMG SRC Attribute URL Scheme Handling
The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image's URL, which might allow remote attackers to cause a denial of service (application crash or hang) or hijack the functionality of the browser's add-ons via a crafted SRC attribute of an IMG element, as demonstrated by remote command execution through an ssh: URL in a configuration that supports gnome-vfs with a nonstandard network.gnomevfs.supported-protocols setting.
by Josh Soref
Clain_TIger_CMS - Cross-Site Request Forgery
by pratul agrawal
Liquid XML Studio 2010 < 8.061970 - 'LtXmlComHelp8.dll OpenFile()' Remote Overflow
by mr_me
Apple Safari < 4.0.5 - Use-After-Free via RTL Text Directionality
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality.
by wushi
KDPics 1.18 - '/admin/index.php' Authentication Bypass
by snakespc
DeDeCMS 5.5 - '_SESSION[dede_admin_id]' Authentication Bypass
by Wolves Security Team
n-cms-equipe 1.1c.Debug - Multiple Local File Inclusions
by ITSecTeam
By Source