Exploitdb Exploits

2,009 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114582 EXPLOITDB html VERIFIED
ZeeCareers 2.0 - 'addAdminmembercode.php' Arbitrary Add Admin
by x.CJP.x
EIP-2026-112877 EXPLOITDB html VERIFIED
Ultimate Media Script 2.0 - Remote Change Content
by ThE g0bL!N
EIP-2026-112011 EXPLOITDB html VERIFIED
ShaadiClone 2.0 - 'addAdminmembercode.php' Arbitrary Add Admin
by x.CJP.x
EIP-2026-107330 EXPLOITDB html VERIFIED
Gallarific - 'user.php' Arbirary Change Admin Information
by TiGeR-Dz
CVE-2009-1827 EXPLOITDB html VERIFIED
Firefox 3.0.4 - Denial of Service via SVG Circle Element Radius Attribute
The SVG component in Mozilla Firefox 3.0.4 allows remote attackers to cause a denial of service (application hang) via a large value in the r (aka Radius) attribute of a circle element, related to an "unclamped loop."
by Thierry Zoller
CVE-2009-1201 EXPLOITDB html VERIFIED
Cisco Adaptive Security Appliance - Cross-Site Scripting via CSCO_WebVPN Process Function
Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694.
by Trustwave's SpiderLabs
EIP-2026-118850 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 7/8 - HTML Attribute JavaScript URI SecURIty Bypass
by 80vul
EIP-2026-114575 EXPLOITDB html VERIFIED
ZaoCMS - 'user_updated.php' Remote Change Password
by ThE g0bL!N
CVE-2009-4674 EXPLOITDB html VERIFIED
Mole Group Bus & Sky Hunter Airline Script - Unauthenticated Password Change via admin.php
admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script allows remote attackers to change an arbitrary password via a modified user_id field.
by G4N0K
CVE-2009-1800 EXPLOITDB html VERIFIED
Chinagames iGame 2009 - Stack-Based Buffer Overflow via CreateChinagames Method
Stack-based buffer overflow in the Chinagames CGAgent ActiveX control 1.x in CGAgent.dll, as distributed in Chinagames iGame 2009, allows remote attackers to execute arbitrary code via a long argument to the CreateChinagames method, as exploited in the wild in April and May 2009. NOTE: some of these details are obtained from third party information.
by etirah
CVE-2009-1807 EXPLOITDB html VERIFIED
Baofeng Storm < 3.09.04.17 - Remote Code Execution via Config.dll SetAttributeValue
Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009.
by etirah
EIP-2026-118269 EXPLOITDB html VERIFIED
AOL IWinAmpActiveX Class - 'ConvertFile()' Remote Buffer Overflow
by rgod
CVE-2009-1724 EXPLOITDB html VERIFIED
Apple Safari < 4.0.2 - Cross-Site Scripting via Parent and Top Object Handling
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects.
by Gareth Hayes
EIP-2026-110650 EXPLOITDB html VERIFIED
PHP Article Publisher - Remote Change Admin Password
by ahmadbady
CVE-2009-0961 EXPLOITDB html VERIFIED
Apple iPhone OS <2.2.1 - Info Disclosure
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert.
by Collin Mulliner
CVE-2009-0961 EXPLOITDB html VERIFIED
Apple iPhone OS <2.2.1 - Info Disclosure
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert.
by Collin Mulliner
CVE-2009-0961 EXPLOITDB html VERIFIED
Apple iPhone OS <2.2.1 - Info Disclosure
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert.
by Collin Mulliner
EIP-2026-103410 EXPLOITDB html VERIFIED
Apple QuickTime 7.4.1 - Null Pointer Dereference Denial of Service
by Thierry Zoller
CVE-2009-1671 EXPLOITDB html VERIFIED
JRE 6 Update 13 - Remote Code Execution via Deployment Toolkit ActiveX Control Buffer Overflow
Multiple buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allow remote attackers to execute arbitrary code via a long string argument to the (1) setInstallerType, (2) setAdditionalPackages, (3) compareVersion, (4) getStaticCLSID, or (5) launch method.
by shinnai
CVE-2009-1672 EXPLOITDB html VERIFIED
JRE 6 Update 13 - Remote Code Execution via Deployment Toolkit ActiveX Control
The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allows remote attackers to (1) execute arbitrary code via a .jnlp URL in the argument to the launch method, and might allow remote attackers to launch JRE installation processes via the (2) installLatestJRE or (3) installJRE method.
by shinnai
CVE-2009-2044 EXPLOITDB html VERIFIED
Firefox < 3.0.10 - Denial of Service via Large GIF Image in BODY BACKGROUND Attribute
Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (application crash) via a URI for a large GIF image in the BACKGROUND attribute of a BODY element.
by Ahmad Muammar
CVE-2009-1684 EXPLOITDB html VERIFIED
Safari < 4.0 - Cross-Site Scripting via Event Handler
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document.
by Michal Zalewski
CVE-2009-1637 EXPLOITDB html VERIFIED
Simple Customer 1.3 - Unauthenticated Admin Credential Change via profile.php
profile.php in Simple Customer 1.3 does not require administrative authentication, which allows remote attackers to change the admin e-mail address and password via the email and password parameters.
by ahmadbady
CVE-2009-1610 EXPLOITDB html VERIFIED
Job Script Job Board Software 2.0 - Unauthenticated Administrator Password Change via Direct Request
admin/changepassword.php in Job Script Job Board Software 2.0 allows remote attackers to change the administrator password and gain administrator privileges via a direct request.
by TiGeR-Dz
CVE-2009-2574 EXPLOITDB html VERIFIED
MiniTwitter 0.2 - Command Injection
index.php in MiniTwitter 0.2 beta allows remote authenticated users to modify certain options of arbitrary accounts via an opt action.
by YEnH4ckEr
By Source
All 2,009 Writeup 62,183 Exploitdb 50,126 Nomisec 22,380 Github 3,588 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,433 python 6,554 ruby 6,001 c 3,625 perl 2,849 html 2,074 php 1,333 bash 462 java 370 c++ 260 javascript 229 shell 131 go 73 postscript 25 typescript 25