Exploitdb Exploits
2,012 exploits tracked across all sources.
Roxio Cineplayer - Memory Corruption
Heap-based buffer overflow in the IAManager ActiveX control in IAManager.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the SetIAPlayerName method.
by His0k4
Roxio Cineplayer - Memory Corruption
Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in SonicMediaPlayer.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the DiskType method. NOTE: this might overlap CVE-2007-1559.
by snakespc
ZeeCareers 2.0 - 'addAdminmembercode.php' Arbitrary Add Admin
by x.CJP.x
Ultimate Media Script 2.0 - Remote Change Content
by ThE g0bL!N
ShaadiClone 2.0 - 'addAdminmembercode.php' Arbitrary Add Admin
by x.CJP.x
Gallarific - 'user.php' Arbirary Change Admin Information
by TiGeR-Dz
Mozilla Firefox - Resource Management Error
The SVG component in Mozilla Firefox 3.0.4 allows remote attackers to cause a denial of service (application hang) via a large value in the r (aka Radius) attribute of a circle element, related to an "unclamped loop."
by Thierry Zoller
Cisco Adaptive Security Appliance - XSS
Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694.
by Trustwave's SpiderLabs
Microsoft Internet Explorer 7/8 - HTML Attribute JavaScript URI SecURIty Bypass
by 80vul
ZaoCMS - 'user_updated.php' Remote Change Password
by ThE g0bL!N
Mole Group Sky Hunter - RCE
admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script allows remote attackers to change an arbitrary password via a modified user_id field.
by G4N0K
Chinagames Igame - Memory Corruption
Stack-based buffer overflow in the Chinagames CGAgent ActiveX control 1.x in CGAgent.dll, as distributed in Chinagames iGame 2009, allows remote attackers to execute arbitrary code via a long argument to the CreateChinagames method, as exploited in the wild in April and May 2009. NOTE: some of these details are obtained from third party information.
by etirah
Baofeng <3.09.04.17 - RCE
Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009.
by etirah
AOL IWinAmpActiveX Class - 'ConvertFile()' Remote Buffer Overflow
by rgod
Apple Safari < 4.0.1 - XSS
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects.
by Gareth Hayes
PHP Article Publisher - Remote Change Admin Password
by ahmadbady
Apple iPhone OS <2.2.1 - Info Disclosure
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert.
by Collin Mulliner
Apple iPhone OS <2.2.1 - Info Disclosure
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert.
by Collin Mulliner
Apple iPhone OS <2.2.1 - Info Disclosure
The Mail component in Apple iPhone OS 1.0 through 2.2.1 and iPhone OS for iPod touch 1.1 through 2.2.1 dismisses the call approval dialog when another alert appears, which might allow remote attackers to force the iPhone to place a call without user approval by causing an application to trigger an alert.
by Collin Mulliner
Apple QuickTime 7.4.1 - Null Pointer Dereference Denial of Service
by Thierry Zoller
SUN Jre - Memory Corruption
Multiple buffer overflows in the Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allow remote attackers to execute arbitrary code via a long string argument to the (1) setInstallerType, (2) setAdditionalPackages, (3) compareVersion, (4) getStaticCLSID, or (5) launch method.
by shinnai
SUN Jre - Memory Corruption
The Deployment Toolkit ActiveX control in deploytk.dll 6.0.130.3 in Sun Java SE Runtime Environment (aka JRE) 6 Update 13 allows remote attackers to (1) execute arbitrary code via a .jnlp URL in the argument to the launch method, and might allow remote attackers to launch JRE installation processes via the (2) installLatestJRE or (3) installJRE method.
by shinnai
Mozilla Firefox <3.0.10 - DoS
Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (application crash) via a URI for a large GIF image in the BACKGROUND attribute of a BODY element.
by Ahmad Muammar
Apple Safari < 4.0_beta - XSS
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows remote attackers to inject arbitrary web script or HTML via an event handler that triggers script execution in the context of the next loaded document.
by Michal Zalewski
Simplecustomer Simple Customer - Access Control
profile.php in Simple Customer 1.3 does not require administrative authentication, which allows remote attackers to change the admin e-mail address and password via the email and password parameters.
by ahmadbady
By Source