Exploitdb Exploits

2,012 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-118674 EXPLOITDB html VERIFIED
iDefense COMRaider - ActiveX Control 'write()' Arbitrary File Overwrite
by Amir Zangeneh
CVE-2009-0187 EXPLOITDB html VERIFIED
Orbit Downloader <2.8.5 - Buffer Overflow
Stack-based buffer overflow in Orbit Downloader 2.8.2 and 2.8.3, and possibly other versions before 2.8.5, allows remote attackers to execute arbitrary code via a crafted HTTP URL with a long host name, which is not properly handled when constructing a "Connecting" log message.
by JavaGuru
EIP-2026-102357 EXPLOITDB html VERIFIED
APC PowerChute Network Shutdown - HTTP Response Splitting / Cross-Site Scripting
by Digital Security Research Group
CVE-2009-0071 EXPLOITDB html VERIFIED
Mozilla Firefox <3.0.5 - DoS
Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call. NOTE: it was later reported that 3.0.6 and 3.0.7 are also affected.
by Skylined
CVE-2009-0075 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 7 - Uninitialized Memory Corruption
Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability."
by webDEViL
CVE-2009-0075 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 7 - Uninitialized Memory Corruption
Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability."
by Abysssec
CVE-2009-0076 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 7 - RCE
Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability."
by Abysssec
CVE-2009-0076 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 7 - RCE
Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability."
by webDEViL
CVE-2009-0075 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 7 - Uninitialized Memory Corruption
Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability."
by anonymous
CVE-2009-0865 EXPLOITDB html VERIFIED
Geovision Livex Activex Control - Path Traversal
Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX_v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX_~1.OCX allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument, possibly involving the PlayX and SnapShotX methods.
by Nine:Situations:Group
CVE-2009-0649 EXPLOITDB html VERIFIED
Symbian OS - DoS
The web browser in Symbian OS on the Nokia N95 cell phone allows remote attackers to cause a denial of service (crash) via JavaScript code that calls the setAttributeNode method.
by Juan Yacubian
EIP-2026-118964 EXPLOITDB html VERIFIED
Nokia Phoenix 2008.4.7 Service Software - ActiveX Controls Multiple Buffer Overflow Vulnerabilities
by MurderSkillz
EIP-2026-112825 EXPLOITDB html VERIFIED
txtBB 1.0 RC3 - HTML/JS Injection / Arbitrary Add Admin Privileges
by cOndemned
EIP-2026-109431 EXPLOITDB html VERIFIED
MetaBBS 0.11 - Administration Settings Authentication Bypass
by make0day
EIP-2026-118616 EXPLOITDB html VERIFIED
Google Chrome 1.0.154.46 - '(ChromeHTML://)' Injection
by waraxe
CVE-2009-0389 EXPLOITDB html VERIFIED
WOW ActiveX 2 - RCE
Multiple insecure method vulnerabilities in the Web On Windows (WOW) ActiveX control in WOW ActiveX 2 allow remote attackers to (1) create and overwrite arbitrary files via the WriteIniFileString method, (2) execute arbitrary programs via the ShellExecute method, (3) read from the registry via unspecified vectors, and (4) write to the registry via unspecified vectors. NOTE: vectors 1 and 2 can be used together to execute arbitrary code.
by Michael Brooks
CVE-2009-0374 EXPLOITDB html VERIFIED
Google Chrome 1.0.154.43 - CSRF
Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. NOTE: a third party disputes the relevance of this issue, stating that "every sufficiently featured browser is and likely will remain susceptible to the behavior known as clickjacking," and adding that the exploit code "is not a valid demonstration of the issue.
by x0x
CVE-2009-0341 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 7.0 - RCE
The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability.
by Juan Pablo Lopez Yacubian
EIP-2026-118948 EXPLOITDB html VERIFIED
NCTVideoStudio ActiveX DLLs 1.6 - Insecure Method File Creation
by Stack
CVE-2009-0301 EXPLOITDB html VERIFIED
FlexCell Grid Control <5.6.9 - RCE
Multiple insecure method vulnerabilities in the FlexCell.Grid ActiveX control (FlexCell.ocx) in FlexCell Grid Control 5.6.9 allow remote attackers to create and overwrite arbitrary files via the (1) SaveFile and (2) ExportToXML methods.
by Houssamix
EIP-2026-115909 EXPLOITDB html VERIFIED
NCTVideoStudio ActiveX DLLs 1.6 - Remote Heap Overflow (PoC)
by Stack
CVE-2009-0298 EXPLOITDB html VERIFIED
MW6 Technologies Barcode <3.0.0.1 - Buffer Overflow
Heap-based buffer overflow in MW6 Technologies Barcode ActiveX control (Barcode.MW6Barcode.1, Barcode.dll) 3.0.0.1 allows remote attackers to execute arbitrary code via a long Supplement property.
by Houssamix
CVE-2009-0253 EXPLOITDB html VERIFIED
Mozilla Firefox <3.0.5 - XSS
Mozilla Firefox 3.0.5 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Status Bar Obfuscation" and "Clickjacking" attack.
by MrDoug
CVE-2009-0383 EXPLOITDB html VERIFIED
Max.Blog 1.0.6 - Info Disclosure
delete.php in Max.Blog 1.0.6 does not properly restrict access, which allows remote attackers to delete arbitrary blog posts via a direct request.
by SirGod
EIP-2026-119152 EXPLOITDB html VERIFIED
SmartVmd ActiveX 1.1 - Remote File Overwrite
by Houssamix
By Source
All 2,012 Exploitdb 50,121 Writeup 46,717 Nomisec 21,135 Metasploit 3,189 Github 2,247 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,737 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 260 c++ 247 shell 68 go 41 postscript 25 xml 24