Exploitdb Exploits

2,009 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-102357 EXPLOITDB html VERIFIED
APC PowerChute Network Shutdown - HTTP Response Splitting / Cross-Site Scripting
by Digital Security Research Group
CVE-2009-0071 EXPLOITDB html VERIFIED
Firefox <= 3.0.7 - Denial of Service via designMode Query Command Calls
Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a (1) queryCommandValue, (2) queryCommandState, or (3) queryCommandIndeterm call. NOTE: it was later reported that 3.0.6 and 3.0.7 are also affected.
by Skylined
CVE-2009-0075 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 7 - Uninitialized Memory Corruption
Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability."
by webDEViL
CVE-2009-0075 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 7 - Uninitialized Memory Corruption
Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability."
by Abysssec
CVE-2009-0076 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 7 - RCE
Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability."
by Abysssec
CVE-2009-0076 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 7 - RCE
Microsoft Internet Explorer 7, when XHTML strict mode is used, allows remote attackers to execute arbitrary code via the zoom style directive in conjunction with unspecified other directives in a malformed Cascading Style Sheets (CSS) stylesheet in a crafted HTML document, aka "CSS Memory Corruption Vulnerability."
by webDEViL
CVE-2009-0075 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 7 - Uninitialized Memory Corruption
Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability."
by anonymous
CVE-2009-0865 EXPLOITDB html VERIFIED
GeoVision LiveX ActiveX Control 8.1.2 and 8.2.0 - Path Traversal via SnapShotToFile Method
Directory traversal vulnerability in the SnapShotToFile method in the GeoVision LiveX (aka LiveX_v8200) ActiveX control 8.1.2 and 8.2.0 in LIVEX_~1.OCX allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument, possibly involving the PlayX and SnapShotX methods.
by Nine:Situations:Group
CVE-2009-0649 EXPLOITDB html VERIFIED
Nokia N95 Symbian S60 Browser - Denial of Service via JavaScript setAttributeNode Method
The web browser in Symbian OS on the Nokia N95 cell phone allows remote attackers to cause a denial of service (crash) via JavaScript code that calls the setAttributeNode method.
by Juan Yacubian
EIP-2026-118964 EXPLOITDB html VERIFIED
Nokia Phoenix 2008.4.7 Service Software - ActiveX Controls Multiple Buffer Overflow Vulnerabilities
by MurderSkillz
EIP-2026-112825 EXPLOITDB html VERIFIED
txtBB 1.0 RC3 - HTML/JS Injection / Arbitrary Add Admin Privileges
by cOndemned
EIP-2026-109431 EXPLOITDB html VERIFIED
MetaBBS 0.11 - Administration Settings Authentication Bypass
by make0day
EIP-2026-118616 EXPLOITDB html VERIFIED
Google Chrome 1.0.154.46 - '(ChromeHTML://)' Injection
by waraxe
CVE-2009-0389 EXPLOITDB html VERIFIED
Web On Windows ActiveX 2 - Arbitrary File Write and Code Execution via WriteIniFileString and ShellExecute Methods
Multiple insecure method vulnerabilities in the Web On Windows (WOW) ActiveX control in WOW ActiveX 2 allow remote attackers to (1) create and overwrite arbitrary files via the WriteIniFileString method, (2) execute arbitrary programs via the ShellExecute method, (3) read from the registry via unspecified vectors, and (4) write to the registry via unspecified vectors. NOTE: vectors 1 and 2 can be used together to execute arbitrary code.
by Michael Brooks
CVE-2009-0374 EXPLOITDB html VERIFIED
Google Chrome 1.0.154.43 - Clickjacking via Crafted Element Positioning
Google Chrome 1.0.154.43 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Clickjacking" vulnerability. NOTE: a third party disputes the relevance of this issue, stating that "every sufficiently featured browser is and likely will remain susceptible to the behavior known as clickjacking," and adding that the exploit code "is not a valid demonstration of the issue.
by x0x
CVE-2009-0341 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 7.0 - RCE
The shell32 module in Microsoft Internet Explorer 7.0 on Windows XP SP3 might allow remote attackers to execute arbitrary code via a long VALUE attribute in an INPUT element, possibly related to a stack consumption vulnerability.
by Juan Pablo Lopez Yacubian
EIP-2026-118948 EXPLOITDB html VERIFIED
NCTVideoStudio ActiveX DLLs 1.6 - Insecure Method File Creation
by Stack
CVE-2009-0301 EXPLOITDB html VERIFIED
FlexCell Grid Control 5.6.9 - Arbitrary File Write via SaveFile and ExportToXML Methods
Multiple insecure method vulnerabilities in the FlexCell.Grid ActiveX control (FlexCell.ocx) in FlexCell Grid Control 5.6.9 allow remote attackers to create and overwrite arbitrary files via the (1) SaveFile and (2) ExportToXML methods.
by Houssamix
EIP-2026-115909 EXPLOITDB html VERIFIED
NCTVideoStudio ActiveX DLLs 1.6 - Remote Heap Overflow (PoC)
by Stack
CVE-2009-0298 EXPLOITDB html VERIFIED
MW6 Technologies Barcode <3.0.0.1 - Buffer Overflow
Heap-based buffer overflow in MW6 Technologies Barcode ActiveX control (Barcode.MW6Barcode.1, Barcode.dll) 3.0.0.1 allows remote attackers to execute arbitrary code via a long Supplement property.
by Houssamix
CVE-2009-0253 EXPLOITDB html VERIFIED
Mozilla Firefox 3.0.5 - Clickjacking via Status Bar Obfuscation
Mozilla Firefox 3.0.5 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Status Bar Obfuscation" and "Clickjacking" attack.
by MrDoug
CVE-2009-0383 EXPLOITDB html VERIFIED
Max.Blog 1.0.6 - Unauthenticated Arbitrary Blog Post Deletion via delete.php
delete.php in Max.Blog 1.0.6 does not properly restrict access, which allows remote attackers to delete arbitrary blog posts via a direct request.
by SirGod
EIP-2026-119152 EXPLOITDB html VERIFIED
SmartVmd ActiveX 1.1 - Remote File Overwrite
by Houssamix
EIP-2026-119151 EXPLOITDB html VERIFIED
SmartVmd ActiveX 1.1 - Remote File Deletion
by Houssamix
EIP-2026-118777 EXPLOITDB html VERIFIED
MetaProducts MetaTreeX 1.5.100 - ActiveX File Overwrite
by Houssamix
By Source
All 2,009 Writeup 62,188 Exploitdb 50,076 Nomisec 22,383 Github 3,590 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,552 ruby 6,001 c 3,625 perl 2,849 html 2,074 php 1,333 bash 462 java 370 c++ 260 javascript 229 shell 131 go 73 postscript 25 typescript 25