Exploitdb Exploits

2,009 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-4472 EXPLOITDB html VERIFIED
Autodesk Design Review and Revit Architecture 2009 - Remote Code Execution via LiveUpdate ActiveX ApplyPatch Method
The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method.
by Nine:Situations:Group
CVE-2008-3015 EXPLOITDB html VERIFIED
Microsoft Digital Image Suite - Remote Code Execution via Malformed BMP BitMapInfoHeader
Integer overflow in gdiplus.dll in GDI+ in Microsoft Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via a BMP image file with a malformed BitMapInfoHeader that triggers a buffer overflow, aka "GDI+ BMP Integer Overflow Vulnerability."
by John Smith
EIP-2026-116006 EXPLOITDB html VERIFIED
Opera 9.52 - Window Object Suppressing Remote Denial of Service
by Aditya K Sood
CVE-2008-4324 EXPLOITDB html VERIFIED
Firefox 3.0.2-3.0.3 - Denial of Service via Event Dispatcher Null Pointer Dereference
The user interface event dispatcher in Mozilla Firefox 3.0.3 on Windows XP SP2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a series of keypress, click, onkeydown, onkeyup, onmousedown, and onmouseup events. NOTE: it was later reported that Firefox 3.0.2 on Mac OS X 10.5 is also affected.
by Aditya K Sood
CVE-2007-5348 EXPLOITDB html VERIFIED
Microsoft Digital Image Suite 2006 - Remote Code Execution via Crafted Gradient Fill Input
Integer overflow in GDI+ in Microsoft Internet Explorer 6 SP1, Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, Office XP SP3, Office 2003 SP2 and SP3, 2007 Microsoft Office System Gold and SP1, Visio 2002 SP2, PowerPoint Viewer 2003, Works 8, Digital Image Suite 2006, SQL Server 2000 Reporting Services SP2, SQL Server 2005 SP2, Report Viewer 2005 SP1 and 2008, and Forefront Client Security 1.0 allows remote attackers to execute arbitrary code via an image file with crafted gradient sizes in gradient fill input, which triggers a heap-based buffer overflow related to GdiPlus.dll and VGX.DLL, aka "GDI+ VML Buffer Overrun Vulnerability."
by John Smith
EIP-2026-115349 EXPLOITDB html VERIFIED
Google Chrome 0.2.149.30 - Window Object Suppressing Denial of Service
by Aditya K Sood
CVE-2008-5073 EXPLOITDB html VERIFIED
Novell ZENworks Desktop Management 6.5 - Remote Code Execution via CanUninstall Method
Heap-based buffer overflow in an ActiveX control in Novell ZENworks Desktop Management 6.5 allows remote attackers to execute arbitrary code via a long argument to the CanUninstall method.
by Satan_HackerS
CVE-2008-7022 EXPLOITDB html VERIFIED
Chilkat IMAP ActiveX Control - LoadXmlEmail Code Execution
Insecure method vulnerability in ChilkatMail_v7_9.dll in the Chilkat Software IMAP ActiveX control (ChilkatMail2.ChilkatMailMan2.1) allows remote attackers to execute arbitrary programs via the LoadXmlEmail method.
by e.wiZz!
CVE-2008-4120 EXPLOITDB html VERIFIED
FlatPress 0.804 - Cross-Site Scripting via User/Pass Parameters or Name Parameter
Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) pass parameter to login.php, or the (3) name parameter to contact.php.
by Fabian Fingerle
EIP-2026-118337 EXPLOITDB html VERIFIED
BurnAware - NMSDVDXU ActiveX Arbitrary File Creation/Execution
by shinnai
CVE-2008-4340 EXPLOITDB html VERIFIED
Google Chrome 0.2.149.29 and 0.2.149.30 - Denial of Service via Window Open Function
Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return ("\r\n\r\n") argument to the window.open function.
by Aditya K Sood
CVE-2008-4343 EXPLOITDB html VERIFIED
Chilkat XML ActiveX Control < 3.0.3.0 - Arbitrary File Write via SaveToFile, SaveToTempFile, or AppendBinary Method
The Chilkat XML ChilkatUtil.CkData.1 ActiveX control (ChilkatUtil.dll) 3.0.3.0 and earlier allows remote attackers to create, overwrite, and modify arbitrary files for execution via a call to the (1) SaveToFile, (2) SaveToTempFile, or (3) AppendBinary method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs.
by shinnai
CVE-2008-3098 EXPLOITDB html VERIFIED
fuzzylime_cms < 3.03 - Cross-Site Scripting via Login Form User Parameter
Cross-site scripting (XSS) vulnerability in admin/usercheck.php in fuzzylime (cms) before 3.03 allows remote attackers to inject arbitrary web script or HTML via the user parameter to the login form.
by Fabian Fingerle
CVE-2008-5839 EXPLOITDB html VERIFIED
Foxmail 6.5 - Remote Code Execution via Long mailto URI in HREF Attribute
Buffer overflow in Foxmail 6.5 allows remote attackers to execute arbitrary code via a long mailto URI in the HREF attribute of an A element.
by sebug
CVE-2008-4342 EXPLOITDB html VERIFIED
BurnAware - Arbitrary File Write via NMSDVDX.DVDEngineX ActiveX Control
NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs.
by Nine:Situations:Group
CVE-2008-4128 EXPLOITDB html VERIFIED
Cisco IOS 12.4 - Cross-Site Request Forgery via HTTP Administration Component
Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information.
by Jeremy Brown
CVE-2008-4128 EXPLOITDB html VERIFIED
Cisco IOS 12.4 - Cross-Site Request Forgery via HTTP Administration Component
Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information.
by Jeremy Brown
EIP-2026-101195 EXPLOITDB html VERIFIED
Cisco 871 Integrated Services Router - Cross-Site Request Forgery (2)
by Jeremy Brown
EIP-2026-101194 EXPLOITDB html VERIFIED
Cisco 871 Integrated Services Router - Cross-Site Request Forgery (1)
by Jeremy Brown
CVE-2008-3008 EXPLOITDB html VERIFIED
Windows Media Encoder - Stack-based Buffer Overflow via GetDetailsString Method
Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability."
by haluznik
CVE-2008-3950 EXPLOITDB html VERIFIED
Apple iPhone 1.1.4, 2.0 and iPod touch 1.1.4, 2.0 - Denial of Service via JavaScript Alert Call
Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read.
by Nicolas Economou
EIP-2026-115590 EXPLOITDB html VERIFIED
Maxthon Browser 2.1.4.443 - Unicode Remote Denial of Service (PoC)
by LiquidWorm
CVE-2008-4071 EXPLOITDB html VERIFIED
Adobe Acrobat 9 - Denial of Service via Invalid acroie:// URL
A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL.
by Jeremy Brown
CVE-2008-4699 EXPLOITDB html VERIFIED
Peachtree Accounting 2004 - Remote Code Execution via PAWWeb11.ocx ExecutePreferredApplication Method
Insecure method vulnerability in the ActiveX control (PAWWeb11.ocx) in Peachtree Accounting 2004 allows remote attackers to execute arbitrary programs via the ExecutePreferredApplication method.
by Jeremy Brown
EIP-2026-115263 EXPLOITDB html VERIFIED
Flock Social Web Browser 1.2.5 - 'loop' Remote Denial of Service
by LiquidWorm
By Source
All 2,009 Writeup 62,188 Exploitdb 50,076 Nomisec 22,383 Github 3,590 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,552 ruby 6,001 c 3,625 perl 2,849 html 2,074 php 1,333 bash 462 java 370 c++ 260 javascript 229 shell 131 go 73 postscript 25 typescript 25