Exploitdb Exploits

2,012 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-0148 EXPLOITDB html VERIFIED
Omnigroup Omniweb - Denial of Service
Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the Javascript alert function.
by MoAB
CVE-2008-0457 EXPLOITDB html VERIFIED
Symantec Backupexec System Recovery - Improper Input Validation
Unrestricted file upload vulnerability in the FileUpload class running on the Symantec LiveState Apache Tomcat server, as used by Symantec Backup Exec System Recovery Manager 7.0 and 7.0.1, allows remote attackers to upload and execute arbitrary JSP files via unknown vectors.
by titon
CVE-2007-0049 EXPLOITDB html VERIFIED
Geckovich TaskTracker Pro <1.5 - RCE
Geckovich TaskTracker Pro 1.5 and earlier allows remote attackers to add administrative or other accounts via an Add action with a modified GroupID in a direct request to Customize.asp.
by ajann
CVE-2006-6884 EXPLOITDB html VERIFIED
WinZip 10.0 Build 6667 - Buffer Overflow
Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 Build 6667 allows remote attackers to execute arbitrary code via a long argument to the CreateNewFolderFromName method, a different vulnerability than CVE-2006-5198.
by XiaoHui
CVE-2006-6838 EXPLOITDB html VERIFIED
Rediff Bol Downloader ActiveX - RCE
Rediff Bol Downloader ActiveX (OCX) control allows remote attackers to execute arbitrary files, and obtain sensitive information (usernames and pathnames), via a URL in the url vbscript parameter.
by Gregory R. Panakkal
CVE-2006-6885 EXPLOITDB html VERIFIED
Macromedia Shockwave 10 - DoS
An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the swURL attribute.
by shinnai
CVE-2006-6827 EXPLOITDB html VERIFIED
Macromedia Flash 8 - DoS
Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the Flash8b.AllowScriptAccess method.
by shinnai
CVE-2006-6847 EXPLOITDB html VERIFIED
RealPlayer 10.5 - DoS
An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the RealPlayer.OpenURLInPlayerBrowser method with a long second argument.
by shinnai
CVE-2006-6821 EXPLOITDB html VERIFIED
Enthrallweb eNews - Auth Bypass
myprofile.asp in Enthrallweb eNews does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
by ajann
CVE-2006-6820 EXPLOITDB html VERIFIED
Enthrallweb eCoupons - Privilege Escalation
myprofile.asp in Enthrallweb eCoupons does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
by ajann
CVE-2006-6822 EXPLOITDB html VERIFIED
Enthrallweb eClassifieds - Auth Bypass
myprofile.asp in Enthrallweb eClassifieds does not properly validate the MM_recordId parameter during profile updates, which allows remote authenticated users to modify certain profile fields of another account by specifying that account's username in a modified MM_recordId parameter.
by ajann
CVE-2006-6759 EXPLOITDB html VERIFIED
RealNetworks RealPlayer 10.5 - DoS
A certain ActiveX control in rpau3260.dll in RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer crash) by invoking the RealPlayer.Initialize method with certain arguments.
by shinnai
CVE-2006-6660 EXPLOITDB html VERIFIED
KDE libkhtml <4.2.0 - DoS
The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag.
by Federico L. Bossi Bonin
CVE-2006-6659 EXPLOITDB html VERIFIED
Microsoft Office Outlook Recipient ActiveX - DoS
The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.
by shinnai
CVE-2006-6659 EXPLOITDB html VERIFIED
Microsoft Office Outlook Recipient ActiveX - DoS
The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.
by shinnai
CVE-2006-6721 EXPLOITDB html VERIFIED
Knusperleicht ShoutBox 2.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in shout.php in Knusperleicht ShoutBox 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) sbNick or (2) sbKommentar parameter.
by IMHOT3B
CVE-2006-6722 EXPLOITDB html VERIFIED
Bandwebsite 1.5 - RCE
Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to create administrative accounts via a direct request to admin.php with the Login parameter set to 1.
by H0tTurk-
CVE-2006-6311 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 6.0.2900.2180 - DoS
Microsoft Internet Explorer 6.0.2900.2180 allows remote attackers to cause a denial of service via a style attribute in an HTML table tag with a width value that is dynamically calculated using JavaScript.
by xiam.core
CVE-2006-6298 EXPLOITDB html VERIFIED
Metyus Okul Yonetim Sistemi 1.0 - SQL Injection
SQL injection vulnerability in uye_giris_islem.asp in Metyus Okul Yonetim Sistemi 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) kullanici_ismi and (2) sifre parameters.
by ShaFuck31
CVE-2006-6337 EXPLOITDB html VERIFIED
Aspee/Dogantepe Ziyaretci Defteri - SQL Injection
Multiple SQL injection vulnerabilities in giris.asp in Aspee and Dogantepe Ziyaretci Defteri allow remote attackers to execute arbitrary SQL commands via the (1) kullanici or (2) parola parameter.
by ShaFuq31
CVE-2006-6121 EXPLOITDB html VERIFIED
Acer Notebook LunchApp.APlunch - RCE
Acer Notebook LunchApp.APlunch ActiveX control allows remote attackers to execute arbitrary commands by calling the Run method.
by Tan Chew Keong
CVE-2006-5925 EXPLOITDB html VERIFIED
Links/Elinks <1.00pre12-0.9.2 - RCE
Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.
by Teemu Salmela
CVE-2006-6027 EXPLOITDB html VERIFIED
Adobe Acrobat Reader - Denial of Service
Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control.
by Michal Bucko
CVE-2006-6884 EXPLOITDB html VERIFIED
WinZip 10.0 Build 6667 - Buffer Overflow
Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 Build 6667 allows remote attackers to execute arbitrary code via a long argument to the CreateNewFolderFromName method, a different vulnerability than CVE-2006-5198.
by prdelka
CVE-2006-6015 EXPLOITDB html VERIFIED
Apple Mac OS X - Buffer Overflow
Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression.
by jbh_cg
By Source
All 2,012 Exploitdb 50,121 Writeup 46,830 Nomisec 21,202 Metasploit 3,189 Github 2,258 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,742 c 3,550 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 69 go 41 postscript 25 xml 24