Exploitdb Exploits
2,012 exploits tracked across all sources.
myNewsletter <1.1.2 - SQL Injection
Multiple SQL injection vulnerabilities in myNewsletter 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the UserName parameter in (1) validatelogin.asp or (2) adminlogin.asp.
by FarhadKey
FunkBoard CF0.71 - RCE
profile.php in FunkBoard CF0.71 allows remote attackers to change arbitrary passwords via a modified uid hidden form field in an Edit Profile action.
by ajann
Mozilla Firefox - Denial of Service
Unspecified versions of Mozilla Firefox allow remote attackers to cause a denial of service (crash) via a web page that contains a large number of nested marquee tags. NOTE: a followup post indicated that the initial report could not be verified.
by n00b
aspWebLinks 2.0 - SQL Injection
SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows remote attackers to execute arbitrary SQL commands via the linkID parameter.
by ajann
aspWebLinks 2.0 - Auth Bypass
links.asp in aspWebLinks 2.0 allows remote attackers to change the administrative password, possibly via a direct request with a modified txtAdministrativePassword field.
by ajann
ASPwebSoft Speedy Asp Discussion Forum - RCE
ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to change the password of any account via a modified account id and possibly arbitrary values of the name, email, country, password, and passwordre parameters to profileupdate.asp.
by ajann
Nukedit <4.9.6 - RCE
utilities/register.asp in Nukedit 4.9.6 and earlier allows remote attackers to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when creating a user via the addDB action.
by FarhadKey
Epic Designs Eggblog < 3.0.6 - SQL Injection
SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by nukedx
Microsoft Internet Explorer 6.0 - RCE
Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.
by Thomas Waldegger
Mozilla Firefox 1.5.0.3 - 'Loop' Denial of Service
by Gianni Amato
Microsoft Internet Explorer < 6.0.2900 - Denial of Service
Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll.
by seven
CVSS 6.5
Openfaq - XSS
Cross-site scripting vulnerability in submit.php in OpenFAQ 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
by Kamil Sienicki
Microsoft IE - Race Condition
Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
by Matthew Murphy
Apple Mac OSX Safari 2.0.3 (417.9.2) - Multiple Vulnerabilities
by Tom Ferris
Apple Safari - Denial of Service
Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute.
by Yannick von Arx
Mozilla Firefox - Resource Management Error
Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim.
by splices
Mozilla Firefox 1.5.0.1 / Camino 1.0 - Null Pointer Dereference Crash
by BuHa
Microsoft Internet Explorer <7 - RCE/DoS
Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
by darkeagle
Microsoft Internet Explorer 6 - 'mshtml.dll checkbox' Crash
by Stelian Ene
Microsoft Internet Explorer 6 - Script Action Handlers 'mshtml.dll' Denial of Service
by Michal Zalewski
JiRo's Banner System Experience and Professional <1.0 - Privilege E...
JiRo's Banner System Experience and Professional 1.0 and earlier allows remote attackers to bypass access restrictions and gain privileges via a direct request to certain scripts in the files directory, as demonstrated by using addadmin.asp to create a new administrator account.
by nukedx
Pentacle In-Out Board 6.03 - 'login.asp' Remote Authentication Bypass
by nukedx
Devellion Cubecart - Path Traversal
CubeCart 3.0 through 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include, which results in an absolute path traversal vulnerability in FileUpload in connector.php (aka upload.php) that allows remote attackers to upload arbitrary files via a modified CurrentFolder parameter in a direct request to admin/filemanager/upload.php.
by NSA Group
Mozilla Thunderbird < 1.0.7 - Improper Input Validation
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.
by Georgi Guninski
By Source