Exploitdb Exploits
2,009 exploits tracked across all sources.
aspWebLinks 2.0 - SQL Injection via linkID Parameter
SQL injection vulnerability in links.asp in aspWebLinks 2.0 allows remote attackers to execute arbitrary SQL commands via the linkID parameter.
by ajann
aspWebLinks 2.0 - Unauthenticated Administrative Password Change via txtAdministrativePassword Field
links.asp in aspWebLinks 2.0 allows remote attackers to change the administrative password, possibly via a direct request with a modified txtAdministrativePassword field.
by ajann
ASPwebSoft Speedy Asp Discussion Forum - RCE
ASPwebSoft Speedy Asp Discussion Forum allows remote attackers to change the password of any account via a modified account id and possibly arbitrary values of the name, email, country, password, and passwordre parameters to profileupdate.asp.
by ajann
Nukedit < 4.9.6 - Unauthenticated Arbitrary User Creation via GroupID Parameter
utilities/register.asp in Nukedit 4.9.6 and earlier allows remote attackers to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when creating a user via the addDB action.
by FarhadKey
Eggblog < 3.0.6 - SQL Injection via RSS Posts ID Parameter
SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by nukedx
Microsoft Internet Explorer 6.0 - RCE
Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.
by Thomas Waldegger
Mozilla Firefox 1.5.0.3 - 'Loop' Denial of Service
by Gianni Amato
Microsoft Internet Explorer < 6.0.2900 - Denial of Service via CSS Position Attribute
Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll.
by seven
CVSS 6.5
OpenFAQ 0.4.0 - Cross-Site Scripting via q Parameter
Cross-site scripting vulnerability in submit.php in OpenFAQ 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
by Kamil Sienicki
Microsoft IE - Race Condition
Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
by Matthew Murphy
Apple Mac OSX Safari 2.0.3 (417.9.2) - Multiple Vulnerabilities
by Tom Ferris
Apple Safari - Denial of Service via TD Element Rowspan Attribute
Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute.
by Yannick von Arx
Mozilla Firefox 1.5.0.2 - Denial of Service via Deleted Controller Context Reference
Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim.
by splices
Mozilla Firefox 1.5.0.1 / Camino 1.0 - Null Pointer Dereference Crash
by BuHa
Microsoft Internet Explorer <7 - RCE/DoS
Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
by darkeagle
Microsoft Internet Explorer 6 - 'mshtml.dll checkbox' Crash
by Stelian Ene
Microsoft Internet Explorer 6 - Script Action Handlers 'mshtml.dll' Denial of Service
by Michal Zalewski
JiRo's Banner System Experience and Professional <1.0 - Privilege E...
JiRo's Banner System Experience and Professional 1.0 and earlier allows remote attackers to bypass access restrictions and gain privileges via a direct request to certain scripts in the files directory, as demonstrated by using addadmin.asp to create a new administrator account.
by nukedx
Pentacle In-Out Board 6.03 - 'login.asp' Remote Authentication Bypass
by nukedx
CubeCart 3.0-3.6 - Unauthenticated Arbitrary File Upload via FileManager CurrentFolder Parameter
CubeCart 3.0 through 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include, which results in an absolute path traversal vulnerability in FileUpload in connector.php (aka upload.php) that allows remote attackers to upload arbitrary files via a modified CurrentFolder parameter in a direct request to admin/filemanager/upload.php.
by NSA Group
Thunderbird < 1.0.7 - Information Disclosure via IFRAME SRC JavaScript URI
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.
by Georgi Guninski
php-Nuke 6.0-7.9 - CAPTCHA Bypass via Fixed Challenge/Response Pairs
The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters.
by waraxe
Windows Media Player 9-10 - Remote Code Execution via Long EMBED src Attribute
Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute.
by Matthew Murphy
Virtual Hosting Control System <2.4.7.1 - Privilege Escalation
The check_login function in login.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access.
by Roman Medina-Heigl Hernandez
By Source