Exploitdb Exploits
2,009 exploits tracked across all sources.
Virtual Hosting Control System <2.4.7.1 - Info Disclosure
change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not verify the old password when a user changes the password, which may allow remote attackers to gain unauthorized access.
by Roman Medina-Heigl Hernandez
Microsoft IE - Denial of Service
urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
by Tom Ferris
Microsoft Internet Explorer 6.x - IMG / XML elements Denial of Service
by Inge Henriksen
Microsoft Internet Explorer 6 - 'mshtml.dll div' Denial of Service
by rgod
Microsoft Internet Explorer 6 - 'mshtml.dll datasrc' Denial of Service
by BuHa
Microsoft Internet Explorer 6 - PRE Tag Multiple Single Tags Denial of Service Vulnerabilities
by Markus Heer
Mozilla Firefox 1.04 - 'compareTo()' Remote Code Execution
by Aviv Raff
K-Meleon < 0.9 - Denial of Service via Large Web Page Title
Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.
by ZIPLOCK
Mozilla Firefox 1.5 - 'history.dat' Looping (PoC)
by ZIPLOCK
VP-ASP Shopping Cart 5.50 - Cross-Site Scripting via UserName Parameter
Cross-site scripting (XSS) vulnerability in shopadmin.asp in VP-ASP Shopping Cart 5.50 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter.
by ConcorDHacK
Opera Web Browser 8.0/8.5 - HTML Form Status Bar Misrepresentation
by Sverx
Elite Forum 1.0.0.0 - Stored Cross-Site Scripting via Post Reply Image Tag
Cross-site scripting (XSS) vulnerability in Elite Forum 1.0.0.0 allows remote attackers to inject arbitrary web script or HTML via a Post Reply to a topic, in which the reply contains a javascript: URL in an <img> tag.
by gladiator
Microsoft Internet Explorer 6 - 'mshtmled.dll' Denial of Service
by Tom Ferris
Search_Enhanced - Cross-Site Scripting via Query Parameter
Cross-site scripting (XSS) vulnerability in the Search_Enhanced module in PHP-Nuke 7.9 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
by bhfh01
Techno Dreams (Multiple Scripts) - Multiple SQL Injections
by farhad koosha
SiteTurn Domain Manager Pro - Cross-Site Scripting via Panel Script Err Parameter
Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager Pro allows remote attackers to inject arbitrary web script or HTML via the err parameter in the panel script.
by farhad koosha
Mozilla Firefox 1.0.7 (Mozilla 1.7.12) - Denial of Service
by Kubbo
Opera Browser < 8.02 - Denial of Service via Crafted HTML Style Attributes
Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a crafted HTML file with a "content: url(0);" style attribute, a "bodyA" tag, a long string, and a "u" tag with a long attribute, as demonstrated by opera.html; and (2) a BGSOUND element with a "margin:-99;" STYLE attribute.
by posidron
Opera Browser < 8.02 - Denial of Service via Crafted HTML Style Attributes
Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a crafted HTML file with a "content: url(0);" style attribute, a "bodyA" tag, a long string, and a "u" tag with a long attribute, as demonstrated by opera.html; and (2) a BGSOUND element with a "margin:-99;" STYLE attribute.
by posidron
Mozilla Firefox 1.0.7 / Thunderbird 1.0.6 - Denial of Service
by posidron
MuOnline Loopholes Web Server - 'pkok.asp' SQL Injection
by nukedx
aenovo - SQL Injection via Password Parameter in control.asp
Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop and (3) aeNovoWYSI allow remote attackers to execute arbitrary SQL code via (a) the password parameter in control.asp, and (b) the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages.
by farhad koosha
Mozilla Firefox 1.0.7 - Integer Overflow Denial of Service
by Georgi Guninski
Mozilla Firefox <1.0.6 - Buffer Overflow
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
by Skylined
By Source