Exploitdb Exploits
2,012 exploits tracked across all sources.
aeNovo <version> - SQL Injection
Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop and (3) aeNovoWYSI allow remote attackers to execute arbitrary SQL code via (a) the password parameter in control.asp, and (b) the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages.
by farhad koosha
Mozilla Firefox 1.0.7 - Integer Overflow Denial of Service
by Georgi Guninski
Mozilla Firefox <1.0.6 - Buffer Overflow
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
by Skylined
Mozilla Products - 'Host:' Buffer Overflow (Denial of Service) (PoC) String
by Tom Ferris
CMS Made Simple <0.10 - RCE
PHP remote file inclusion vulnerability in lang.php in CMS Made Simple 0.10 and earlier allows remote attackers to execute arbitrary PHP code via the nls[file][vx][vxsfx] parameter.
by groszynskif
Microsoft Internet Explorer 5.2.3 - DoS
Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers to cause a denial of service (crash) via a web page with malformed attributes in a BGSOUND tag, possibly involving double-quotes in an about: URI.
by Mella Marco
Microsoft IE - Denial of Service
Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087.
by FrSIRT
Apple Safari - Denial of Service
Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to cause a denial of service (crash) via certain Javascript, possibly involving a function that defines a handler for itself within the function body.
by Patrick Webster
Invision Power Board IPB 1.0.3 - XSS
Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML.
by V[i]RuS
E107 Website System 0.6 - Attached File Cross-Site Scripting
by edward11
SPI Dynamics WebInspect 5.0.196 - Cross Application Script Injection
Firefox 1.0.3-1.0.4 & Netscape 8.0.2 - RCE
Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a javascript: URL with an eval statement, aka "Firewalling."
by Michael Krax
Microsoft IE - Resource Management Error
Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.
by k-otik
Microsoft Internet Explorer - Multiple Stack Overflows Crashs
by Benjamin Franz
Microsoft Internet Explorer - JavaScript 'window()' Crash
by Benjamin Franz
Mozilla Firefox - view-source:JavaScript url Code Execution
by mikx
D-Link DSL-504T - Auth Bypass
D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg.
by Francesco Orro
Firefox <1.0.4 & Mozilla Suite <1.7.8 - Privilege Escalation
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.
by moz_bug_r_a4
Firefox 1.0.3 - XSS
Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477.
by Edward Gagnon
phpMyVisites 1.3 - Info Disclosure
set_lang.php in phpMyVisites 1.3 allows remote attackers to read and include arbitrary files via the mylang parameter.
by Max Cerny
Microsoft Internet Explorer - DHTML Object Memory Corruption
by Skylined
Microsoft Internet Explorer - Buffer Overflow
Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."
by Skylined
PHP-Nuke <7.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads module.
By Source