Exploitdb Exploits
2,012 exploits tracked across all sources.
Microsoft Internet Explorer 6.0 SP1 - DoS
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an error message with an attacker-controlled format string.
by anonymous
Opera web browser <7.53.3850 - XSS
A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks.
by bitlance winter
Mozilla Firefox <0.9.3 - XSS
Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method.
by E.Kellinis
Microsoft Internet Explorer 6.0.2800 - DoS
mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to cause a denial of service (crash) via a table containing a form that crosses multiple td elements, and whose "float: left" class is defined in a link to a CSS stylesheet after the end of the table, which may trigger a null dereference.
by Phuong
Mensajeitor Tag Board 1.x - Authentication Bypass
by Jordi Corrales
Microsoft Internet Explorer - Overly Trusted Location Cache
by anonymous
Microsoft Internet Explorer 6.0.2800.1106 - Auth Bypass
Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."
by Paul
Opera Web Browser 7.5x - IFrame OnLoad Address Bar URL Obfuscation
by bitlance winter
Microsoft Internet Explorer 6 - Shell.Application Object Script Execution
by http-equiv
vBulletin 3.0.1 - XSS
Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) newthread.php in vBulletin 3.0.1 allows remote attackers to inject arbitrary HTML or script as other users via the Edit-panel.
by Cheng Peng Su
PHP Heaven Phpmychat - Authentication Bypass
edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass authentication and gain administrative privileges by setting the do_not_login parameter to false.
by HEX
Microsoft Internet Explorer 5.0.1 / Opera 7.51 - URI Obfuscation
by http-equiv
IBM EGatherer 2.0 - ActiveX Control Dangerous Method
by eEye Digital Security Team
Microsoft Internet Explorer 5.0.1 - CSS Style Sheet Memory Corruption
by henkie_is_leet
Outlook 2003 - CSRF
Outlook 2003 allows remote attackers to bypass intended access restrictions and cause Outlook to request a URL from a remote site via an HTML e-mail message containing a Vector Markup Language (VML) entity whose src parameter points to the remote site, which could allow remote attackers to know when a message has been read, verify valid e-mail addresses, and possibly leak other information.
by http-equiv
Mozilla Firefox <0.9.3 - XSS
Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method.
by E.Kellinis
BitDefender Scan Online - Info Disclosure
The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender Scan Online allows remote attackers to (1) obtain sensitive information such as system drives and contents or (2) use the RequestFile method to download and execute arbitrary code via an object codebase that uses bitdefender.cab.
by Rafel Ivgi The-Insider
WinSCP 3.5.6 - Long URI Handling Memory Corruption
by Luca Ercoli
SCT Corporation Campus Pipeline - XSS
Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via onload, onmouseover, and other Javascript events in an e-mail attachment.
by spiffomatic 64
Microsoft Internet Explorer 6 - HTML Form Status Bar Misrepresentation
by http-equiv
Microsoft Outlook 2002 - Command Injection
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
by shaun2k2
Microsoft Internet Explorer <6.0 - CSRF
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to bypass cross-frame scripting restrictions and capture keyboard events from other domains via an HTML document with Javascript that is outside a frameset that includes the target domain, then forcing the frameset to maintain focus. NOTE: the discloser claimed that the vendor does not categorize this as a vulnerability, but it can be used in a spoofing scenario; the discloser provides alternate scenarios. Spoofing scenarios are currently included in CVE.
by iDefense
Microsoft Internet Explorer 5 - Shell: IFrame Cross-Zone Scripting (2)
by Cheng Peng Su
Microsoft Internet Explorer 5 - Shell: IFrame Cross-Zone Scripting (1)
by Cheng Peng Su
2wire Homeportal - Path Traversal
Directory traversal vulnerability in wra/public/wralogin in 2Wire Gateway, possibly as used in HomePortal and other product lines, allows remote attackers to read arbitrary files via a .. (dot dot) in the return parameter. NOTE: this issue was reported as XSS, but this might be a terminology error.
by Rafel Ivgi The-Insider
By Source