Exploitdb Exploits

2,012 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109269 EXPLOITDB html VERIFIED
Mambo 4.5 Server - 'user.php' Script Unauthorized Access
by frog
EIP-2026-119002 EXPLOITDB html VERIFIED
Opera Web Browser 7.x - URI Handler Directory Traversal
by S.G.Masood
CVE-2003-1505 EXPLOITDB html VERIFIED
Microsoft Internet Explorer - Denial of Service
Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (crash) by creating a web page or HTML e-mail with a textarea in a div element whose scrollbar-base-color is modified by a CSS style, which is then moved.
by Andreas Boeckler
EIP-2026-115699 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 6 - Absolute Position Block Denial of Service
by Nick Johnson
CVE-2003-0816 EXPLOITDB html VERIFIED
Internet Explorer 6 SP1 - Auth Bypass
Internet Explorer 6 SP1 and earlier allows remote attackers to bypass zone restrictions by (1) using the NavigateAndFind method to load a file: URL containing Javascript, as demonstrated by NAFfileJPU, (2) using the window.open method to load a file: URL containing Javascript, as demonstrated using WsOpenFileJPU, (3) setting the href property in the base tag for the _search window, as demonstrated using WsBASEjpu, (4) loading the search window into an Iframe, as demonstrated using WsFakeSrc, (5) caching a javascript: URL in the browser history, then accessing that URL in the same frame as the target domain, as demonstrated using WsOpenJpuInHistory, NAFjpuInHistory, BackMyParent, BackMyParent2, and RefBack, aka the "Script URLs Cross Domain" vulnerability.
by Liu Die Yu
EIP-2026-100895 EXPLOITDB html VERIFIED
Sitebuilder 1.4 - 'sitebuilder.cgi' Directory Traversal
by Zero X
CVE-2003-0701 EXPLOITDB html VERIFIED
Internet Explorer 6 SP1 - RCE
Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344.
by malware
EIP-2026-110647 EXPLOITDB html VERIFIED
PHP Arena paFileDB 1.1.3/2.1.1/3.0/3.1 - Arbitrary File Upload / Execution
by Martin Eiszner
EIP-2026-118994 EXPLOITDB html VERIFIED
Opera 7.20 - Mail Client Policy Circumvention
by Arve Bersvendsen
CVE-2003-0590 EXPLOITDB html VERIFIED
Splatt Forum - XSS
Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote attackers to insert arbitrary HTML and web script via the post icon (image_subject) field.
by Lethalman
EIP-2026-118858 EXPLOITDB html VERIFIED
Microsoft Outlook 5.5/2000 - Web Access HTML Attachment Script Execution
by Hugo Vazquez
EIP-2026-116005 EXPLOITDB html VERIFIED
Opera 7 - Denial of Service
by Operash
EIP-2026-118821 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 6 - '%USERPROFILE%' File Execution
by Eiji James Yoshida
CVE-2003-0295 EXPLOITDB html VERIFIED
vBulletin 3.0.0 Beta 2 - XSS
Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the "Preview Message" capability.
by Ferruh Mavituna
CVE-2003-1129 EXPLOITDB html VERIFIED
Yahoo Audio Conferencing Activex Control - Buffer Overflow
Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ActiveX control before 1,0,0,45 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a URL with a long hostname to Yahoo! Messenger or Yahoo! Chat.
by cesaro
EIP-2026-115627 EXPLOITDB html VERIFIED
Microsoft 'Shlwapi.dll' 6.0.2800.1106 - Malformed HTML Form Tag Denial of Service
by Ramon Pinuaga Cascales
CVE-2003-1419 EXPLOITDB html VERIFIED
Netscape Navigator - Improper Input Validation
Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function.
by dwm
EIP-2026-114756 EXPLOITDB html VERIFIED
Netscape 6.0/7.0 - Style Sheet Denial of Service
by Jocke
CVE-2003-1275 EXPLOITDB html VERIFIED
Microsoft Pocket IE - Denial of Service
Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function.
by Christopher Sogge Røtnes
CVE-2002-2255 EXPLOITDB html VERIFIED
Phpbb - XSS
Cross-site scripting (XSS) vulnerability in search.php in phpBB 2.0.3 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the search_username parameter in searchuser mode.
by f_a_a
EIP-2026-113031 EXPLOITDB html VERIFIED
VBZoom 1.0 - SQL Injection
by hish
EIP-2026-118810 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 5 - Document Reference Zone Bypass
by Liu Die Yu
CVE-2002-0976 EXPLOITDB html VERIFIED
Internet Explorer 4.0+ - Info Disclosure
Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet.
by Jelmer
CVE-2002-0980 EXPLOITDB html VERIFIED
Internet Explorer <6.0 - RCE
The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known location in the temporary folder, which allows remote attackers to execute arbitrary code by injecting it into the error message, then referring to the error message file via a mhtml: URL.
by http-equiv
CVE-2002-2358 EXPLOITDB html VERIFIED
Opera Software Opera Web Browser - XSS
Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL.
by Eiji James Yoshida
By Source
All 2,012 Exploitdb 50,121 Writeup 46,832 Nomisec 21,205 Metasploit 3,189 Github 2,268 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,746 c 3,550 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 73 go 41 postscript 25 xml 24