Exploitdb Exploits

2,012 exploits tracked across all sources.

Sort: Activity Stars
CVE-2002-1427 EXPLOITDB html VERIFIED
Easy Homepage Creator 1.0 - RCE
The print_html_to_file function in edit.cgi for Easy Homepage Creator 1.0 does not check user credentials, which allows remote attackers to modify home pages of other users.
by Arek Suroboyo
CVE-2002-1410 EXPLOITDB html VERIFIED
Easy Guestbook - RCE
Easy Guestbook CGI programs do not authenticate the administrator, which allows remote attackers to (1) delete entries via direct access of admin.cgi, or (2) reconfigure Guestbook via direct access of config.cgi.
by Arek Suroboyo
CVE-2002-2170 EXPLOITDB html VERIFIED
BadBlue Enterprise Edition <1.74 - RCE
Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrator actions to the IP address of the local host, but does not provide additional authentication, which allows remote attackers to execute arbitrary code via a web page containing an HTTP POST request that accesses the dir.hts page on the localhost and adds an entire hard drive to be shared.
by Matthew Murphy
CVE-2002-1766 EXPLOITDB html VERIFIED
Netscape Communicator - Buffer Overflow
Buffer overflow in Composer in Netscape 4.77 allows local users to overwrite process memory and execute arbitrary code via a font tag with a long face attribute.
by S[h]iff
CVE-2002-0898 EXPLOITDB html VERIFIED
Opera 6.0.1-6.0.2 - XSS
Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline.
by GreyMagic Software
CVE-2002-1714 EXPLOITDB html VERIFIED
Microsoft IE - Denial of Service
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion.
by Matthew Murphy
CVE-2002-0591 EXPLOITDB html VERIFIED
AOL Instant Messenger - Path Traversal
Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 beta and earlier allows remote attackers to create arbitrary files and execute commands via a Direct Connection with an IMG tag with a SRC attribute that specifies the target filename.
by Noah Johnson
CVE-2002-1688 EXPLOITDB html VERIFIED
Microsoft Internet Explorer <6.0 - XSS
The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button.
by Andreas Sandblad
CVE-2002-0461 EXPLOITDB html VERIFIED
Microsoft Internet Explorer - Denial of Service
Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application crash) via Javascript in a web page that calls location.replace on itself, causing a loop.
by Patrik Birgersson
CVE-2002-2031 EXPLOITDB html VERIFIED
Internet Explorer <5.6 - Info Disclosure
Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results.
by Tom Micklovitch
CVE-2001-1188 EXPLOITDB html VERIFIED
MAILTO <1.0.9 - RCE
mailto.exe in Brian Dorricott MAILTO 1.0.9 and earlier allows remote attackers to send SPAM e-mail through remote servers by modifying the sendto, email, server, subject, and resulturl hidden form fields.
by http-equiv
CVE-2001-0520 EXPLOITDB html VERIFIED
Aladdin eSafe Gateway <3.0 - XSS
Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent filtering of SCRIPT tags by embedding the scripts within certain HTML tags including (1) onload in the BODY tag, (2) href in the A tag, (3) the BUTTON tag, (4) the INPUT tag, or (5) any other tag in which scripts can be defined.
by eDvice Security Services
EIP-2026-118818 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 5.5 - File Disclosure
by Georgi Guninski
CVE-2001-0150 EXPLOITDB html VERIFIED
Internet Explorer <5.5 - Command Injection
Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands if the IE client is using the Telnet client provided in Services for Unix (SFU) 2.0, which creates session transcripts.
by Oliver Friedrichs
CVE-2001-0137 EXPLOITDB html VERIFIED
Windows Media Player 7 - RCE
Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a skin file named skin.wmz, then referencing that skin in the codebase parameter to an applet tag, aka the Windows Media Player Skins File Download" vulnerability.
by Georgi Guninski
CVE-2001-0322 EXPLOITDB html VERIFIED
Microsoft Internet Explorer - Denial of Service
MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object.
by Thor Larholm
CVE-2001-0148 EXPLOITDB html VERIFIED
Windows Media Player 7 - RCE
The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability.
by Georgi Guninski
CVE-2001-0022 EXPLOITDB html VERIFIED
simplestguest.cgi - RCE
simplestguest.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the guestbook parameter.
by suid
CVE-2001-0024 EXPLOITDB html VERIFIED
simplestmail.cgi - RCE
simplestmail.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the MyEmail parameter.
by rpc
CVE-2001-0023 EXPLOITDB html VERIFIED
everythingform.cgi - Command Injection
everythingform.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter.
by rpc
CVE-2001-0025 EXPLOITDB html VERIFIED
ad.cgi - Command Injection
ad.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter.
by rpc
CVE-2001-0089 EXPLOITDB html VERIFIED
Internet Explorer <5.6 - Info Disclosure
Internet Explorer 5.0 through 5.5 allows remote attackers to read arbitrary files from the client via the INPUT TYPE element in an HTML form, aka the "File Upload via Form" vulnerability.
by Key
EIP-2026-118817 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 5.5 - 'Index.dat' (MS00-055)
by Georgi Guninski
CVE-2000-1105 EXPLOITDB html VERIFIED
IXSso.query - Info Disclosure
The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled.
by Georgi Guninski
CVE-2000-0958 EXPLOITDB html VERIFIED
HotJava Browser 3.0 - XSS
HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window.
by Georgi Guninski
By Source
All 2,012 Exploitdb 50,121 Writeup 46,832 Nomisec 21,205 Metasploit 3,189 Github 2,268 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,746 c 3,550 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 73 go 41 postscript 25 xml 24