Exploitdb Exploits
2,009 exploits tracked across all sources.
Netscape Communicator - Buffer Overflow via Font Tag Face Attribute
Buffer overflow in Composer in Netscape 4.77 allows local users to overwrite process memory and execute arbitrary code via a font tag with a long face attribute.
by S[h]iff
Opera Web Browser 6.0.1-6.0.2 - Unauthenticated Arbitrary File Upload via Input File Tag Newline Injection
Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline.
by GreyMagic Software
Microsoft Internet Explorer 5.0-6.0 - Denial of Service via Recursive HTML Object Handling
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion.
by Matthew Murphy
AOL Instant Messenger - Directory Traversal and Arbitrary File Write via IMG Tag SRC Attribute
Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 beta and earlier allows remote attackers to create arbitrary files and execute commands via a Direct Connection with an IMG tag with a SRC attribute that specifies the target filename.
by Noah Johnson
Microsoft Internet Explorer <6.0 - XSS
The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button.
by Andreas Sandblad
Internet Explorer 5.01-6 - Denial of Service via JavaScript location.replace Loop
Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application crash) via Javascript in a web page that calls location.replace on itself, causing a loop.
by Patrik Birgersson
Internet Explorer <5.6 - Info Disclosure
Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results.
by Tom Micklovitch
Brian Dorricott MAILTO <= 1.0.9 - Unauthenticated SPAM Email Relay via Hidden Form Field Manipulation
mailto.exe in Brian Dorricott MAILTO 1.0.9 and earlier allows remote attackers to send SPAM e-mail through remote servers by modifying the sendto, email, server, subject, and resulturl hidden form fields.
by http-equiv
Aladdin eSafe Gateway 3.0 and earlier - Cross-Site Scripting via HTML Tag Attribute Injection
Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent filtering of SCRIPT tags by embedding the scripts within certain HTML tags including (1) onload in the BODY tag, (2) href in the A tag, (3) the BUTTON tag, (4) the INPUT tag, or (5) any other tag in which scripts can be defined.
by eDvice Security Services
Microsoft Internet Explorer 5.5 - File Disclosure
by Georgi Guninski
Internet Explorer <5.5 - Command Injection
Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands if the IE client is using the Telnet client provided in Services for Unix (SFU) 2.0, which creates session transcripts.
by Oliver Friedrichs
Windows Media Player 7 - Remote Code Execution via Malicious Skin File
Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a skin file named skin.wmz, then referencing that skin in the codebase parameter to an applet tag, aka the Windows Media Player Skins File Download" vulnerability.
by Georgi Guninski
Internet Explorer - Denial of Service via Object Creation and Deletion
MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with the browser window object.
by Thor Larholm
Windows Media Player 7 - Remote Code Execution via JavaScript URL in ActiveX Control
The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability.
by Georgi Guninski
simplestguest.cgi - Remote Command Execution via Guestbook Parameter
simplestguest.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the guestbook parameter.
by suid
simplestmail.cgi - Remote Command Execution via MyEmail Parameter
simplestmail.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the MyEmail parameter.
by rpc
everythingform.cgi - Command Injection
everythingform.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter.
by rpc
ad.cgi - Remote Command Execution via File Parameter
ad.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter.
by rpc
Internet Explorer <5.6 - Info Disclosure
Internet Explorer 5.0 through 5.5 allows remote attackers to read arbitrary files from the client via the INPUT TYPE element in an HTML form, aka the "File Upload via Form" vulnerability.
by Key
Microsoft Internet Explorer 5.5 - 'Index.dat' (MS00-055)
by Georgi Guninski
Microsoft Indexing Service - Information Disclosure via ixsso.query ActiveX Object
The ixsso.query ActiveX Object is marked as safe for scripting, which allows malicious web site operators to embed a script that remotely determines the existence of files on visiting Windows 2000 systems that have Indexing Services enabled.
by Georgi Guninski
HotJava Browser 3.0 - Unauthenticated DOM Access via JavaScript URL in Named Window
HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window.
by Georgi Guninski
Microsoft Virtual Machine - Arbitrary Java Codebase Execution
by Georgi Guninski
Windows Scripting Host - Info Disclosure
Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object.
by Georgi Guninski
Subscribe Me LITE - Privilege Escalation
Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd parameter.
by n30
By Source