Exploitdb Exploits
61 exploits tracked across all sources.
OWASP Stinger <2.5 - Auth Bypass
OWASP Stinger before 2.5 allows remote attackers to bypass input validation routines by using multipart encoded requests instead of form-urlencoded requests. NOTE: this might be used to expose vulnerabilities in applications that would otherwise be protected by the validation routines.
by Meder Kydyraliev
SUN Jdk < 1.5.0 - Memory Corruption
Buffer overflow in Sun JDK and Java Runtime Environment (JRE) 5.0 Update 9 and earlier, SDK and JRE 1.4.2_12 and earlier, and SDK and JRE 1.3.1_18 and earlier allows applets to gain privileges via a GIF image with a block with a 0 width field, which triggers memory corruption.
by luoluo
MICO Object Key 2.3.12 - Remote Denial of Service
by tuergeist
Sun Java Runtime Environment 1.3/1.4/1.5 - Nested Array Objects Denial of Service
by Marc Schoenefeld
SUN Jdk - Denial of Service
Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory.
by Marc Schoenefeld
Cisco PIX/ASA <7.1(2) & 7.0(<5), PIX 6.3(<5.112), FWSM 2.3(<4) & 3....
Cisco PIX/ASA 7.1.x before 7.1(2) and 7.0.x before 7.0(5), PIX 6.3.x before 6.3.5(112), and FWSM 2.3.x before 2.3(4) and 3.x before 3.1(7), when used with Websense/N2H2, allows remote attackers to bypass HTTP access restrictions by splitting the GET method of an HTTP request into multiple packets, which prevents the request from being sent to Websense for inspection, aka bugs CSCsc67612, CSCsc68472, and CSCsd81734.
by George D. Gal
Open DC HUB Direct Connect Peer-to-peer Client - Buffer Overflow
Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with administrator privileges, to execute arbitrary code via a long RedirectAll command.
by Donato Ferrante
Opera Web browser 7.54 java implementation - Multiple Vulnerabilities (4)
by Marc Schoenefeld
opera Web browser 7.54 java implementation - Multiple Vulnerabilities (3)
by Marc Schoenefeld
Opera Web browser 7.54 java implementation - Multiple Vulnerabilities (2)
by Marc Schoenefeld
Opera Web browser 7.54 java implementation - Multiple Vulnerabilities (1)
by Marc Schoenefeld
Bird Chat Internet Chat Server - Denial of Service
Bird Chat 1.61 allows remote attackers to cause a denial of service (crash) via invalid users.
by Donato Ferrante
Free Web Chat 2.0 - DoS
Free Web Chat 2.0 allows remote attackers to cause a denial of service (CPU consumption) via multiple connections from the same user.
by Donato Ferrante
Sun Java Virtual Machine 1.x - 'Font.createFont' Method Insecure Temporary File Creation
by Jelmer
Sun Java Runtime Environment 1.4.x - Font Object Assertion Failure Denial of Service
by Marc Schoenefeld
Siemens S55 - RCE
GUI overlay vulnerability in the Java API in Siemens S55 cellular phones allows remote attackers to send unauthorized SMS messages by overlaying a confirmation message with a malicious message.
by FtR
Yabb SE - SQL Injection
SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and possibly other versions before 1.5.5 allows remote attackers to execute arbitrary SQL commands via the ID_MEMBER parameter to the (1) recentTopics and (2) welcome functions.
by BaCkSpAcE
SUN Java - Denial of Service
Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating a null pointer exception.
by Marc Schoenefeld
Sun SDK/JRE 1.4.1_03 - Code Injection
The loadClass method of the sun.applet.AppletClassLoader class in the Java Virtual Machine (JVM) in Sun SDK and JRE 1.4.1_03 and earlier allows remote attackers to bypass sandbox restrictions and execute arbitrary code via a loaded class name that contains "/" (slash) instead of "." (dot) characters, which bypasses a call to the Security Manager's checkPackageAccess method.
by Last Stage of Delirium
Sun Java Plug-In <1.4.2_02 - RCE
Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repeatedly access the floppy drive via the createXmlDocument method in the org.apache.crimson.tree.XmlDocument class, which violates the Java security model.
by Marc Schoenefeld
Sun Java Runtime Environment <1.4.0.01 - Info Disclosure
Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows untrusted applets to access certain information within trusted applets, which allows attackers to bypass the restrictions of the Java security model.
by Marc Schoenefeld
Microsoft Windows Media Player <7.1, XP - Path Traversal
Directory traversal vulnerability in Microsoft Windows Media Player 7.1 and Windows Media Player for Windows XP allows remote attackers to execute arbitrary code via a skins file with a URL containing hex-encoded backslash characters (%5C) that causes an executable to be placed in an arbitrary location.
by Jelmer Kuperus
Sun JDK/SDK 1.3/1.4 / IBM JDK 1.3.1 / BEA Systems WebLogic 5/6/7 - java.util.zip Null Value Denial of Service (3)
by Marc Schoenefeld
An-httpd - Buffer Overflow
Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote attackers to execute arbitrary code via a SOCKS4 request with a long username.
by Kanatoko
Click-2 Ingenium Learning Management System - Weak Encryption
Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords (reversible algorithm), which allows attackers to obtain passwords.
by Brian Enigma
CVSS 7.5
By Source