Exploitdb Exploits
31,357 exploits tracked across all sources.
Internet Explorer 5.01 SP4, 6, 6 SP1, 7 - Remote Code Execution via Crafted Data Stream Header
Unspecified vulnerability in Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via a crafted data stream header that triggers memory corruption, aka "Data Stream Header Corruption Vulnerability."
by Skylined
CVSS 8.8
Millenium MP3 Studio 2.0 - '.m3u' Local Buffer Overflow
by dellnull
Snitz Forums 2000 3.4.07 - Cross-Site Scripting via IMG or Sound Tag Onload Attribute
Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter to pop_send_to_friend.asp, related to a crafted onload attribute of an IMG element; or (2) an onload attribute in a sound tag.
by Andrea Fabrizi
Snitz Forums 2000 3.4.07 - Cross-Site Scripting via IMG or Sound Tag Onload Attribute
Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter to pop_send_to_friend.asp, related to a crafted onload attribute of an IMG element; or (2) an onload attribute in a sound tag.
by Andrea Fabrizi
SkyBlueCanvas 1.1 r237 - Cross-Site Scripting via mgroup mgr objtype id or dir Parameter
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in SkyBlueCanvas 1.1 r237 allow remote attackers to inject arbitrary web script or HTML via the (1) mgroup, (2) mgr, (3) objtype, (4) id, and (5) dir parameters.
by MaXe
BloofoxCMS 0.3.5 - Cross-Site Scripting via Search Parameter
Cross-site scripting (XSS) vulnerability in search.5.html in BloofoxCMS 0.3.5 allows remote attackers to inject arbitrary web script or HTML via the search parameter to index.php. NOTE: some of these details are obtained from third party information.
by drunken danish rednecks
Dopewars 1.5.12 - Denial of Service via Invalid REQUESTJET Message
Dopewars 1.5.12 allows remote attackers to cause a denial of service (segmentation fault) via a REQUESTJET message with an invalid location.
by Doug Prostko
Pentaho Business Intelligence Suite - SQL Injection via MySQL Scripts
Multiple unspecified vulnerabilities in Pentaho Business Intelligence (BI) Suite before 1.2 RC3 (1.2.0.470-RC3) have unknown impact and attack vectors, related to "MySQL Scripts need changes for security," possibly SQL injection vulnerabilities associated with these scripts.
by antisnatchor
IBM Rational RequisitePro 7.1.0 - Cross-Site Scripting via ReqWeb Help Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help feature (aka the Web Client Help system) in IBM Rational RequisitePro 7.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the operation parameter to ReqWebHelp/advanced/workingSet.jsp, or the (2) searchWord, (3) maxHits, (4) scopedSearch, or (5) scope parameter to ReqWebHelp/basic/searchView.jsp.
by IBM
IBM Rational RequisitePro 7.1.0 - Cross-Site Scripting via ReqWeb Help Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help feature (aka the Web Client Help system) in IBM Rational RequisitePro 7.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the operation parameter to ReqWebHelp/advanced/workingSet.jsp, or the (2) searchWord, (3) maxHits, (4) scopedSearch, or (5) scope parameter to ReqWebHelp/basic/searchView.jsp.
by IBM
IBM Rational RequisitePro 7.1.0 - Cross-Site Scripting via ReqWeb Help Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the ReqWeb Help feature (aka the Web Client Help system) in IBM Rational RequisitePro 7.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the operation parameter to ReqWebHelp/advanced/workingSet.jsp, or the (2) searchWord, (3) maxHits, (4) scopedSearch, or (5) scope parameter to ReqWebHelp/basic/searchView.jsp.
by IBM
Snitz Forums 2000 3.4.07 - Cross-Site Scripting via IMG or Sound Tag Onload Attribute
Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter to pop_send_to_friend.asp, related to a crafted onload attribute of an IMG element; or (2) an onload attribute in a sound tag.
by Andrea Fabrizi
Millenium MP3 Studio 2.0 - 'mpf' Local Buffer Overflow
by dellnull
Mozilla Firefox + Adobe - Memory Corruption (PoC)
by Skylined
Zainu 1.0 - Cross-Site Scripting via SearchSong Keyword Parameter
Cross-site scripting (XSS) vulnerability in index.php in Zainu 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchSongKeyword parameter in a SearchSong action.
by drunken danish rednecks
FreeSchool - 'key_words' Cross-Site Scripting
by drunken danish rednecks
dedecms 5.1 - SQL Injection via feedback_js.php arcurl Parameter
SQL injection vulnerability in feedback_js.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the arcurl parameter.
by Securitylab Security Research
AdaptBB 1.0 - 'q' Cross-Site Scripting
by drunken danish rednecks
Achievo < 1.4.0 - SQL Injection via Userid Parameter
SQL injection vulnerability in the get_employee function in classweekreport.inc in Achievo before 1.4.0 allows remote attackers to execute arbitrary SQL commands via the userid parameter (aka user_id variable) to dispatch.php.
by Ryan Dewhurst
Achievo < 1.4.0 - Cross-Site Scripting via Scheduler Title and Contract Search Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Achievo before 1.4.0 allow remote attackers to inject arbitrary web script or HTML via (1) the scheduler title in the scheduler module, and the (2) atksearch[contractnumber], (3) atksearch_AE_customer[customer], (4) atksearchmode[contracttype], and possibly (5) atksearch[contractname] parameters to the Organization Contracts administration page, reachable through dispatch.php.
by Ryan Dewhurst
Pentaho BI 1.x - Multiple Cross-Site Scripting / Information Disclosure Vulnerabilities
by euronymous
Everfocus EDR1600 - Unauthenticated Authentication Bypass
The web interface for Everfocus EDR1600 DVR allows remote attackers to bypass authentication and access live cams via certain vectors.
by Andrea Fabrizi
Eclipse BIRT < 2.3.2 - Cross-Site Scripting via __report Parameter
Cross-site scripting (XSS) vulnerability in birt-viewer/run in Eclipse Business Intelligence and Reporting Tools (BIRT) before 2.5.0, as used in KonaKart and other products, allows remote attackers to inject arbitrary web script or HTML via the __report parameter.
by Michele Orru
HP Palm Pre WebOS <= 1.1 - Denial of Service via Long String After Refresh Tag
The LunaSysMgr process in Palm Pre WebOS 1.1 and earlier, when not viewing web pages in landscape mode, allows remote attackers to cause a denial of service (crash) via a web page containing a long string following a refresh tag, which triggers a floating point exception.
by Townsend Harris
By Source