Exploitdb Exploits
50,095 exploits tracked across all sources.
Oracle Solaris <10 - Info Disclosure
Unspecified vulnerability in Oracle Solaris 8, 9, and 10, and OpenSolaris, allows local users to affect confidentiality and integrity, related to NFS.
by Frank Stuart
Oracle OpenSolaris 10 - Info Disclosure
Unspecified vulnerability in Oracle OpenSolaris 10 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to rdist.
by Monarch Rich
Diferior CMS 8.03 - Multiple Cross-Site Request Forgery Vulnerabilities
by 10n1z3d
Diem 5.1.2 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
AJ Square AJ Article 3.0 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in index.php in AJ Square AJ Article 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) emailid, (2) fname, (3) lname, (4) company, (5) address1, (6) address2, (7) city, (8) state, (9) zipcode, (10) phone, and (11) fax parameters in an update action. NOTE: some of these details are obtained from third party information.
by Sid3^effects
Oracle Fusion Middleware - Confidentiality Integrity
Package/Privilege: Plugins for Apache, Sun and IIS web servers Unspecified vulnerability in the WebLogic Server component in Oracle Fusion Middleware 7.0 SP7, 8.1 SP6, 9.0, 9.1, 9.2 MP3, 10.0 MP2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity, related to IIS.
by Timothy D. Morgan
Oracle Fusion Middleware <10.3 - Info Disclosure
Unspecified vulnerability in the Oracle Business Process Management component in Oracle Fusion Middleware 5.7 MP3, 6.0 MP5, and 10.3 MP2 allows remote attackers to affect integrity, related to BPM.
by Markot
Qt 4.6.3 - 'QTextEngine::LayoutData::reallocate()' Memory Corruption
by D4rk357
InterSystems Caché 2009.1 - Buffer Overflow
A stack-based buffer overflow exists in the UtilConfigHome.csp endpoint of InterSystems Caché 2009.1. The vulnerability is triggered by sending a specially crafted HTTP GET request containing an oversized argument to the .csp handler. Due to insufficient bounds checking, the input overflows a stack buffer, allowing an attacker to overwrite control structures and execute arbitrary code. It is unknown if this vulnerability was patched and an affected version range remains undefined.
by Metasploit
InterVations NaviCOPA Web Server 2.01 - RCE
Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote attackers to execute arbitrary code via a long HTTP GET request.
by Metasploit
Microsoft Internet Explorer 7 - Uninitialized Memory Corruption
Microsoft Internet Explorer 7 does not properly handle errors during attempted access to deleted objects, which allows remote attackers to execute arbitrary code via a crafted HTML document, related to CFunctionPointer and the appending of document objects, aka "Uninitialized Memory Corruption Vulnerability."
by Metasploit
Microsoft Internet Explorer 6 and 7 - Remote Code Execution via STYLE Tag Memory Corruption
Microsoft Internet Explorer 6 and 7 does not properly handle objects in memory that (1) were not properly initialized or (2) are deleted, which allows remote attackers to execute arbitrary code via vectors involving a call to the getElementsByTagName method for the STYLE tag name, selection of the single element in the returned list, and a change to the outerHTML property of this element, related to Cascading Style Sheets (CSS) and mshtml.dll, aka "HTML Object Memory Corruption Vulnerability." NOTE: some of these details are obtained from third party information. NOTE: this issue was originally assigned CVE-2009-4054, but Microsoft assigned a duplicate identifier of CVE-2009-3672. CVE consumers should use this identifier instead of CVE-2009-4054.
by Metasploit
Microsoft Internet Explorer 6, 6 SP1, 7, and 8 - Use-After-Free via HTML Object Memory Corruption
Use-after-free vulnerability in Microsoft Internet Explorer 6, 6 SP1, 7, and 8 on Windows 2000 SP4; Windows XP SP2 and SP3; Windows Server 2003 SP2; Windows Vista Gold, SP1, and SP2; Windows Server 2008 Gold, SP2, and R2; and Windows 7 allows remote attackers to execute arbitrary code by accessing a pointer associated with a deleted object, related to incorrectly initialized memory and improper handling of objects in memory, as exploited in the wild in December 2009 and January 2010 during Operation Aurora, aka "HTML Object Memory Corruption Vulnerability."
by Metasploit
CVSS 8.8
BlueCoat WinProxy < 6.1a and ProxyAV < 2.4.2.3 - Remote Code Execution via Long Host Header
Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web console access functionality in ProxyAV before 2.4.2.3 allows remote attackers to execute arbitrary code via a long Host: header.
by Metasploit
Opera - Canvas Element (Denial of Service)
by Pouya Daneshmand
Corel WordPerfect Office X5 15.0.0.357 - 'wpd' Buffer Overflow (PoC)
by LiquidWorm
Corel Presentations X5 15.0.0.357 - 'shw' Buffer Preoccupation (PoC)
by LiquidWorm
Oracle Solaris <10 - Info Disclosure
Unspecified vulnerability in Oracle Solaris 8, 9, and 10 allows local users to affect confidentiality and integrity via unknown vectors.
by Frank Stuart
TheHostingTool 1.2.2 - Multiple Cross-Site Request Forgery Vulnerabilities
by 10n1z3d
Joomla! Component healthstats - Persistent Cross-Site Scripting
by Sid3^effects
Joomla! Component EasyBlog - Persistent Cross-Site Scripting
by Sid3^effects
grafik_cms 1.1.2 - Cross-Site Scripting via page_menu and description Parameters
Multiple cross-site scripting (XSS) vulnerabilities in admin/admin.php in Grafik CMS 1.1.2, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) page_menu and (2) description parameters in an edit_page action.
by 10n1z3d
By Source