AmesianX

4 exploits Active since Feb 2007
CVE-2026-53435 GITHUB HIGH python WORKING POC
Jenkins - Deserialization of Untrusted Data
In Jenkins 2.567 and earlier, LTS 2.555.2 and earlier, it is possible for attackers to have Jenkins deserialize arbitrary types defined in Jenkins core or plugins from an attacker-controlled `config.xml` submission in a way that allows them to handle HTTP requests afterwards. This can be used to impersonate any user and send HTTP requests on their behalf, up to and including use of the Script Console to run arbitrary code, or to read arbitrary files from the Jenkins controller.
CVSS 8.8
CVE-2021-21220 NOMISEC HIGH WORKING POC
Google Chrome <89.0.4389.128 - Heap Corruption
Insufficient validation of untrusted input in V8 in Google Chrome prior to 89.0.4389.128 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
CVSS 8.8
CVE-2007-0811 EXPLOITDB html WORKING POC
Microsoft Internet Explorer 6.0 - DoS
Microsoft Internet Explorer 6.0 SP1 on Windows 2000, and 6.0 SP2 on Windows XP, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an HTML document containing a certain JavaScript for loop with an empty loop body, possibly involving getElementById.
CVE-2009-2655 EXPLOITDB html WORKING POC
Microsoft Internet Explorer <8 - DoS
mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1.