Html Exploits
2,075 exploits tracked across all sources.
Google Chrome - Swiftshader Blitting Floating-Point Precision Errors
by Google Security Research
Microhard Systems IPn4G 1.1.0 - CSRF
Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated users into loading a specially crafted page.
by LiquidWorm
CVSS 6.5
G DATA Total Security <25.4.0.3 - Buffer Overflow
The GDASPAMLib.AntiSpam ActiveX control ASK\GDASpam.dll in G DATA Total Security 25.4.0.3 has a buffer overflow via a long IsBlackListed argument.
by Filipe Xavier Oliveira
CVSS 8.8
Tor 0.3.2.0-0.3.2.9 - Use-After-Free in KIST Pending List
A use-after-free issue was discovered in Tor 0.3.2.x before 0.3.2.10. It allows remote attackers to cause a denial of service (relay crash) because the KIST implementation allows a channel to be added more than once in the pending list.
by t4rkd3vilz
CVSS 7.5
DamiCMS 6.0.0 and 6.1.0 - Cross-Site Request Forgery via Admin Account Addition
DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account.
by bay0net
CVSS 8.8
BEESCMS 4.0 - Cross-Site Request Forgery
In BEESCMS 4.0, CSRF allows administrators to be added arbitrarily, a related issue to CVE-2018-10266.
by bay0net
CVSS 8.8
LFCMS 3.7.0 - Cross-Site Request Forgery
A CSRF vulnerability exists in LFCMS 3.7.0: users can be added arbitrarily.
by bay0net
CVSS 8.8
LFCMS 3.7.0 - Cross-Site Request Forgery via Admin User Addition
Cross-site request forgery (CSRF) vulnerability in admin.php in LFCMS 3.7.0 allows remote attackers to hijack the authentication of unspecified users for requests that add administrator users via the s parameter, a related issue to CVE-2018-12114.
by bay0net
CVSS 8.8
Joomla Component jomres 9.11.2 Cross-Site Request Forgery
Joomla Component jomres 9.11.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information by tricking authenticated users into visiting malicious pages. Attackers can craft HTML forms targeting the account/index endpoint with hidden fields to change passwords, email addresses, and profile details without user consent.
by L0RD
CVSS 4.3
Maccms 10 - Cross-Site Request Forgery via Admin Account Creation
Maccms 10 allows CSRF via admin.php/admin/admin/info.html to add user accounts.
by bay0net
CVSS 8.8
Safari < 11.1.1 - Remote Code Execution via WebAssembly getWasmBufferFromValue Out-of-Bounds Read
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation.
by Google Security Research
CVSS 8.8
Safari < 11.1.1 - Remote Code Execution via WebKit @generatorState Use-After-Free
An issue was discovered in certain Apple products. iOS before 11.4 is affected. Safari before 11.1.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. watchOS before 4.3.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers an @generatorState use-after-free.
by Google Security Research
CVSS 8.8
Smartshop 1 Cross-Site Request Forgery via editprofile.php
Smartshop 1 contains a cross-site request forgery vulnerability that allows attackers to modify user profiles by tricking authenticated users into submitting malicious requests. Attackers can craft HTML forms targeting editprofile.php with hidden fields for email and password parameters that execute automatically when visited by an authenticated admin user.
by L0RD
CVSS 4.3
GreenCMS v2.3.0603 - Cross-Site Request Forgery via Media File Connect
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to execute arbitrary PHP code via the content parameter to index.php?m=admin&c=media&a=fileconnect.
by xichao
CVSS 8.8
GreenCMS v2.3.0603 - Cross-Site Request Forgery via Admin User Addition
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=adduserhandle.
by xichao
CVSS 8.8
Joomla JoomOCShop 1.0 Cross-Site Request Forgery
Joomla JoomOCShop 1.0 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML forms targeting account endpoints like /joomoc2/?route=account/edit and to modify user information or reset passwords without user consent.
by L0RD
CVSS 4.3
Joomla jCart for OpenCart 2.3.0.2 Cross-Site Request Forgery
jCart for OpenCart 2.3.0.2 contains a cross-site request forgery vulnerability that allows attackers to modify user account information without authentication. Attackers can craft malicious HTML forms targeting endpoints , and to change user credentials, passwords, and affiliate account details when victims visit the attacker-controlled page.
by L0RD
CVSS 5.3
Sharetronix CMS 3.6.2 - Cross-Site Request Forgery / Cross-Site Scripting
by Hesam Bazvand
EasyService Billing 1.0 - Cross-Site Request Forgery via Quotation Creation
A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation.
by Divya Jain
CVSS 8.8
EasyService Billing 1.0 - Cross-Site Request Forgery on User Add Page
A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role.
by Divya Jain
CVSS 8.8
Microsoft Edge and ChakraCore - Remote Code Execution via Scripting Engine Memory Corruption
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
by Google Security Research
CVSS 7.5
Skia - Buffer Overflow
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
by Google Security Research
CVSS 9.8
Teradek VidiU Pro 3.0.3 - Cross-Site Request Forgery via Password Change Request
Teradek VidiU Pro 3.0.3 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft malicious web pages that automatically submit password change requests to the device when a logged-in administrator visits the page.
by LiquidWorm
CVSS 4.3
By Source