Html Exploits

EIP-2026-104152 EXPLOITDB html

agorum core Pro 7.8.1.4-251 - Cross-Site Request Forgery

by SySS GmbH

View

CVE-2017-2479 EXPLOITDB MEDIUM html VERIFIED

Safari < 10.1 - Same Origin Policy Bypass via WebKit

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

by Google Security Research

CVSS 6.5

View

CVE-2017-2480 EXPLOITDB MEDIUM html VERIFIED

iCloud < 6.2 - Exposure of Sensitive Information via WebKit Same Origin Policy Bypass

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. iCloud before 6.2 on Windows is affected. iTunes before 12.6 on Windows is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

by Google Security Research

CVSS 6.5

View

CVE-2017-2469 EXPLOITDB HIGH html VERIFIED

Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

by Google Security Research

CVSS 8.8

View

CVE-2017-2470 EXPLOITDB HIGH html VERIFIED

Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

by Google Security Research

CVSS 8.8

View

CVE-2017-2468 EXPLOITDB HIGH html VERIFIED

Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

by Google Security Research

CVSS 8.8

View

EIP-2026-113755 EXPLOITDB html

WordPress Plugin Firewall 2 1.3 - Cross-Site Request Forgery / Cross-Site Scripting

by dxw

View

EIP-2026-113754 EXPLOITDB html

WordPress Plugin Firewall 2 1.3 - Cross-Site Request Forgery / Cross-Site Scripting

by dxw

View

EIP-2026-113657 EXPLOITDB html

WordPress Plugin CopySafe Web Protect < 2.6 - Cross-Site Request Forgery

by Zhiyang Zeng

View

EIP-2026-106668 EXPLOITDB html

e107 CMS 2.1.4 - Cross-Site Request Forgery

by Zhiyang Zeng

View

CVE-2017-2364 EXPLOITDB MEDIUM html VERIFIED

iPhone OS < 10.2.1 and Safari < 10.0.3 - Same Origin Policy Bypass in WebKit

An issue was discovered in certain Apple products. iOS before 10.2.1 is affected. Safari before 10.0.3 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

by Google Security Research

CVSS 6.5

View

CVE-2017-2457 EXPLOITDB HIGH html VERIFIED

Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

by Google Security Research

CVSS 8.8

View

CVE-2017-2445 EXPLOITDB MEDIUM html VERIFIED

Safari < 10.1 - Universal Cross-Site Scripting via Crafted Frame Objects

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via crafted frame objects.

by Google Security Research

CVSS 6.1

View

CVE-2017-2367 EXPLOITDB MEDIUM html VERIFIED

Safari < 10.1 - Same Origin Policy Bypass via WebKit

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

by Google Security Research

CVSS 6.5

View

CVE-2017-2442 EXPLOITDB MEDIUM html VERIFIED

Safari < 10.1 - Same Origin Policy Bypass via WebKit JavaScript Bindings

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. The issue involves the "WebKit JavaScript Bindings" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.

by Google Security Research

CVSS 6.5

View

CVE-2017-2454 EXPLOITDB HIGH html VERIFIED

Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

by Google Security Research

CVSS 8.8

View

CVE-2017-2459 EXPLOITDB HIGH html VERIFIED

Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

by Google Security Research

CVSS 8.8

View

CVE-2017-2476 EXPLOITDB HIGH html VERIFIED

Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

by Google Security Research

CVSS 8.8

View

CVE-2017-2471 EXPLOITDB HIGH html VERIFIED

Safari < 10.1 - Remote Code Execution via Use-After-Free in WebKit

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. watchOS before 3.2 is affected. The issue involves the "WebKit" component. A use-after-free vulnerability allows remote attackers to execute arbitrary code via a crafted web site.

by Google Security Research

CVSS 8.8

View

CVE-2017-2455 EXPLOITDB HIGH html VERIFIED

Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

by Google Security Research

CVSS 8.8

View

CVE-2017-2460 EXPLOITDB HIGH html VERIFIED

Safari < 10.0.3 - Remote Code Execution via WebKit Memory Corruption

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

by Google Security Research

CVSS 8.8

View

CVE-2017-2466 EXPLOITDB HIGH html VERIFIED

Safari < 10.1 - Remote Code Execution via WebKit Memory Corruption

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.

by Google Security Research

CVSS 8.8

View

CVE-2017-2447 EXPLOITDB HIGH html VERIFIED

Safari < 10.1 - Memory Corruption via Crafted Web Site

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to obtain sensitive information or cause a denial of service (memory corruption) via a crafted web site.

by Google Security Research

CVSS 8.1

View

CVE-2017-2446 EXPLOITDB HIGH html VERIFIED

Apple <10.3 - Remote Code Execution

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode functions.

by Google Security Research

CVSS 8.8

View

CVE-2017-2446 EXPLOITDB HIGH html VERIFIED

Apple <10.3 - Remote Code Execution

An issue was discovered in certain Apple products. iOS before 10.3 is affected. Safari before 10.1 is affected. tvOS before 10.2 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code via a crafted web site that leverages the mishandling of strict mode functions.

by Google Security Research

CVSS 8.8

View