Html Exploits
2,054 exploits tracked across all sources.
Microsoft Edge - Information Disclosure
Microsoft Internet Explorer 11 and Microsoft Edge allow remote attackers to obtain sensitive information via a crafted web site, aka "Microsoft Browser Information Disclosure Vulnerability."
by Skylined
CVSS 3.1
Microsoft Internet Explorer - Denial of Service
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
by Skylined
CVSS 8.8
VBScript 5.8.7600.16385/5.8.9600.16384 - RegExpComp::PnodeParse Out-of-Bounds Read
by Skylined
Microsoft VBScript <5.9 - RCE
vbscript.dll in Microsoft VBScript 5.6 through 5.8, as used with Internet Explorer 6 through 11 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "VBScript Memory Corruption Vulnerability."
by Skylined
Microsoft Internet Explorer 9 - MSHTML CPtsTextParaclient::CountApes Out-of-Bounds Read
by Skylined
Nodcms Cross Site Request Forgery via admin endpoints
Nodcms contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized administrative actions by crafting malicious forms. Attackers can trick authenticated administrators into submitting requests to admin/user_manipulate and admin/settings/generall endpoints to create users or modify application settings without explicit consent.
by Amir.ght
CVSS 4.3
Redaxo CMS 5.2 Cross-Site Request Forgery via users endpoint
Redaxo CMS 5.2 contains a cross-site request forgery vulnerability that allows unauthenticated attackers to create administrative user accounts by tricking authenticated administrators into visiting malicious pages. Attackers can craft HTML forms targeting the users endpoint with hidden fields containing admin credentials and account parameters to add new administrator accounts without user consent.
by Amir.ght
CVSS 5.3
Snews CMS 1.7 Cross-Site Request Forgery via changeup
Snews CMS 1.7 contains a cross-site request forgery vulnerability that allows attackers to change administrator credentials without authentication by crafting malicious HTML forms. Attackers can trick authenticated administrators into visiting a page containing a hidden form that submits POST requests to the changeup action, modifying the admin username and password parameters to gain unauthorized access.
by Amir.ght
CVSS 5.3
SweetRice 1.5.1 - Cross-Site Request Forgery / PHP Code Execution
by Ashiyane Digital Security Team
Microsoft Internet Explorer <11 - Code Injection
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability."
by Skylined
Microsoft Internet Explorer 11 - MSHTML CView::CalculateImageImmunity Use-After-Free
by Skylined
SweetRice 1.5.1 - Cross-Site Request Forgery
by Ashiyane Digital Security Team
Microfocus Rumba - Memory Corruption
Stack-based buffer overflow in the PlayMacro function in ObjectXMacro.ObjectXMacro in WdMacCtl.ocx in Micro Focus Rumba 9.x before 9.3 HF 11997 and 9.4.x before 9.4 HF 12815 allows remote attackers to execute arbitrary code via a long MacroName argument. NOTE: some references mention CVE-2016-5226 but that is not a correct ID for any Rumba vulnerability.
by Umit Aksu
CVSS 9.8
Portable UPnP SDK <1.6.21 - Code Injection
Portable UPnP SDK (aka libupnp) before 1.6.21 allows remote attackers to write to arbitrary files in the webroot via a POST request without a registered handler.
by Jacob Baines
CVSS 7.5
Microsoft Edge < 1.2.1 - Memory Corruption
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3389, CVE-2016-7190, and CVE-2016-7194.
by Google Security Research
CVSS 7.5
Microsoft Edge - Memory Corruption
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3386, CVE-2016-3389, and CVE-2016-7190.
by Google Security Research
CVSS 7.5
Microsoft Edge - Memory Corruption
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3386, CVE-2016-3389, and CVE-2016-7194.
by Google Security Research
CVSS 7.5
Microsoft Edge < 1.2.1 - Memory Corruption
The Chakra JavaScript engine in Microsoft Edge allows remote attackers to execute arbitrary code via a crafted web site, aka "Scripting Engine Remote Code Execution Vulnerability."
by Google Security Research
CVSS 7.5
MiCasaVerde VeraLite <1.5.408 - RCE
The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag.
by Jacob Baines
CVSS 8.8
CNDSOFT 2.3 - Cross-Site Request Forgery / Arbitrary File Upload
by Besim
PHP NEWS 1.3.0 - Cross-Site Request Forgery (Add Admin)
by Meryem AKDOĞAN
YouTube Automated CMS 1.0.7 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
by Arbin Godar
Simple Forum PHP 2.4 - Cross-Site Request Forgery (Edit Options)
by Ehsan Hosseini
ApPHP MicroCMS 3.9.5 - Cross-Site Request Forgery (Add Admin)
by Besim
By Source