Html Exploits
2,054 exploits tracked across all sources.
ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery (Add New Author)
by Besim
Spacemarc News - Cross-Site Request Forgery (Add New Post)
by Besim
Maian Weblog 4.0 - Cross-Site Request Forgery (Add New Post)
by Besim
Microsoft Internet Explorer 11.0.9600.18482 - Use After Free
by Marcin Ressel
ZKTeco ZKAccess Security System 5.3.1 Stored XSS
ZKTeco ZKAccess Security System 5.3.1 contains a stored cross-site scripting vulnerability that allows attackers to execute arbitrary HTML and script code by injecting malicious payloads through the 'holiday_name' and 'memo' POST parameters. Attackers can submit crafted requests with script code in these parameters to compromise user browser sessions and steal sensitive information.
by LiquidWorm
CVSS 7.2
ZKTeco ZKBioSecurity 3.0 Cross-Site Request Forgery Superadmin
ZKTeco ZKBioSecurity 3.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious websites. Attackers can craft HTTP requests that add superadmin accounts without validity checks, enabling unauthorized administrative access when authenticated users visit attacker-controlled pages.
by LiquidWorm
CVSS 4.3
RSS News AutoPilot Script 1.0.1/3.0.3 - Cross-Site Request Forgery
by Arbin Godar
Microsoft Internet Explorer - Memory Corruption
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code via a crafted web page, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-3290.
by Google Security Research
CVSS 7.5
Technicolor Xfinity Gateway Router Dpc3941t Firmware - CSRF
CSRF vulnerability on Technicolor TC dpc3941T (formerly Cisco dpc3941T) devices with firmware dpc3941-P20-18-v303r20421733-160413a-CMCST allows an attacker to change the Wi-Fi password, open the remote management interface, or reset the router.
by Ayushman Dutta
CVSS 8.0
NUUO NVRmini 2 3.0.8 - Cross-Site Request Forgery (Add Admin)
by LiquidWorm
WebKit - TypedArray.fill Memory Corruption
by Google Security Research
WebKit - TypedArray.copyWithin Memory Corruption
by Google Security Research
Wowza Streaming Engine 4.5.0 CSRF via user edit endpoint
Wowza Streaming Engine 4.5.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by crafting malicious web pages. Attackers can trick logged-in administrators into visiting a malicious site that submits POST requests to the user edit endpoint to create new admin accounts with arbitrary credentials.
by LiquidWorm
CVSS 5.3
Wowza Streaming Engine 4.5.0 Privilege Escalation via user edit
Wowza Streaming Engine 4.5.0 contains a privilege escalation vulnerability that allows authenticated read-only users to elevate privileges to administrator by manipulating POST parameters. Attackers can send POST requests to the user edit endpoint with accessLevel set to 'admin' and advUser parameters set to 'true' and 'on' to gain administrative access.
by LiquidWorm
CVSS 8.8
WordPress Plugin Video Player 1.5.16 - SQL Injection
by David Vaartjes
Ubiquiti Administration Portal - Remote Command Execution (via Cross-Site Request Forgery)
by KoreLogic
XuezhuLi FileSharing - Cross-Site Request Forgery (Add User)
by HaHwul
Microsoft Internet Explorer 9-11 - Code Injection
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0200 and CVE-2016-3211.
by Skylined
CVSS 8.8
IonizeCMS 1.0.8 - Cross-Site Request Forgery (Add Admin)
by s0nk3y
WordPress Plugin Ultimate Product Catalog 3.8.1 - Privilege Escalation
by i0akiN SEC-LABORATORY
By Source