Html Exploits
2,075 exploits tracked across all sources.
Mobiketa 1.0 - Cross-Site Request Forgery (Add Admin)
by Murat Yilmazlar
miniMySQLAdmin 1.1.3 - Cross-Site Request Forgery (SQL Execution)
by HaHwul
Dream Gallery 1.0 - Cross-Site Request Forgery (Add Admin)
by Ali Ghanbari
ArticleSetup 1.00 - Cross-Site Request Forgery (Change Admin Password)
by Ali Ghanbari
Flatpress 1.0.3 - Cross-Site Request Forgery / Arbitrary File Upload
by LiquidWorm
Baidu Spark Browser 43.23.1000.476 - Address Bar URL Spoofing
by liu zhu
EMC ViPR SRM < 3.6.4 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in administrative pages in EMC ViPR SRM before 3.7 allow remote attackers to hijack the authentication of administrators.
by Han Sahin
CVSS 8.8
Microsoft Internet Explorer 11 - MSHTML!CMarkupPointer::UnEmbed Use-After-Free
by Marcin Ressel
Microsoft Internet Explorer <11 - Info Disclosure
Microsoft Internet Explorer 9 through 11 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Internet Explorer Information Disclosure Vulnerability."
by Ashfaq Ansari
Hikvision Digital Video Recorder - Cross-Site Request Forgery
by LiquidWorm
Microsoft Internet Explorer 9-11 and Edge - Remote Code Execution via Memory Corruption
Microsoft Internet Explorer 9 through 11 and Microsoft Edge allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Browser Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0105, CVE-2016-0107, CVE-2016-0112, and CVE-2016-0113.
by Google Security Research
CVSS 7.5
MOBOTIX Video Security Cameras - Cross-Site Request Forgery (Add Admin)
by LiquidWorm
Microsoft Internet Explorer 11 - Remote Code Execution via Memory Corruption
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0102, CVE-2016-0103, CVE-2016-0106, CVE-2016-0109, and CVE-2016-0114.
by Google Security Research
CVSS 7.5
Bluethrust Clan Scripts v4 R17 - Multiple Vulnerabilities
by Brandon Murphy
Internet Explorer 10 and 11 - Remote Code Execution via JScript9 Memory Corruption
JScript 9 in Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "JScript9 Memory Corruption Vulnerability."
by checkpoint
CVSS 8.8
pfSense Firewall 2.2.5 - Config File Cross-Site Request Forgery
by Aatif Shahdad
Trend Micro Password Manager - Command Injection
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.
by Google Security Research
CVSS 9.8
Microsoft Internet Explorer 11.0.9600.18124 EdUtil::GetCommonAncestorElement - Denial of Service
by Marcin Ressel
Internet Explorer 10 - Remote Code Execution via Memory Corruption
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6162.
by Moritz Jodeit
Microsoft Internet Explorer 11.0.9600.18097 - COmWindowProxy::SwitchMarkup NULL PTR
by Marcin Ressel
Arris TG1682G - Unauthenticated XSS
Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter.
by Nu11By73
CVSS 6.1
PHP Server Monitor 3.1.1 - Cross-Site Request Forgery / Privilege Escalation
by hyp3rlinx
By Source