Html Exploits
2,075 exploits tracked across all sources.
Dream CMS 2.3.0 - Cross-Site Request Forgery (Add Extension) / Arbitrary File Upload / PHP Code Execution
by LiquidWorm
Microsoft Internet Explorer 11 - Stack Underflow Crash (PoC)
by Mjx
Auto-Exchanger 5.1.0 - Cross-Site Request Forgery via Password Change Request
Cross-site request forgery (CSRF) vulnerability in Auto-Exchanger 5.1.0 allows remote attackers to hijack the authentication of users for requests that change a password via a request to signup.php.
by Aryan Bayaninejad
Contact Form Generator < 2.0.1 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in the Contact Form Generator plugin 2.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) create a field, (2) update a field, (3) delete a field, (4) create a form, (5) update a form, (6) delete a form, (7) create a template, (8) update a template, (9) delete a template, or (10) conduct cross-site scripting (XSS) attacks via a crafted request to the cfg_forms page in wp-admin/admin.php.
by i0akiN SEC-LABORATORY
GPON Home Router FTP G-93RG1 - Cross-Site Request Forgery / Command Execution
by Phan Thanh Duy
Pligg CMS 2.0.2 - Cross-Site Request Forgery via Admin User Addition
Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via a request to admin/admin_users.php.
by Arash Khazaei
Microsoft Internet Explorer 8-11 - Remote Code Execution via Memory Corruption
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2442.
by Blue Frost Security GmbH
Microweber 1.0.3 - Persistent Cross-Site Scripting / Cross-Site Request Forgery (Add Admin)
by LiquidWorm
McAfee SiteAdvisor 3.7.2 - Firefox Use-After-Free (PoC)
by Marcin Ressel
eSellerate SDK 3.6.5.0 - Buffer Overflow via GetWebStoreURL ActiveX Control
Buffer overflow in the GetWebStoreURL function in a certain ActiveX control in eSellerateControl365.dll 3.6.5.0 in eSellerate SDK allows user-assisted remote attackers to execute arbitrary code via a long first argument.
by metacom
Cisco AnyConnect Secure Mobility 2.x/3.x/4.x - Client Denial of Service (PoC)
by LiquidWorm
Microsoft Internet Explorer 11 - Crash (PoC) (2)
by Pawel Wylecial
1 Click Extract Audio 2.3.6 - Activex Buffer Overflow
by metacom
1 Click Audio Converter 2.3.6 - Activex Local Buffer Overflow
by metacom
Microsoft Internet Explorer 11 - Crash (PoC) (1)
by Garage4Hackers
ManageEngine EventLog Analyzer 10.0 Build 10001 - Cross-Site Request Forgery
by Akash S. Chavan
Samsung iPOLiS Device Manager 1.12.2 - Remote Code Execution via ReadConfigValue or WriteConfigValue Function
Buffer overflow in the XnsSdkDeviceIpInstaller.ocx ActiveX control in Samsung iPOLiS Device Manager 1.12.2 allows remote attackers to execute arbitrary code via a long string in the first argument to the (1) ReadConfigValue or (2) WriteConfigValue function.
by Praveen Darshanam
Balero CMS 0.7.2 - Multiple JS/HTML Injection Vulnerabilities
by LiquidWorm
WebGate WinRDS - Stack-Based Buffer Overflow in WESPPlaybackCtrl
Stack-based buffer overflow in the WESPPlayback.WESPPlaybackCtrl.1 control in WebGate WinRDS allows remote attackers to execute arbitrary code via unspecified vectors to the (1) PrintSiteImage, (2) PlaySiteAllChannel, (3) StopSiteAllChannel, or (4) SaveSiteImage function.
by Praveen Darshanam
WebGate Embedded Standard Protocol SDK - Buffer Overflows in LoadImage, LoadImageEx, ChangePassword, Connect, and AddID
Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control, (3) ChangePassword function in the WESPCONFIGLib.UserItem control, Connect function in the (4) WESPSerialPort.WESPSerialPortCtrl.1 or (5) WESPPLAYBACKLib.WESPPlaybackCtrl control, or (6) AddID function in the WESPCONFIGLib.IDList control or a (7) long string to the second argument to the ConnectEx3 function in the WESPPLAYBACKLib.WESPPlaybackCtrl control.
by Praveen Darshanam
WebGate eDVR Manager - Remote Code Execution via Stack-Based Buffer Overflow
Multiple stack-based buffer overflows in WebGate eDVR Manager allow remote attackers to execute arbitrary code via unspecified vectors to the (1) Connect, (2) ConnectEx, or (3) ConnectEx2 function in the WESPEvent.WESPEventCtrl.1 control; (4) AudioOnlySiteChannel function in the WESPPlayback.WESPPlaybackCtrl.1 control; (5) Connect or (6) ConnectEx function in the WESPPTZ.WESPPTZCtrl.1 control; (7) SiteChannel property in the WESPPlayback.WESPPlaybackCtrl.1 control; (8) SiteName property in the WESPPlayback.WESPPlaybackCtrl.1 control; or (9) OpenDVrSSite function in the WESPPTZ.WESPPTZCtrl.1 control.
by Praveen Darshanam
CVSS 8.8
By Source