Html Exploits

2,054 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-115512 EXPLOITDB html VERIFIED
Kaspersky Internet Security - Remote Denial of Service
by CXsecurity
EIP-2026-110353 EXPLOITDB html VERIFIED
osCMax 2.5 - Cross-Site Request Forgery
by TUNISIAN CYBER
CVE-2013-7246 EXPLOITDB html VERIFIED
DaumGame ActiveX <1.1.0.5 - RCE
Buffer overflow in the IconCreate method in an ActiveX control in the DaumGame ActiveX plugin 1.1.0.4 and 1.1.0.5 allows remote attackers to execute arbitrary code via a long string, as exploited in the wild in January 2014.
by Trustwave's SpiderLabs
CVE-2013-6040 EXPLOITDB HIGH html
MW6 Aztec, DataMatrix, MaxiCode <4.0 - RCE
MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls before version 4.0 vulnerable to arbitrary code via a crafted HTML document. Latest versions (4.0) of MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls have resolved the issue
by Pedro Ribeiro
CVSS 8.1
CVE-2013-6040 EXPLOITDB HIGH html
MW6 Aztec, DataMatrix, MaxiCode <4.0 - RCE
MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls before version 4.0 vulnerable to arbitrary code via a crafted HTML document. Latest versions (4.0) of MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls have resolved the issue
by Pedro Ribeiro
CVSS 8.1
CVE-2013-6040 EXPLOITDB HIGH html
MW6 Aztec, DataMatrix, MaxiCode <4.0 - RCE
MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls before version 4.0 vulnerable to arbitrary code via a crafted HTML document. Latest versions (4.0) of MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls have resolved the issue
by Pedro Ribeiro
CVSS 8.1
EIP-2026-105539 EXPLOITDB html VERIFIED
BloofoxCMS - '/admin/index.php' Cross-Site Request Forgery (Add Admin)
by AtT4CKxT3rR0r1ST
EIP-2026-111092 EXPLOITDB html
PHPJabbers Property Listing Script 2.0 - Cross-Site Request Forgery (Add Admin)
by HackXBack
EIP-2026-111090 EXPLOITDB html
PHPJabbers Pet Listing Script 1.0 - Multiple Vulnerabilities
by HackXBack
EIP-2026-105305 EXPLOITDB html
Auto Classifieds Script 2.0 - Cross-Site Request Forgery (Add Admin)
by HackXBack
EIP-2026-101730 EXPLOITDB html
Feixun Wireless Router FWR-604H - Remote Code Execution
by Arash Abedian
EIP-2026-105646 EXPLOITDB html VERIFIED
Built2Go PHP Shopping - Cross-Site Request Forgery (Admin Password)
by AtT4CKxT3rR0r1ST
EIP-2026-106575 EXPLOITDB html VERIFIED
Dredge School Administration System - '/DSM/loader.php' Cross-Site Request Forgery (Admin Account Manipulation)
by AtT4CKxT3rR0r1ST
CVE-2014-1915 EXPLOITDB html VERIFIED
Command School Student Management System 1.06.01 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to hijack the authentication of (1) administrators for requests that change the administrator password via an update action to sw/admin_change_password.php or (2) unspecified victims for requests that add a topic or blog entry to sw/add_topic.php. NOTE: vector 2 can be leveraged to bypass the authentication requirements for exploiting vector 1 in CVE-2014-1914.
by AtT4CKxT3rR0r1ST
CVE-2014-1915 EXPLOITDB html VERIFIED
Command School Student Management System 1.06.01 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to hijack the authentication of (1) administrators for requests that change the administrator password via an update action to sw/admin_change_password.php or (2) unspecified victims for requests that add a topic or blog entry to sw/add_topic.php. NOTE: vector 2 can be leveraged to bypass the authentication requirements for exploiting vector 1 in CVE-2014-1914.
by AtT4CKxT3rR0r1ST
EIP-2026-111289 EXPLOITDB html VERIFIED
Piwigo - 'admin.php' Cross-Site Request Forgery (User Creation)
by sajith
CVE-2013-6797 EXPLOITDB html VERIFIED
Sunil Nanda Blue Wrench Video Widget < 1.0.5 - CSRF
Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that embed arbitrary URLs via the bw_url parameter in the bw-videos page to wp-admin/admin.php, as demonstrated by embedding a URL to a JavaScript file.
by Haider Mahmood
EIP-2026-101342 EXPLOITDB html VERIFIED
LevelOne WBR-3406TX Router - Cross-Site Request Forgery
by Yakir Wizman
CVE-2013-6275 EXPLOITDB MEDIUM html
Horde Groupware < 5.1.2 - CSRF
Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.
by Marcela Benetrix
CVSS 6.5
EIP-2026-102489 EXPLOITDB html VERIFIED
JReport - 'dealSchedules.jsp' Cross-Site Request Forgery
by Poonam Singh
EIP-2026-118247 EXPLOITDB html
Aladdin Knowledge Systems Ltd. PrivAgent - ActiveX Control Overflow
by blake
CVE-2013-6826 EXPLOITDB html VERIFIED
Fortinet Fortianalyzer Firmware < 5.0.4 - CSRF
cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks.
by William Costa
EIP-2026-118684 EXPLOITDB html
Indusoft Thin Client 7.1 - ActiveX Buffer Overflow
by blake
EIP-2026-116269 EXPLOITDB html
SolarWinds Server and Application Monitor - ActiveX 'Pepco32c' Buffer Overflow
by blake
EIP-2026-118766 EXPLOITDB html
McKesson - ActiveX File/Environmental Variable Enumeration
by blake
By Source
All 2,054 Exploitdb 50,123 Writeup 46,621 Nomisec 21,121 Metasploit 3,189 Github 2,231 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,731 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 259 c++ 245 shell 68 go 41 postscript 25 xml 24