Html Exploits
2,075 exploits tracked across all sources.
MW6 Aztec, DataMatrix, MaxiCode <4.0 - RCE
MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls before version 4.0 vulnerable to arbitrary code via a crafted HTML document. Latest versions (4.0) of MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls have resolved the issue
by Pedro Ribeiro
CVSS 8.1
MW6 Aztec, DataMatrix, MaxiCode <4.0 - RCE
MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls before version 4.0 vulnerable to arbitrary code via a crafted HTML document. Latest versions (4.0) of MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls have resolved the issue
by Pedro Ribeiro
CVSS 8.1
MW6 Aztec, DataMatrix, MaxiCode <4.0 - RCE
MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls before version 4.0 vulnerable to arbitrary code via a crafted HTML document. Latest versions (4.0) of MW6 Aztec, DataMatrix, and MaxiCode ActiveX controls have resolved the issue
by Pedro Ribeiro
CVSS 8.1
BloofoxCMS - '/admin/index.php' Cross-Site Request Forgery (Add Admin)
by AtT4CKxT3rR0r1ST
PHPJabbers Property Listing Script 2.0 - Cross-Site Request Forgery (Add Admin)
by HackXBack
PHPJabbers Pet Listing Script 1.0 - Multiple Vulnerabilities
by HackXBack
Auto Classifieds Script 2.0 - Cross-Site Request Forgery (Add Admin)
by HackXBack
Feixun Wireless Router FWR-604H - Remote Code Execution
by Arash Abedian
Built2Go PHP Shopping - Cross-Site Request Forgery (Admin Password)
by AtT4CKxT3rR0r1ST
Dredge School Administration System - '/DSM/loader.php' Cross-Site Request Forgery (Admin Account Manipulation)
by AtT4CKxT3rR0r1ST
Command School Student Management System 1.06.01 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to hijack the authentication of (1) administrators for requests that change the administrator password via an update action to sw/admin_change_password.php or (2) unspecified victims for requests that add a topic or blog entry to sw/add_topic.php. NOTE: vector 2 can be leveraged to bypass the authentication requirements for exploiting vector 1 in CVE-2014-1914.
by AtT4CKxT3rR0r1ST
Command School Student Management System 1.06.01 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to hijack the authentication of (1) administrators for requests that change the administrator password via an update action to sw/admin_change_password.php or (2) unspecified victims for requests that add a topic or blog entry to sw/add_topic.php. NOTE: vector 2 can be leveraged to bypass the authentication requirements for exploiting vector 1 in CVE-2014-1914.
by AtT4CKxT3rR0r1ST
Piwigo - 'admin.php' Cross-Site Request Forgery (User Creation)
by sajith
Blue Wrench Video Widget < 2.0.0 - Cross-Site Request Forgery via bw_url Parameter
Cross-site request forgery (CSRF) vulnerability in bluewrench-video-widget.php in the Blue Wrench Video Widget plugin before 2.0.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that embed arbitrary URLs via the bw_url parameter in the bw-videos page to wp-admin/admin.php, as demonstrated by embedding a URL to a JavaScript file.
by Haider Mahmood
LevelOne WBR-3406TX Router - Cross-Site Request Forgery
by Yakir Wizman
Horde Groupware < 5.1.2 - Cross-Site Request Forgery in basic.php
Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.
by Marcela Benetrix
CVSS 6.5
JReport - 'dealSchedules.jsp' Cross-Site Request Forgery
by Poonam Singh
Aladdin Knowledge Systems Ltd. PrivAgent - ActiveX Control Overflow
by blake
FortiAnalyzer < 5.0.5 - Cross-Site Request Forgery via csrf_token Parameter
cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks.
by William Costa
SolarWinds Server and Application Monitor - ActiveX 'Pepco32c' Buffer Overflow
by blake
Mitsubishi Electric Automation MC-WorX Suite 8.02 - RCE
An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click.
by blake
WordPress Plugin Event Easy Calendar - Multiple Cross-Site Request Forgery Vulnerabilities
by anonymous
WellinTech KingView < 6.53 - Arbitrary File Write via SUPERGRIDLib.SuperGrid ReplaceDBFile Method
The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the two pathname arguments, as demonstrated by a directory traversal attack.
by blake
By Source