Html Exploits
2,054 exploits tracked across all sources.
Microsoft Indexing Service - 'ixsso.dll' ActiveX Control Denial of Service
by coolkaveh
SiNG cms - 'Password.php' Cross-Site Scripting
by LiquidWorm
Monstra CMS 1.2.1 - Multiple HTML Injection Vulnerabilities
by LiquidWorm
OpenDocMan 1.2.6.1 - Cross-Site Request Forgery (Password Change)
by Shai rod
Mozilla Firefox - Remote Denial of Service
by Jean Pascal Pereira
WordPress Plugin G-Lock Double Opt-in Manager - SQL Injection
by BEASTIAN
Barcodewiz 'Barcodewiz.dll' ActiveX Control - 'Barcode' Method Remote Buffer Overflow
by coolkaveh
Nwahy Articles 2.2 - Cross-Site Request Forgery (Add Admin)
by DaOne
Fckeditor < 2.6.7 - XSS
Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters.
by Emilio Pinna
SPIP 2.x - Multiple Cross-Site Scripting Vulnerabilities
by anonymous
Joomla! Component IDoEditor - 'image.php' Arbitrary File Upload
by Sammy FORGIT
BMC Identity Management Suite 7.5.00.103 - CSRF
Cross-site request forgery (CSRF) vulnerability in password-manager/changePasswords.do in BMC Identity Management Suite 7.5.00.103 allows remote attackers to hijack the authentication of administrators for requests that change passwords.
by Travis Lee
TinyCMS 1.3 - Arbitrary File Upload / Cross-Site Request Forgery
by KedAns-Dz
4PSA VoIPNow Professional 2.5.3 - Multiple Vulnerabilities
by Aboud-el
Sony VAIO PC Wireless LAN Wizard 1.0-4.11 - Buffer Overflow
Multiple buffer overflows in the Wireless Manager ActiveX control 4.0.0.0 in WifiMan.dll in Sony VAIO PC Wireless LAN Wizard 1.0; VAIO Wireless Wizard 1.00, 1.00_64, 1.0.1, 2.0, and 3.0; SmartWi Connection Utility 4.7, 4.7.4, 4.8, 4.9, 4.10, and 4.11; and VAIO Easy Connect software 1.0.0 and 1.1.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the second argument of the (1) SetTmpProfileOption or (2) ConnectToNetwork method.
by High-Tech Bridge SA
Phpenter Php Enter - Code Injection
Static code injection vulnerability in admin/banners.php in PHP Enter allows remote attackers to inject arbitrary PHP code into horad.php via the code parameter.
by L3b-r1'z
Samsung Net-i Viewer - Memory Corruption
Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls31.dll in Samsung NET-i viewer 1.37 allows remote attackers to execute arbitrary code via a long string in the first argument.
by blake
Anchor CMS 0.6-14-ga85d0a0 - 'id' Multiple HTML Injection Vulnerabilities
by Gjoko Krstic
BGS CMS 2.2.1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
by LiquidWorm
Oscmax < 2.5.0 - SQL Injection
Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php.
by High-Tech Bridge SA
By Source