Html Exploits
2,076 exploits tracked across all sources.
Monstra CMS 1.2.1 - Multiple HTML Injection Vulnerabilities
by LiquidWorm
OpenDocMan 1.2.6.1 - Cross-Site Request Forgery (Password Change)
by Shai rod
Mozilla Firefox - Remote Denial of Service
by Jean Pascal Pereira
WordPress Plugin G-Lock Double Opt-in Manager - SQL Injection
by BEASTIAN
Barcodewiz 'Barcodewiz.dll' ActiveX Control - 'Barcode' Method Remote Buffer Overflow
by coolkaveh
Nwahy Articles 2.2 - Cross-Site Request Forgery (Add Admin)
by DaOne
FCKeditor < 2.6.7 - Cross-Site Scripting via textinputs Array Parameter
Cross-site scripting (XSS) vulnerability in the print_textinputs_var function in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor 2.6.7 and earlier allows remote attackers to inject arbitrary web script or HTML via textinputs array parameters.
by Emilio Pinna
SPIP 2.x - Multiple Cross-Site Scripting Vulnerabilities
by anonymous
Joomla! Component IDoEditor - 'image.php' Arbitrary File Upload
by Sammy FORGIT
BMC Identity Management Suite 7.5.00.103 - CSRF
Cross-site request forgery (CSRF) vulnerability in password-manager/changePasswords.do in BMC Identity Management Suite 7.5.00.103 allows remote attackers to hijack the authentication of administrators for requests that change passwords.
by Travis Lee
TinyCMS 1.3 - Arbitrary File Upload / Cross-Site Request Forgery
by KedAns-Dz
4PSA VoIPNow Professional 2.5.3 - Multiple Vulnerabilities
by Aboud-el
Sony VAIO PC Wireless LAN Wizard 1.0-4.11 - Buffer Overflow
Multiple buffer overflows in the Wireless Manager ActiveX control 4.0.0.0 in WifiMan.dll in Sony VAIO PC Wireless LAN Wizard 1.0; VAIO Wireless Wizard 1.00, 1.00_64, 1.0.1, 2.0, and 3.0; SmartWi Connection Utility 4.7, 4.7.4, 4.8, 4.9, 4.10, and 4.11; and VAIO Easy Connect software 1.0.0 and 1.1.0 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the second argument of the (1) SetTmpProfileOption or (2) ConnectToNetwork method.
by High-Tech Bridge SA
PHP Enter - Remote Code Injection via admin/banners.php code Parameter
Static code injection vulnerability in admin/banners.php in PHP Enter allows remote attackers to inject arbitrary PHP code into horad.php via the code parameter.
by L3b-r1'z
Samsung NET-i viewer 1.37 - Remote Code Execution via RequestScreenOptimization Function
Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls31.dll in Samsung NET-i viewer 1.37 allows remote attackers to execute arbitrary code via a long string in the first argument.
by blake
Anchor CMS 0.6-14-ga85d0a0 - 'id' Multiple HTML Injection Vulnerabilities
by Gjoko Krstic
BGS CMS 2.2.1 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities
by LiquidWorm
osCMax < 2.5.1 - SQL Injection via Admin Panel Parameters
Multiple SQL injection vulnerabilities in the admin panel in osCMax before 2.5.1 allow (1) remote attackers to execute arbitrary SQL commands via the username parameter in a process action to admin/login.php or (2) remote administrators to execute arbitrary SQL commands via the status parameter to admin/stats_monthly_sales.php or (3) country parameter in a process action to admin/create_account_process.php.
by High-Tech Bridge SA
Flatnux < 2011-08-09-2 - Cross-Site Request Forgery in controlcenter.php
Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts.
by Vulnerability Laboratory
Apple Safari 5.1.5 For Windows - 'window.open()' URI Spoofing
by Lostmon
By Source