Html Exploits

2,054 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-4877 EXPLOITDB html VERIFIED
FlatnuX CMS <2011 08.09.2 - CSRF
Cross-site request forgery (CSRF) vulnerability in controlcenter.php in FlatnuX CMS 2011 08.09.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts.
by Vulnerability Laboratory
EIP-2026-118277 EXPLOITDB html VERIFIED
Apple Safari 5.1.5 For Windows - 'window.open()' URI Spoofing
by Lostmon
CVE-2012-0699 EXPLOITDB HIGH html VERIFIED
Family Connections CMS <2.9 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Family Connections CMS (aka FCMS) 2.9 and earlier allow remote attackers to hijack the authentication of arbitrary users for requests that (1) add news via an add action to familynews.php or (2) add a prayer via an add action to prayers.php.
by Ahmed Elhady Mohamed
CVSS 8.8
EIP-2026-111174 EXPLOITDB html VERIFIED
PHPMyVisites 2.4 - 'PHPmv2/index.php' Multiple Cross-Site Scripting Vulnerabilities
by AkaStep
EIP-2026-112772 EXPLOITDB html VERIFIED
Traidnt Topics Viewer 2.0 - 'main.php' Cross-Site Request Forgery
by Green Hornet
CVE-2012-1039 EXPLOITDB html VERIFIED
Dotclear <2.4.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Dotclear before 2.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) login_data parameter to admin/auth.php; (2) nb parameter to admin/blogs.php; (3) type, (4) sortby, (5) order, or (6) status parameters to admin/comments.php; or (7) page parameter to admin/plugin.php.
by High-Tech Bridge SA
CVE-2011-2371 EXPLOITDB html
Mozilla Seamonkey < 3.6.17 - Numeric Error
Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.
by pa_kt
CVE-2012-5319 EXPLOITDB html VERIFIED
D-Link - CSRF
Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the rootpass parameter.
by Rigan Iimrigan
CVE-2012-5319 EXPLOITDB html
D-Link - CSRF
Cross-site request forgery (CSRF) vulnerability in setup/security.cgi in D-Link DCS-900, DCS-2000, and DCS-5300 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via the rootpass parameter.
by rigan
CVE-2012-1414 EXPLOITDB html
Plume-cms Plume Cms < 1.2.4 - CSRF
Cross-site request forgery (CSRF) vulnerability in manager/news.php in Plume CMS 1.2.4 and earlier allows remote attackers to hijack the authentication of administrators for requests that create News pages via a publish action.
by Ivano Binetti
CVE-2012-1203 EXPLOITDB html
Syndeocms < 3.0.00 - CSRF
Cross-site request forgery (CSRF) vulnerability in starnet/index.php in SyndeoCMS 3.0 and earlier allows remote attackers to hijack the authentication of administrators for requests that add user accounts via a save_user action.
by Ivano Binetti
EIP-2026-105116 EXPLOITDB html
almnzm 2.4 - Cross-Site Request Forgery (Add Admin)
by HaNniBaL KsA
CVE-2012-1416 EXPLOITDB html
Socialcms - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in SocialCMS 1.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add administrator accounts via a member_new action to my_admin/admin1_members.php or (2) modify the default site title via a save action to my_admin/admin1_configuration.php.
by Ivano Binetti
EIP-2026-101212 EXPLOITDB html VERIFIED
D-Link DAP-1150 1.2.94 - Cross-Site Request Forgery
by MustLive
CVE-2011-4403 EXPLOITDB html VERIFIED
Zen Cart 1.3.9h - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setflag action to categories.php.
by DisK0nn3cT
CVE-2012-1058 EXPLOITDB html
Flyspray 0.9.9.6 - CSRF
Cross-site request forgery (CSRF) vulnerability in Flyspray 0.9.9.6 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an admin.newuser action to index.php.
by Vaibhav Gupta
EIP-2026-116049 EXPLOITDB html
PDF Viewer Component - ActiveX Denial of Service
by Senator of Pirates
CVE-2012-1220 EXPLOITDB html
Devincentiis Gazie < 5.20 - CSRF
Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that change account information via an update action, as demonstrated by changing the password.
by Giuseppe D'Inverno
EIP-2026-115208 EXPLOITDB html
Edraw Diagram Component 5 - ActiveX Buffer Overflow (Denial of Service) (PoC)
by Senator of Pirates
CVE-2010-2300 EXPLOITDB html
Google Chrome < 5.0.375.70 - Use After Free
Use-after-free vulnerability in the Element::normalizeAttributes function in dom/Element.cpp in WebCore in WebKit in Google Chrome before 5.0.375.70 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via vectors related to handlers for DOM mutation events, aka rdar problem 7948784. NOTE: this might overlap CVE-2010-1759.
by MJ Keith
CVE-2012-0053 EXPLOITDB html VERIFIED
Apache HTTP Server <2.2.21 - Info Disclosure
protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.
by pilate
CVE-2011-0748 EXPLOITDB html VERIFIED
Tincan Phplist < 2.10.12 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in phpList before 2.10.13 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) edit administrator accounts.
by Cyber-Crystal
CVE-2012-5005 EXPLOITDB html
VR GPub 4.0 - CSRF
Cross-site request forgery (CSRF) vulnerability in admin/admin_options.php in VR GPub 4.0 allows remote attackers to hijack the authentication of admins for requests that add admin accounts via an add action.
by Cyber-Crystal
CVE-2012-5228 EXPLOITDB html VERIFIED
phplist <2.10.19 - XSS
Cross-site scripting (XSS) vulnerability in admin/index.php in phplist 2.10.9, 2.10.17, and possibly other versions before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the testtarget parameter. NOTE: some of these details are obtained from third party information.
by Cyber-Crystal
CVE-2011-4162 EXPLOITDB html VERIFIED
HP Protect Tools Device Access Manager <6.1.0.1 - RCE
The (1) AddUser, (2) AddUserEx, (3) RemoveUser, (4) RemoveUserByGuide, (5) RemoveUserEx, and (6) RemoveUserRegardless methods in HP Protect Tools Device Access Manager (PTDAM) before 6.1.0.1 allow remote attackers to execute arbitrary code or cause a denial of service (heap memory corruption) via a long SidString argument.
by High-Tech Bridge SA
By Source
All 2,054 Exploitdb 50,150 Writeup 46,624 Nomisec 21,124 Metasploit 3,189 Github 2,234 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,343 ruby 5,920 python 5,756 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 260 c++ 246 shell 68 go 41 postscript 25 xml 24