Html Exploits
2,054 exploits tracked across all sources.
IBM Lotus Domino <8.x - Auth Bypass
The remote console in the Server Controller in IBM Lotus Domino 7.x and 8.x verifies credentials against a file located at a UNC share pathname specified by the client, which allows remote attackers to bypass authentication, and consequently execute arbitrary code, by placing this pathname in the COOKIEFILE field. NOTE: this might overlap CVE-2011-0920.
by Alexey Sintsov
Hotaru Search Plugin - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Hotaru.php in the Search plugin 1.3 for Hotaru CMS allow remote attackers to inject arbitrary web script or HTML via the (1) SITE_NAME parameter to admin_index.php, or the (2) return and (3) search parameters to index.php. NOTE: some of these details are obtained from third party information.
by Gjoko Krstic
Oracle Hyperion Strategic Finance < 12.0 - Memory Corruption
Heap-based buffer overflow in the SetDevNames method of the Tidestone Formula One ActiveX control (TTF16.ocx) 6.3.5 Build 1 in Oracle Hyperion Strategic Finance 12.x and possibly earlier allows remote attackers to execute arbitrary code via a long string to the DriverName parameter.
by rgod
Oracle AutoVue 20.0.1 - 'AutoVueX.ocx' ActiveX Control 'ExportEdaBom()' Insecure Method
by rgod
Mozilla Seamonkey < 3.6.17 - Numeric Error
Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.
by ryujin
Microsoft Internet Explorer 8 - RCE
Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability."
by Ivan Fratric
DivX Plus Web Player - 'file://' Buffer Overflow (PoC)
by Snake
Mambo 4.6.5 - 'index.php' Cross-Site Request Forgery
by Caddy-Dz
F-Secure (Multiple Products) - ActiveX HeapSpray Overwrite (SEH)
by 41.w4r10r
StudioLine Photo Basic 3.70.34.0 - 'NMSDVDXU.dll' ActiveX Control Arbitrary File Overwrite
by High-Tech Bridge SA
Mozilla Firefox <3.5.19 & SeaMonkey <2.0.14 - Use After Free
Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel.
by mr_me
Dell IT Assistant - detectIESettingsForITA.ocx ActiveX Control
by rgod
Pandora Fms 3.2.1 - Cross-Site Request Forgery
by mehdi boukazoula
Pro Softnet IDrive Online Backup 3.4.0 - ActiveX 'SaveToFile()' Arbitrary File Overwrite
by High-Tech Bridge SA
iMesh 10.0 - 'IMWebControl.dll' ActiveX Control Buffer Overflow
by KedAns-Dz
CygniCon CyViewer - ActiveX Control 'SaveData()' Insecure Method
by High-Tech Bridge SA
LeadTools Imaging LEADSmtp - ActiveX Control 'SaveMessage()' Insecure Method
by High-Tech Bridge SA
Easewe FTP OCX ActiveX Control 4.5.0.9 - 'EaseWeFtp.ocx' Multiple Insecure Method Vulnerabilities
by High-Tech Bridge SA
Black Ice Fax Voice SDK 12.6 - Remote Code Execution
by mr_me
Opera Browser - Resource Management Error
Opera 11.11 allows remote attackers to cause a denial of service (application crash) by setting the FACE attribute of a FONT element within an IFRAME element after changing the SRC attribute of this IFRAME element to an about:blank value.
by echo
By Source