Html Exploits
2,076 exploits tracked across all sources.
Hotaru CMS Search Plugin 1.3 - Cross-Site Scripting via SITE_NAME, return, or search Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Hotaru.php in the Search plugin 1.3 for Hotaru CMS allow remote attackers to inject arbitrary web script or HTML via the (1) SITE_NAME parameter to admin_index.php, or the (2) return and (3) search parameters to index.php. NOTE: some of these details are obtained from third party information.
by Gjoko Krstic
Oracle Hyperion Strategic Finance < 12.0 - Remote Code Execution via ActiveX SetDevNames
Heap-based buffer overflow in the SetDevNames method of the Tidestone Formula One ActiveX control (TTF16.ocx) 6.3.5 Build 1 in Oracle Hyperion Strategic Finance 12.x and possibly earlier allows remote attackers to execute arbitrary code via a long string to the DriverName parameter.
by rgod
Oracle AutoVue 20.0.1 - 'AutoVueX.ocx' ActiveX Control 'ExportEdaBom()' Insecure Method
by rgod
SeaMonkey through 2.0.14 - Remote Code Execution via Array.reduceRight Integer Overflow
Integer overflow in the Array.reduceRight method in Mozilla Firefox before 3.6.18 and 4.x through 4.0.1, Thunderbird before 3.1.11, and SeaMonkey through 2.0.14 allows remote attackers to execute arbitrary code via vectors involving a long JavaScript Array object.
by ryujin
Microsoft Internet Explorer 8 - RCE
Microsoft Internet Explorer 8 does not properly allocate and access memory, which allows remote attackers to execute arbitrary code via vectors involving a "dereferenced memory address," aka "Select Element Remote Code Execution Vulnerability."
by Ivan Fratric
DivX Plus Web Player - 'file://' Buffer Overflow (PoC)
by Snake
Mambo 4.6.5 - 'index.php' Cross-Site Request Forgery
by Caddy-Dz
F-Secure (Multiple Products) - ActiveX HeapSpray Overwrite (SEH)
by 41.w4r10r
StudioLine Photo Basic 3.70.34.0 - 'NMSDVDXU.dll' ActiveX Control Arbitrary File Overwrite
by High-Tech Bridge SA
Mozilla Firefox <3.5.19 & SeaMonkey <2.0.14 - Use After Free
Use-after-free vulnerability in Mozilla Firefox before 3.5.19 and 3.6.x before 3.6.17, and SeaMonkey before 2.0.14, allows remote attackers to execute arbitrary code via vectors related to OBJECT's mChannel.
by mr_me
Dell IT Assistant - detectIESettingsForITA.ocx ActiveX Control
by rgod
Pandora Fms 3.2.1 - Cross-Site Request Forgery
by mehdi boukazoula
Pro Softnet IDrive Online Backup 3.4.0 - ActiveX 'SaveToFile()' Arbitrary File Overwrite
by High-Tech Bridge SA
iMesh 10.0 - 'IMWebControl.dll' ActiveX Control Buffer Overflow
by KedAns-Dz
CygniCon CyViewer - ActiveX Control 'SaveData()' Insecure Method
by High-Tech Bridge SA
LeadTools Imaging LEADSmtp - ActiveX Control 'SaveMessage()' Insecure Method
by High-Tech Bridge SA
Easewe FTP OCX ActiveX Control 4.5.0.9 - 'EaseWeFtp.ocx' Multiple Insecure Method Vulnerabilities
by High-Tech Bridge SA
Black Ice Fax Voice SDK 12.6 - Remote Code Execution
by mr_me
Opera 11.11 - Denial of Service via FONT FACE Attribute in IFRAME
Opera 11.11 allows remote attackers to cause a denial of service (application crash) by setting the FACE attribute of a FONT element within an IFRAME element after changing the SRC attribute of this IFRAME element to an about:blank value.
by echo
The Pacer Edition CMS 2.1 - 'email' Cross-Site Scripting
by LiquidWorm
By Source