Html Exploits
2,054 exploits tracked across all sources.
Plogger Gallery 1.0 - Cross-Site Request Forgery (Change Admin Password)
by Or4nG.M4N
Apple Safari < 5.0.2 - Cryptographic Issue
The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171.
by Amit Klein
Apple Safari < 5.0.2 - Cryptographic Issue
The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171.
by Amit Klein
Trend Micro Internet Security 2010 - 'UfPBCtrl.DLL' ActiveX Remote Command Execution
by Dr_IDE
Apple Safari 5.02 - Stack Overflow Denial of Service
by clshack
Apple Safari < 2.1 - Improper Input Validation
WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation.
by Itzhak Avraham
Mozilla Firefox 3.6.12 - Remote Denial of Service
by emgent white_sheep & scox
IBM Omnifind < 9.0 - CSRF
Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do in the administrator interface in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a saveNewUser action.
by Fatih Kilic
LeadTools 11.5.0.9 - 'lttmb11n.ocx' BrowseDir() Access Violation Denial of Service
by Matthew Bergin
LeadTools 11.5.0.9 - 'ltlst11n.ocx' Insert() Access Violation Denial of Service
by Matthew Bergin
LeadTools 11.5.0.9 - 'ltisi11n.ocx' DriverName() Access Violation Denial of Service
by Matthew Bergin
LeadTools 11.5.0.9 - 'ltdlg11n.ocx' GetColorRes() Access Violation Denial of Service
by Matthew Bergin
LeadTools 11.5.0.9 - 'ltdlg11n.ocx' Bitmap Access Violation Denial of Service
by Matthew Bergin
Apple Safari < 2.1 - Improper Input Validation
WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation.
by MJ Keith
Microsoft Internet Explorer - Use After Free
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
by ryujin
CVSS 8.1
Microsoft Internet Explorer - Use After Free
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
by anonymous
CVSS 8.1
Crystal Report Viewer 8.0.0.371 - ActiveX Denial of Service
by Matthew Bergin
VideoLAN VLC Media Player 1.1.x - Calling Convention Remote Buffer Overflow
by shinnai
Mozilla Firefox - Memory Corruption
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
by anonymous
CVSS 9.8
Mozilla Firefox - Memory Corruption
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
by extraexploit
CVSS 9.8
Mozilla Firefox - Memory Corruption
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
by Daniel Veditz
CVSS 9.8
Nitrosecurity Nitroview Esm Software - Improper Input Validation
ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the Request parameter to ess.
by s_n
sNews CMS - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
By Source