Html Exploits

2,076 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-3804 EXPLOITDB html VERIFIED
Apple Safari < 5.0.3 - Weak Random Number Generation in JavaScript Implementation
The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171.
by Amit Klein
CVE-2010-3804 EXPLOITDB html VERIFIED
Apple Safari < 5.0.3 - Weak Random Number Generation in JavaScript Implementation
The JavaScript implementation in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, uses a weak algorithm for generating values of random numbers, which makes it easier for remote attackers to track a user by predicting a value, a related issue to CVE-2008-5913 and CVE-2010-3171.
by Amit Klein
EIP-2026-119220 EXPLOITDB html VERIFIED
Trend Micro Internet Security 2010 - 'UfPBCtrl.DLL' ActiveX Remote Command Execution
by Dr_IDE
EIP-2026-103415 EXPLOITDB html VERIFIED
Apple Safari 5.02 - Stack Overflow Denial of Service
by clshack
CVE-2010-1807 EXPLOITDB html VERIFIED
Apple Safari 4.x-5.x - Remote Code Execution via Floating-Point Validation Flaw
WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation.
by Itzhak Avraham
EIP-2026-103573 EXPLOITDB html VERIFIED
Mozilla Firefox 3.6.12 - Remote Denial of Service
by emgent white_sheep & scox
EIP-2026-116127 EXPLOITDB html VERIFIED
Qtweb Browser 3.5 - Buffer Overflow
by PoisonCode
CVE-2010-3891 EXPLOITDB html
IBM OmniFind Enterprise Edition < 9.1 - Cross-Site Request Forgery in Administrator Interface
Cross-site request forgery (CSRF) vulnerability in ESAdmin/security.do in the administrator interface in IBM OmniFind Enterprise Edition before 9.1 allows remote attackers to hijack the authentication of administrators for requests that add an administrative user via a saveNewUser action.
by Fatih Kilic
EIP-2026-115548 EXPLOITDB html
LeadTools 11.5.0.9 - 'lttmb11n.ocx' BrowseDir() Access Violation Denial of Service
by Matthew Bergin
EIP-2026-115547 EXPLOITDB html
LeadTools 11.5.0.9 - 'ltlst11n.ocx' Insert() Access Violation Denial of Service
by Matthew Bergin
EIP-2026-115546 EXPLOITDB html
LeadTools 11.5.0.9 - 'ltisi11n.ocx' DriverName() Access Violation Denial of Service
by Matthew Bergin
EIP-2026-115545 EXPLOITDB html
LeadTools 11.5.0.9 - 'ltdlg11n.ocx' GetColorRes() Access Violation Denial of Service
by Matthew Bergin
EIP-2026-115544 EXPLOITDB html
LeadTools 11.5.0.9 - 'ltdlg11n.ocx' Bitmap Access Violation Denial of Service
by Matthew Bergin
CVE-2010-1807 EXPLOITDB html
Apple Safari 4.x-5.x - Remote Code Execution via Floating-Point Validation Flaw
WebKit in Apple Safari 4.x before 4.1.2 and 5.x before 5.0.2; Android before 2.2; and webkitgtk before 1.2.6; does not properly validate floating-point data, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted HTML document, related to non-standard NaN representation.
by MJ Keith
CVE-2010-3962 EXPLOITDB HIGH html VERIFIED
Microsoft Internet Explorer 6, 7, and 8 - Use-After-Free via CSS Clip Attribute
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
by ryujin
CVSS 8.1
CVE-2010-3962 EXPLOITDB HIGH html VERIFIED
Microsoft Internet Explorer 6, 7, and 8 - Use-After-Free via CSS Clip Attribute
Use-after-free vulnerability in Microsoft Internet Explorer 6, 7, and 8 allows remote attackers to execute arbitrary code via vectors related to Cascading Style Sheets (CSS) token sequences and the clip attribute, aka an "invalid flag reference" issue or "Uninitialized Memory Corruption Vulnerability," as exploited in the wild in November 2010.
by anonymous
CVSS 8.1
EIP-2026-115111 EXPLOITDB html
Crystal Report Viewer 8.0.0.371 - ActiveX Denial of Service
by Matthew Bergin
EIP-2026-119258 EXPLOITDB html VERIFIED
VideoLAN VLC Media Player 1.1.x - Calling Convention Remote Buffer Overflow
by shinnai
CVE-2010-3765 EXPLOITDB CRITICAL html VERIFIED
Mozilla Firefox 3.5.x-3.5.14 and 3.6.x-3.6.11 - Remote Code Execution via nsCSSFrameConstructor
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
by anonymous
CVSS 9.8
CVE-2010-3765 EXPLOITDB CRITICAL html VERIFIED
Mozilla Firefox 3.5.x-3.5.14 and 3.6.x-3.6.11 - Remote Code Execution via nsCSSFrameConstructor
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
by extraexploit
CVSS 9.8
CVE-2010-3765 EXPLOITDB CRITICAL html VERIFIED
Mozilla Firefox 3.5.x-3.5.14 and 3.6.x-3.6.11 - Remote Code Execution via nsCSSFrameConstructor
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via vectors related to nsCSSFrameConstructor::ContentAppended, the appendChild method, incorrect index tracking, and the creation of multiple frames, which triggers memory corruption, as exploited in the wild in October 2010 by the Belmoo malware.
by Daniel Veditz
CVSS 9.8
CVE-2010-4099 EXPLOITDB html VERIFIED
NitroSecurity NitroView ESM 8.4.0a - Remote Command Execution via Request Parameter
ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the Request parameter to ess.
by s_n
EIP-2026-112266 EXPLOITDB html VERIFIED
sNews CMS - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-119257 EXPLOITDB html VERIFIED
VideoLAN VLC Media Player 1.1.4 Mozilla MultiMedia Plugin - Remote Code Execution
by shinnai
EIP-2026-112787 EXPLOITDB html
Travel Portal Script - Cross-Site Request Forgery (Admin Password Change)
by KnocKout
By Source
All 2,076 Writeup 62,313 Exploitdb 50,076 Nomisec 22,418 Github 3,633 Metasploit 3,314 Vulncheck_xdb 929 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,574 ruby 6,005 c 3,628 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 131 go 73 postscript 25 typescript 25