Html Exploits
2,054 exploits tracked across all sources.
VideoLAN VLC Media Player 1.1.4 Mozilla MultiMedia Plugin - Remote Code Execution
by shinnai
Travel Portal Script - Cross-Site Request Forgery (Admin Password Change)
by KnocKout
sNews 1.7 - 'snews.php' Cross-Site Scripting / HTML Injection
by High-Tech Bridge SA
Event Ticket Portal Script Admin Password Change - Cross-Site Request Forgery
by KnocKout
Mozilla Firefox <3.5.14 & <3.6.11 - Buffer Overflow
Stack-based buffer overflow in the text-rendering functionality in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a long argument to the document.write method.
by Alexander Miller
Oracle Java - APPLET Tag Children Property Memory Corruption
by Skylined
Microsoft Windows Media Player <12 - Code Injection
Microsoft Windows Media Player (WMP) 9 through 12 does not properly deallocate objects during a browser reload action, which allows user-assisted remote attackers to execute arbitrary code via crafted media content referenced in an HTML document, aka "Windows Media Player Memory Corruption Vulnerability."
by Skylined
OPEN IT OverLook 5.0 - XSS
Cross-site scripting (XSS) vulnerability in title.php in OPEN IT OverLook 5.0 allows remote attackers to inject arbitrary web script or HTML via the frame parameter.
by Anatolia Security
Docebo 3.6 - 'description' Cross-Site Scripting
by High-Tech Bridge SA
Research In Motion BlackBerry Device Software 4.7.1 - Cross Domain Information Disclosure
by 599eme Man
GetSimple CMS 2.01 - XSS
Cross-site scripting (XSS) vulnerability in admin/changedata.php in GetSimple CMS 2.01 allows remote attackers to inject arbitrary web script or HTML via the post-title parameter.
by High-Tech Bridge SA
Microsoft Windows 7 - Code Injection
The Cinepak codec in Microsoft Windows XP SP2 and SP3, Windows Vista SP1 and SP2, and Windows 7 does not properly decompress media files, which allows remote attackers to execute arbitrary code via a crafted file, aka "Cinepak Codec Decompression Vulnerability."
by Abysssec
Novell iPrint Client Browser Plugin - ExecuteRequest debug Stack Overflow
by Abysssec
Microsoft Internet Explorer 6-8 - Info Disclosure
Microsoft Internet Explorer 6 through 8 does not properly handle unspecified special characters in Cascading Style Sheets (CSS) documents, which allows remote attackers to obtain sensitive information from a different (1) domain or (2) zone via a crafted web site, aka "CSS Special Character Information Disclosure Vulnerability."
by Chris Evans
Trend Micro Internet Security Pro 2010 - ActiveX 'extSetOwner()' Remote Code Execution (2)
by Abysssec
ArtGK CMS - Cross-Site Scripting / HTML Injection
by High-Tech Bridge SA
Hycus CMS 1.0.1 - Multiple Cross-Site Request Forgery Vulnerabilities
by 10n1z3d
Flock Browser 3.0.0.3989 - XSS
Cross-site scripting (XSS) vulnerability in Flock Browser 3.0.0.3989 allows remote attackers to inject arbitrary web script or HTML via a crafted bookmark.
by Lostmon
Microsoft Internet Explorer 8 - Auth Bypass
The toStaticHTML function in Microsoft Internet Explorer 8, and the SafeHTML function in Microsoft Windows SharePoint Services 3.0 SP2, SharePoint Foundation 2010, Office SharePoint Server 2007 SP2, Groove Server 2010, and Office Web Apps, allows remote attackers to bypass the cross-site scripting (XSS) protection mechanism and conduct XSS attacks via a crafted use of the Cascading Style Sheets (CSS) @import rule, aka "HTML Sanitization Vulnerability," a different vulnerability than CVE-2010-1257.
by Mario Heiderich
CMSimple 3.3 - Cross-Site Scripting / Cross-Site Request Forgery
by High-Tech Bridge SA
By Source