Html Exploits

2,054 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-2305 EXPLOITDB html VERIFIED
Symantec Sygate Personal Firewall - Memory Corruption
Buffer overflow in an ActiveX control in SSHelper.dll for Symantec Sygate Personal Firewall 5.6 build 2808 allows remote attackers to execute arbitrary code via a long third argument to the SetRegString method.
by Lincoln
EIP-2026-112442 EXPLOITDB html VERIFIED
Store Locator - Cross-Site Request Forgery (Add Admin)
by JaMbA
EIP-2026-109201 EXPLOITDB html VERIFIED
log1 CMS 2.0 - Session Handling Remote Security Bypass / Remote File Inclusion
by High-Tech Bridge SA
EIP-2026-117349 EXPLOITDB html VERIFIED
IP2location.dll 1.0.0.1 - Function 'Initialize()' Local Buffer Overflow
by sinn3r
EIP-2026-118637 EXPLOITDB html VERIFIED
Home FTP Server 1.10.3 (build 144) - Cross-Site Request Forgery
by John Leitch
EIP-2026-106687 EXPLOITDB html VERIFIED
Easy Address book WebServer 1.2 - Cross-Site Request Forgery
by Markot
EIP-2026-103876 EXPLOITDB html VERIFIED
Brekeke PBX 2.4.4.8 - 'pbx/gate' Cross-Site Request Forgery
by John Leitch
CVE-2010-2025 EXPLOITDB html VERIFIED
Cisco Scientific Atlanta Webstar Dpc2100r2 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in the web interface on the Cisco Scientific Atlanta WebSTAR DPC2100R2 cable modem with firmware 2.0.2r1256-060303 allow remote attackers to hijack the authentication of administrators for requests that (1) reset the modem, (2) erase the firmware, (3) change the administrative password, (4) install modified firmware, or (5) change the access level, as demonstrated by a request to goform/_aslvl.
by Dan Rosenberg
EIP-2026-117884 EXPLOITDB html VERIFIED
Rumba FTP Client 'FTPSFtp.dll' 4.2.0.0 - 'OpenSession()' Local Buffer Overflow
by sinn3r
CVE-2010-20119 EXPLOITDB HIGH html VERIFIED
CommuniCrypt Mail <=1.16 - Buffer Overflow
CommuniCrypt Mail versions up to and including 1.16 contains a stack-based buffer overflow vulnerability in its ANSMTP.dll and AOSMTP.dll ActiveX controls, specifically within the AddAttachments() method. This method fails to properly validate the length of input strings, allowing data to exceed the bounds of a fixed-size stack buffer. When invoked with an overly long string, the control can corrupt adjacent memory structures, including exception handlers, leading to potential control flow disruption.
by Lincoln
CVE-2010-5048 EXPLOITDB html VERIFIED
JoomlaTune JComments <2.1.0.0 - XSS
Cross-site scripting (XSS) vulnerability in admin.jcomments.php in the JoomlaTune JComments (com_jcomments) component 2.1.0.0 for Joomla! allows remote authenticated users to inject arbitrary web script or HTML via the name parameter to index.php.
by High-Tech Bridge SA
CVE-2007-1683 EXPLOITDB html VERIFIED
Incredimail Immenushellext Activex Control - Buffer Overflow
Stack-based buffer overflow in the DoWebMenuAction function in the IncrediMail IMMenuShellExt ActiveX control (ImShExt.dll) allows remote attackers to execute arbitrary code via unspecified vectors.
by Lincoln
CVE-2010-1939 EXPLOITDB html VERIFIED
Apple Safari - Resource Management Error
Use-after-free vulnerability in Apple Safari 4.0.5 on Windows allows remote attackers to execute arbitrary code by using window.open to create a popup window for a crafted HTML document, and then calling the parent window's close method, which triggers improper handling of a deleted window object.
by Krystian Kloskowski
CVE-2010-1997 EXPLOITDB html VERIFIED
Saurus Cms - XSS
Cross-site scripting (XSS) vulnerability in admin/edit.php in Saurus CMS 4.7.0 allows remote authenticated users, with "Article list" edit privileges, to inject arbitrary web script or HTML via the pealkiri parameter.
by High-Tech Bridge SA
EIP-2026-107055 EXPLOITDB html
Fast Free Media 1.3 Adult Site - Arbitrary File Upload
by indoushka
EIP-2026-105214 EXPLOITDB html
Aqar Script 1.0 - Remote Bypass
by indoushka
EIP-2026-105014 EXPLOITDB html VERIFIED
Affiliate Store Builder - 'edit_cms.php' Multiple SQL Injections
by High-Tech Bridge SA
CVE-2009-1443 EXPLOITDB html
OCS Inventory NG <1.02 - Unspecified Vuln
Multiple unspecified vulnerabilities in the Server component in OCS Inventory NG before 1.02 have unknown impact and attack vectors.
by Nicolas DEROUET
CVE-2009-3270 EXPLOITDB html VERIFIED
Microsoft Internet Explorer < 7.0.6000.16711 - Denial of Service
Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.
by Dr_IDE
EIP-2026-104571 EXPLOITDB html VERIFIED
Multiple Browsers - 'history.go()' Denial of Service
by Dr_IDE
EIP-2026-115863 EXPLOITDB html VERIFIED
Mozilla Firefox 3.6.3 - Fork Bomb (Denial of Service)
by Dr_IDE
CVE-2010-1131 EXPLOITDB html
JavaScriptCore.dll - DoS
JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service (application crash) via an HTML document composed of many successive occurrences of the <object> substring.
by Mathias Karlsson
EIP-2026-109046 EXPLOITDB html
KubeBlog - Cross-Site Request Forgery
by The.Morpheus
EIP-2026-103397 EXPLOITDB html VERIFIED
All Browsers - Long Unicode Denial of Service (PoC)
by Dr_IDE
EIP-2026-103396 EXPLOITDB html
All browsers - Crash
by Inj3ct0r
By Source
All 2,054 Exploitdb 50,121 Writeup 46,662 Nomisec 21,135 Metasploit 3,189 Github 2,237 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,731 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 260 c++ 246 shell 68 go 41 postscript 25 xml 24