Html Exploits
2,054 exploits tracked across all sources.
Microsoft Internet Explorer <6 - RCE
The Tabular Data Control (TDC) ActiveX control in Microsoft Internet Explorer 5.01 SP4, 6 on Windows XP SP2 and SP3, and 6 SP1 allows remote attackers to execute arbitrary code via a long URL (DataURL parameter) that triggers memory corruption in the CTDCCtl::SecurityCHeckDataURL function, aka "Memory Corruption Vulnerability."
by ZSploit.com
IncrediMail 2.0 - Buffer Overflow
Buffer overflow in the Authenticate method in the INCREDISPOOLERLib.Pop ActiveX control in ImSpoolU.dll in IncrediMail 2.0 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in the first argument.
by d3b4g
Cmsmadesimple Cms Made Simple < 1.8.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in CMS Made Simple 1.8.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that reset the administrative password. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by pratul agrawal
Safari <3.1.3 - DoS/Code Injection
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors involving document.write calls with long crafted strings.
by Nishant Das Patnaik
Safari <3.1.3 - DoS
Safari on Apple iPhone OS 3.1.3 for iPod touch allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long exception string in a throw statement, possibly a related issue to CVE-2009-1514.
by Nishant Das Patnaik
Mozilla Firefox - Memory Corruption
The gfxTextRun::SanitizeGlyphRuns function in gfx/thebes/src/gfxFont.cpp in the browser engine in Mozilla Firefox 3.6 before 3.6.2 on Mac OS X, when the Core Text API is used, does not properly perform certain deletions, which allows remote attackers to cause a denial of service (memory corruption and application crash) and possibly execute arbitrary code via an HTML document containing invisible Unicode characters, as demonstrated by the U+FEFF, U+FFF9, U+FFFA, and U+FFFB characters.
by Jesse Ruderman
Adult Video Site Script - Multiple Vulnerabilities
by indoushka
Mozilla Firefox - Access Control
The nsDocument::MaybePreLoadImage function in content/base/src/nsDocument.cpp in the image-preloading implementation in Mozilla Firefox 3.6 before 3.6.2 does not apply scheme restrictions and policy restrictions to the image's URL, which might allow remote attackers to cause a denial of service (application crash or hang) or hijack the functionality of the browser's add-ons via a crafted SRC attribute of an IMG element, as demonstrated by remote command execution through an ssh: URL in a configuration that supports gnome-vfs with a nonstandard network.gnomevfs.supported-protocols setting.
by Josh Soref
Clain_TIger_CMS - Cross-Site Request Forgery
by pratul agrawal
Liquid XML Studio 2010 < 8.061970 - 'LtXmlComHelp8.dll OpenFile()' Remote Overflow
by mr_me
Apple Safari < 4.0.4 - Resource Management Error
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality.
by wushi
KDPics 1.18 - '/admin/index.php' Authentication Bypass
by snakespc
DeDeCMS 5.5 - '_SESSION[dede_admin_id]' Authentication Bypass
by Wolves Security Team
n-cms-equipe 1.1c.Debug - Multiple Local File Inclusions
by ITSecTeam
cPanel - Multiple Cross-Site Request Forgery Vulnerabilities
by SecurityRules
Employee Timeclock Software 0.99 - CSRF
Cross-site request forgery (CSRF) vulnerability in add_user.php in Employee Timeclock Software 0.99 allows remote attackers to hijack the authentication of an administrator for requests that create new administrative users. NOTE: some of these details are obtained from third party information.
by ViRuSMaN
Rising Online Virus Scanner 22.0.0.5 - ActiveX Control Stack Overflow (Denial of Service)
by wirebonder
Symantec Antivirus - Memory Corruption
Buffer overflow in the cliproxy.objects.1 ActiveX control in the Symantec Client Proxy (CLIproxy.dll) in Symantec AntiVirus 10.0.x, 10.1.x before MR9, and 10.2.x before MR4; and Symantec Client Security 3.0.x and 3.1.x before MR9 allows remote attackers to execute arbitrary code via a long argument to the SetRemoteComputerName function.
by Alexander Polyakov
Apple Safari 4.0.4 / Firefox 3.5.7 / SeaMonkey 2.0.1 - Remote Denial of Service
by 599eme Man
By Source