Html Exploits
2,054 exploits tracked across all sources.
Microsoft Internet Explorer 8.0.7100.0 - DoS
Microsoft Internet Explorer 8.0.7100.0 on Windows 7 RC on the x64 platform allows remote attackers to cause a denial of service (application crash) via a certain DIV element in conjunction with SCRIPT elements that have empty contents and no reference to a valid external script location.
by schnuddelbuddel
Microsoft Internet Explorer <8 - DoS
mshtml.dll in Microsoft Internet Explorer 7 and 8 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) by calling the JavaScript findText method with a crafted Unicode string in the first argument, and only one additional argument, as demonstrated by a second argument of -1.
by Hong10
Mozilla Firefox <3.5.2 - DoS
Mozilla Firefox 3.0.x, 3.5, and 3.5.1 on Windows allows remote attackers to cause a denial of service (uncaught exception and application crash) via a long Unicode string argument to the write method. NOTE: this was originally reported as a stack-based buffer overflow. NOTE: on Linux and Mac OS X, a crash resulting from this long string reportedly occurs in an operating-system library, not in Firefox.
by Andrew Haynes
Mozilla Firefox <3.5.1 - RCE
js/src/jstracer.cpp in the Just-in-time (JIT) JavaScript compiler (aka TraceMonkey) in Mozilla Firefox 3.5 before 3.5.1 allows remote attackers to execute arbitrary code via certain use of the escape function that triggers access to uninitialized memory locations, as originally demonstrated by a document containing P and FONT elements.
by Sberry
Mozilla Firefox <3.5 - DoS
Mozilla Firefox 3.5 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors, related to a "flash bug."
by Sberry
WindsPlayerIE.View.1 - Buffer Overflow
Heap-based buffer overflow in the WindsPlayerIE.View.1 ActiveX control in WindsPly.ocx 3.5.0.0 Beta, 3.0.0.5, and earlier in AwingSoft Awakening Web3D Player and Winds3D Viewer allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long SceneUrl property value, a different vulnerability than CVE-2009-2386. NOTE: some of these details are obtained from third party information.
by shinnai
Microsoft Internet Explorer - Buffer Overflow
Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the first argument.
by Sberry
Messages Library 2.0 - Arbitrary Administrator Account
by ThE g0bL!N
Google Chrome 2.0.172 - 'About:blank' Address Bar URI Spoofing 'About:blank' Address Bar URI Spoofing
by Lostmon
Apple Safari 4.0.1 - Error Page Address Bar URI Spoofing
by Juan Pablo Lopez Yacubian
Mozilla Firefox <3.0.13, 3.5.x <3.5.2 - XSS
Mozilla Firefox before 3.0.13, and 3.5.x before 3.5.2, allows remote attackers to spoof the address bar, and possibly conduct phishing attacks, via a crafted web page that calls window.open with an invalid character in the URL, makes document.write calls to the resulting object, and then calls the stop method during the loading of the error page.
by Juan Pablo Lopez Yacubian
Evernew Free Joke Script 1.2 - Remote Change Password
by Hakxer
Grestul 1.2 - Auth Bypass
admin/options.php in Grestul 1.2 does not properly restrict access, which allows remote attackers to bypass authentication and create administrative accounts via a manage_admin action in a direct request.
by ThE g0bL!N
Avax Vector ActiveX <1.3 - Buffer Overflow
Buffer overflow in the Avax Vector ActiveX control in avPreview.ocx in AVAX-software Avax Vector ActiveX 1.3 allows remote attackers to cause a denial of service (application crash) via a long PrinterName property.
by Satan_HackerS
Web Directory PRO - 'Admins.php' Change Admin Password
by TiGeR-Dz
Host Directory PRO 2.1.0 - Remote Change Admin Password
by TiGeR-Dz
Roxio Cineplayer - Memory Corruption
Heap-based buffer overflow in the IAManager ActiveX control in IAManager.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the SetIAPlayerName method.
by His0k4
Roxio Cineplayer - Memory Corruption
Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in SonicMediaPlayer.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the DiskType method. NOTE: this might overlap CVE-2007-1559.
by snakespc
ZeeCareers 2.0 - 'addAdminmembercode.php' Arbitrary Add Admin
by x.CJP.x
Ultimate Media Script 2.0 - Remote Change Content
by ThE g0bL!N
ShaadiClone 2.0 - 'addAdminmembercode.php' Arbitrary Add Admin
by x.CJP.x
Gallarific - 'user.php' Arbirary Change Admin Information
by TiGeR-Dz
Mozilla Firefox - Resource Management Error
The SVG component in Mozilla Firefox 3.0.4 allows remote attackers to cause a denial of service (application hang) via a large value in the r (aka Radius) attribute of a circle element, related to an "unclamped loop."
by Thierry Zoller
Cisco Adaptive Security Appliance - XSS
Eval injection vulnerability in the csco_wrap_js function in /+CSCOL+/cte.js in WebVPN on the Cisco Adaptive Security Appliances (ASA) device with software 8.0(4), 8.1.2, and 8.2.1 allows remote attackers to bypass a DOM wrapper and conduct cross-site scripting (XSS) attacks by setting CSCO_WebVPN['process'] to the name of a crafted function, aka Bug ID CSCsy80694.
by Trustwave's SpiderLabs
By Source