Html Exploits

2,076 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-118980 EXPLOITDB html VERIFIED
Office Viewer ActiveX Control 3.0.1 - 'Save' Remote File Overwrite
by Houssamix
EIP-2026-116091 EXPLOITDB html VERIFIED
PowerPoint Viewer OCX 3.1 - Remote File Overwrite
by Stack
EIP-2026-118525 EXPLOITDB html VERIFIED
ExcelOCX ActiveX 3.2 - Download File Insecure Method
by Alfons Luja
EIP-2026-100224 EXPLOITDB html VERIFIED
Comersus Shopping Cart 6.0 - Remote User Pass
by ajann
EIP-2026-100221 EXPLOITDB html VERIFIED
Comersus Cart 6 - User Email and User Password Unauthorized Access
by ajann
EIP-2026-115667 EXPLOITDB html VERIFIED
Microsoft Internet Explorer - JavaScript screen[ ] Denial of Service
by Skylined
CVE-2009-0070 EXPLOITDB html VERIFIED
Apple Safari - Integer Signedness Error in JavaScript Function Arguments Array
Integer signedness error in Apple Safari allows remote attackers to read the contents of arbitrary memory locations, cause a denial of service (application crash), and probably have unspecified other impact via the array index of the arguments array in a JavaScript function, possibly a related issue to CVE-2008-2307.
by Skylined
CVE-2008-6748 EXPLOITDB html VERIFIED
Megacubo 5.0.7 - Remote Code Execution via mega:// URI Play Action
Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers to inject and execute arbitrary PHP code via the play action in a mega:// URI.
by JJunior
CVE-2008-6748 EXPLOITDB html VERIFIED
Megacubo 5.0.7 - Remote Code Execution via mega:// URI Play Action
Eval injection vulnerability in Megacubo 5.0.7 allows remote attackers to inject and execute arbitrary PHP code via the play action in a mega:// URI.
by Nine:Situations:Group
CVE-2008-6898 EXPLOITDB html VERIFIED
SaschArt SasCam Webcam Server 2.6.5 - Buffer Overflow via XHTTP Module Get Method
Buffer overflow in the XHTTP Module 4.1.0.0 in the ActiveX control for SaschArt SasCam Webcam Server 2.6.5 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the Get method and other unspecified methods.
by callAX
CVE-2008-4584 EXPLOITDB html VERIFIED
Chilkat Mail 7.8 - Arbitrary File Write via SaveLastError Method
Insecure method vulnerability in Chilkat Mail 7.8 ActiveX control (ChilkatCert.dll) allows remote attackers to overwrite arbitrary files via a full pathname to the SaveLastError method.
by callAX
CVE-2008-5749 EXPLOITDB html VERIFIED
Google Chrome <1.0.154.36 - Command Injection
Argument injection vulnerability in Google Chrome 1.0.154.36 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI. NOTE: a third party disputes this issue, stating that Chrome "will ask for user permission" and "cannot launch the applet even [if] you have given out the permission.
by Nine:Situations:Group
CVE-2008-5750 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 8 beta 2 - Command Injection
Argument injection vulnerability in Microsoft Internet Explorer 8 beta 2 on Windows XP SP3 allows remote attackers to execute arbitrary commands via the --renderer-path option in a chromehtml: URI.
by Nine:Situations:Group
CVE-2008-5691 EXPLOITDB html VERIFIED
Phoenician Casino FlashAX <1.0.0.7 - Buffer Overflow
Heap-based buffer overflow in the Phoenician Casino FlashAX ActiveX control 1.0.0.7 allows remote attackers to execute arbitrary code via a long argument to the SetID method.
by e.wiZz!
CVE-2008-4844 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 - Use-After-Free via DSO Bindings
Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
by krafty
CVE-2010-1175 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 7.0 - Info Disclosure
Microsoft Internet Explorer 7.0 on Windows XP and Windows Server 2003 allows remote attackers to have an unspecified impact via a certain XML document that references a crafted web site in the SRC attribute of an image element, related to a "0day Vulnerability."
by krafty
EIP-2026-115224 EXPLOITDB html VERIFIED
EvansFTP - 'EvansFTP.ocx' Remote Buffer Overflow (PoC)
by Bl@ckbe@rD
EIP-2026-113775 EXPLOITDB html VERIFIED
WordPress Plugin Fuctweb CapCC 1.0 - 'plugins.php' SQL Injection
by MustLive
CVE-2008-4844 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 - Use-After-Free via DSO Bindings
Use-after-free vulnerability in the CRecordInstance::TransferToDestination function in mshtml.dll in Microsoft Internet Explorer 5.01, 6, 6 SP1, and 7 allows remote attackers to execute arbitrary code via DSO bindings involving (1) an XML Island, (2) XML DSOs, or (3) Tabular Data Control (TDC) in a crafted HTML or XML document, as demonstrated by nested SPAN or MARQUEE elements, and exploited in the wild in December 2008.
by muts
CVE-2008-6447 EXPLOITDB html VERIFIED
QuikSoft EasyMail MailStore ActiveX emmailstore.dll 6.5.0.3 - Buffer Overflow via CreateStore Method
Buffer overflow in emmailstore.dll 6.5.0.3 in the QuikSoft EasyMail MailStore ActiveX control allows remote attackers to execute arbitrary code via a long first argument to the CreateStore method.
by e.wiZz!
CVE-2008-6975 EXPLOITDB html VERIFIED
DD-WRT 24 sp2 - Cross-Site Request Forgery via apply.cgi Parameters
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp2 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentials via the http_username and http_passwd parameters; (3) enable remote administration via the remote_management parameter; or (4) configure port forwarding via certain from, to, ip, and pro parameters. NOTE: This issue reportedly exists because of a "weak ... anti-CSRF fix" implemented in 24 sp2.
by Michael Brooks
CVE-2008-6496 EXPLOITDB html VERIFIED
VISAGESOFT eXPert PDF EditorX 1.0.200.0 - Arbitrary File Write via extractPagesToFile
Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX control in VSPDFEditorX.ocx 1.0.200.0 in VISAGESOFT eXPert PDF EditorX allows remote attackers to create or overwrite arbitrary files via the first argument to the extractPagesToFile method.
by Marco Torti
EIP-2026-115347 EXPLOITDB html VERIFIED
Google Chrome - MetaCharacter URI Obfuscation
by Aditya K Sood
CVE-2008-4033 EXPLOITDB html VERIFIED
Microsoft XML Core Services 3.0-6.0 - Info Disclosure
Cross-domain vulnerability in Microsoft XML Core Services 3.0 through 6.0, as used in Microsoft Expression Web, Office, Internet Explorer, and other products, allows remote attackers to obtain sensitive information from another domain and corrupt the session state via HTTP request header fields, as demonstrated by the Transfer-Encoding field, aka "MSXML Header Request Vulnerability."
by Jerome Athias
CVE-2008-7070 EXPLOITDB html VERIFIED
KVIrc 3.4.2 - Remote Code Execution via URI Handler Argument Injection
Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951.
by Nine:Situations:Group
By Source
All 2,076 Writeup 62,466 Exploitdb 50,076 Nomisec 22,446 Github 3,667 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,592 ruby 6,006 c 3,631 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 133 go 73 postscript 25 typescript 25