Html Exploits
2,076 exploits tracked across all sources.
FlatPress 0.804 - Cross-Site Scripting via User/Pass Parameters or Name Parameter
Multiple cross-site scripting (XSS) vulnerabilities in FlatPress 0.804 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) pass parameter to login.php, or the (3) name parameter to contact.php.
by Fabian Fingerle
BurnAware - NMSDVDXU ActiveX Arbitrary File Creation/Execution
by shinnai
Google Chrome 0.2.149.29 and 0.2.149.30 - Denial of Service via Window Open Function
Google Chrome 0.2.149.29 and 0.2.149.30 allows remote attackers to cause a denial of service (memory consumption) via an HTML document containing a carriage return ("\r\n\r\n") argument to the window.open function.
by Aditya K Sood
Chilkat XML ActiveX Control < 3.0.3.0 - Arbitrary File Write via SaveToFile, SaveToTempFile, or AppendBinary Method
The Chilkat XML ChilkatUtil.CkData.1 ActiveX control (ChilkatUtil.dll) 3.0.3.0 and earlier allows remote attackers to create, overwrite, and modify arbitrary files for execution via a call to the (1) SaveToFile, (2) SaveToTempFile, or (3) AppendBinary method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs.
by shinnai
fuzzylime_cms < 3.03 - Cross-Site Scripting via Login Form User Parameter
Cross-site scripting (XSS) vulnerability in admin/usercheck.php in fuzzylime (cms) before 3.03 allows remote attackers to inject arbitrary web script or HTML via the user parameter to the login form.
by Fabian Fingerle
Foxmail 6.5 - Remote Code Execution via Long mailto URI in HREF Attribute
Buffer overflow in Foxmail 6.5 allows remote attackers to execute arbitrary code via a long mailto URI in the HREF attribute of an A element.
by sebug
BurnAware - Arbitrary File Write via NMSDVDX.DVDEngineX ActiveX Control
NuMedia Soft NMS DVD Burning SDK Activex NMSDVDX.DVDEngineX.1 ActiveX control (NMSDVDX.dll) 1.013C and earlier, as used in CDBurnerXP 4.2.1.976, BurnAware 2.1.3, Blaze Media Pro 8.02 Special Edition, and possibly other products, allows remote attackers to overwrite and create arbitrary files via calls to the EnableLog and LogMessage methods. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs.
by Nine:Situations:Group
Cisco IOS 12.4 - Cross-Site Request Forgery via HTTP Administration Component
Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information.
by Jeremy Brown
Cisco IOS 12.4 - Cross-Site Request Forgery via HTTP Administration Component
Multiple cross-site request forgery (CSRF) vulnerabilities in the HTTP Administration component in Cisco IOS 12.4 on the 871 Integrated Services Router allow remote attackers to execute arbitrary commands via (1) a certain "show privilege" command to the /level/15/exec/- URI, and (2) a certain "alias exec" command to the /level/15/exec/-/configure/http URI. NOTE: some of these details are obtained from third party information.
by Jeremy Brown
Cisco 871 Integrated Services Router - Cross-Site Request Forgery (2)
by Jeremy Brown
Cisco 871 Integrated Services Router - Cross-Site Request Forgery (1)
by Jeremy Brown
Windows Media Encoder - Stack-based Buffer Overflow via GetDetailsString Method
Stack-based buffer overflow in the WMEncProfileManager ActiveX control in wmex.dll in Microsoft Windows Media Encoder 9 Series allows remote attackers to execute arbitrary code via a long first argument to the GetDetailsString method, aka "Windows Media Encoder Buffer Overrun Vulnerability."
by haluznik
Apple iPhone 1.1.4, 2.0 and iPod touch 1.1.4, 2.0 - Denial of Service via JavaScript Alert Call
Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read.
by Nicolas Economou
Maxthon Browser 2.1.4.443 - Unicode Remote Denial of Service (PoC)
by LiquidWorm
Adobe Acrobat 9 - Denial of Service via Invalid acroie:// URL
A certain ActiveX control in Adobe Acrobat 9, when used with Microsoft Windows Vista and Internet Explorer 7, allows remote attackers to cause a denial of service (browser crash) via an src property value with an invalid acroie:// URL.
by Jeremy Brown
Peachtree Accounting 2004 - Remote Code Execution via PAWWeb11.ocx ExecutePreferredApplication Method
Insecure method vulnerability in the ActiveX control (PAWWeb11.ocx) in Peachtree Accounting 2004 allows remote attackers to execute arbitrary programs via the ExecutePreferredApplication method.
by Jeremy Brown
Flock Social Web Browser 1.2.5 - 'loop' Remote Denial of Service
by LiquidWorm
Google Chrome 0.2.149.27 - Denial of Service via Long IMG src Attribute
Google Chrome 0.2.149.27 allows user-assisted remote attackers to cause a denial of service (browser crash) via an IMG tag with a long src attribute, which triggers the crash when the victim performs an "Inspect Element" action.
by Metacortex
Google Chrome < 0.2.149.29 - Stack-Based Buffer Overflow via Hover Over Long Path Link
Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in Google Chrome 0.2.149.27 and other versions before 0.2.149.29 might allow user-assisted remote attackers to execute arbitrary code via a link target (href attribute) with a large number of path elements, which triggers the overflow when the status bar is updated after the user hovers over the link.
by Shinnok
Google Chrome 0.2.149.29 - Denial of Service via Long Title Attribute in Tooltip
The tooltip manager (chrome/views/tooltip_manager.cc) in Google Chrome 0.2.149.29 Build 1798 and possibly other versions before 0.2.149.30 allows remote attackers to cause a denial of service (CPU consumption or crash) via a tag with a long title attribute, which is not properly handled when displaying a tooltip, a different vulnerability than CVE-2008-6994. NOTE: there is inconsistent information about the environments under which this issue exists.
by Exodus
VMware <5.5.8-6.0.5-1.0.8-2.0.5-1.0.7 - Buffer Overflow
Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call to the GuestInfo method in which there is a long string argument, and an assignment of a long string value to the result of this call. NOTE: this may overlap CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, or CVE-2008-3696.
by shinnai
Friendly Technologies FriendlyPPPoE Client <3.0.0.57 - Code Injection
A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to (1) create and read arbitrary registry values via the RegistryValue method, and (2) read arbitrary files via the GetTextFile method.
by spdr
Najdi.si Toolbar 2.0.4.1 - Stack-Based Buffer Overflow via Document.Location Property
Stack-based buffer overflow in an ActiveX control in najdisitoolbar.dll in Najdi.si Toolbar 2.0.4.1 allows remote attackers to cause a denial of service (browser crash) or execute arbitrary code via a long Document.Location property value.
by shinnai
LogMeIn RACtrl.dll - Denial of Service via fgcolor and bgcolor Property Manipulation
LogMeIn Remote Access Utility ActiveX control (RACtrl.dll) allows remote attackers to cause a denial of service (crash) by setting the fgcolor and bgcolor properties to certain long values that trigger memory corruption.
by YAG KOHHA
Friendly Technologies FriendlyPPPoE Client <3.0.0.57 - Buffer Overflow
Heap-based buffer overflow in a certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary code via a long third argument to the CreateURLShortcut method.
by spdr
By Source