Html Exploits
2,054 exploits tracked across all sources.
WkImgSrv.dll 7.03.0616.0 - RCE
A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
by lhoang8500
HP Software Update - Code Injection
Hpufunction.dll 4.0.0.1 in HP Software Update exposes the unsafe (1) ExecuteAsync and (2) Execute methods, which allows remote attackers to execute arbitrary code via an absolute pathname in the first argument.
by callAX
Microsoft Excel 2007 - JavaScript Code Remote Denial of Service
by Juan Pablo Lopez Yacubian
WatchFire AppScan 7.0 - Path Traversal
Multiple absolute path traversal vulnerabilities in certain ActiveX controls in WatchFire AppScan 7.0 allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) CompactSave and (2) SaveSession method in one control, and the (3) saveRecordedExploreToFile method in a different control. NOTE: this can be leveraged for code execution by writing to a Startup folder.
by callAX
Zune - Path Traversal
Absolute path traversal vulnerability in a certain ActiveX control in Zune allows user-assisted remote attackers to overwrite arbitrary files via the SaveToFile method. NOTE: the victim must explicitly allow the code to run.
by ilion security
Torrentflux - CSRF
Cross-site request forgery (CSRF) vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action.
by Michael Brooks
WkImgSrv.dll 7.03.0616.0 - RCE
A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
by Shennan Wang
IBiz E-Banking Integrator <2.0.2932 - Code Injection
The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz E-Banking Integrator (formerly IBiz OFX Integrator) 2.0.2932 exposes the unsafe WriteOFXDataFile method, which allows remote attackers to overwrite arbitrary files via a full pathname in the argument. NOTE: some of these details are obtained from third party information.
by shinnai
phpBB Fishing Cat Portal Addon - 'functions_portal.php' Remote File Inclusion
by bd0rk
phpBB Addon Fishing Cat Portal - Remote File Inclusion
by bd0rk
SecureTransport Server <4.6.1 - Buffer Overflow
Stack-based buffer overflow in the IActiveXTransfer.FileTransfer method in the SecureTransport FileTransfer ActiveX control in vcst_en.dll 1.0.0.5 in Tumbleweed SecureTransport Server before 4.6.1 Hotfix 20 allows remote attackers to execute arbitrary code via a long remoteFile parameter.
by Patrick Webster
Data Dynamics ActiveBar <3.2 - Path Traversal
The Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.2 and earlier allows remote attackers to create or overwrite files via a full pathname in (1) the second argument to the Save method, or the first argument to the (2) SaveLayoutChanges or (3) SaveMenuUsageData method.
by shinnai
Parallels Virtuozzo Containers - CSRF
Cross-site request forgery (CSRF) vulnerability in the file manager in the VZPP web interface for Parallels Virtuozzo 365.6.swsoft (build 4.0.0-365.6.swsoft) and 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to create and delete arbitrary files as the administrator via a link or IMG tag to (1) create-file and (2) list-control in vz/cp/vzdir/infrman/envs/files/; or modify system configuration via the path parameter to vz/cp/vzdir/infrman/envs/files/index.
by poplix
Parallels Virtuozzo - CSRF
Cross-site request forgery (CSRF) vulnerability in the "change password" feature in the VZPP web interface for Parallels Virtuozzo 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to modify the password via a link or IMG tag to vz/cp/pwd.
by poplix
Opera <9.27 - RCE
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory corruption.
by Michal Zalewski
RealPlayer <11.0.3 - RCE
The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory.
by Elazar
ChilkatHttp <2.4.0.0 - Code Injection
The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll 2.4.0.0, 2.3.0.0, and earlier in ChilkatHttp ActiveX expose the unsafe SaveLastError method, which allows remote attackers to overwrite arbitrary files. NOTE: some of these details are obtained from third party information.
by shinnai
Invision Power Services Invision Power Board < 2.3.1 - XSS
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature.
by SHAHEE_MIRZA
LEADTOOLS Multimedia Toolkit <15 - File Overwrite
The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ltmmPlayCtrl Class ActiveX controls (ltmm15.dll 15.1.0.17 and earlier) in LEADTOOLS Multimedia Toolkit 15 allow attackers to overwrite arbitrary files via the SaveSettingsToFile method.
by shinnai
Apple Safari 3.1 - Window.setTimeout Variant Content Spoofing
by Juan Pablo Lopez Yacubian
Apple Safari (webkit) (iPhone/OSX/Windows) - Remote Denial of Service
by Georgi Guninski
ListCtrl ActiveX Control - Buffer Overflow
Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method.
by h07
QT-cute QuickTalk Forum <1.6 - SQL Injection
SQL injection vulnerability in qtf_ind_search_ov.php in QT-cute QuickTalk Forum 1.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by t0pP8uZz
Kingsoft Antivirus Online Update Module - Memory Corruption
Heap-based buffer overflow in the KUpdateObj2 Class ActiveX control in UpdateOcx2.dll in Beijing KingSoft Antivirus Online Update Module 2007.12.29.29 allows remote attackers to execute arbitrary code via a long argument to the SetUninstallName method.
by void
Microsoft Internet Explorer 7 - Combined JavaScript and XML Remote Information Disclosure
by Ronald van den Heetkamp
By Source