Html Exploits
2,076 exploits tracked across all sources.
Microsoft Excel 2007 - JavaScript Code Remote Denial of Service
by Juan Pablo Lopez Yacubian
WatchFire AppScan 7.0 - Path Traversal
Multiple absolute path traversal vulnerabilities in certain ActiveX controls in WatchFire AppScan 7.0 allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) CompactSave and (2) SaveSession method in one control, and the (3) saveRecordedExploreToFile method in a different control. NOTE: this can be leveraged for code execution by writing to a Startup folder.
by callAX
Zune Software - Path Traversal and Arbitrary File Write via SaveToFile Method
Absolute path traversal vulnerability in a certain ActiveX control in Zune allows user-assisted remote attackers to overwrite arbitrary files via the SaveToFile method. NOTE: the victim must explicitly allow the code to run.
by ilion security
Torrentflux - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in html/admin.php in TorrentFlux 2.3 allows remote attackers to hijack the authentication of administrators for requests that add new accounts via the addUser action.
by Michael Brooks
Microsoft Office and Works - Remote Code Execution via WkImgSrv.dll WksPictureInterface Property
A certain ActiveX control in WkImgSrv.dll 7.03.0616.0, as distributed in Microsoft Works 7 and Microsoft Office 2003 and 2007, allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via an invalid WksPictureInterface property value, which triggers an improper function call.
by Shennan Wang
IBiz E-Banking Integrator <2.0.2932 - Code Injection
The IBizEBank.FIProfile.1 ActiveX control in fiprofile20.ocx in IBiz E-Banking Integrator (formerly IBiz OFX Integrator) 2.0.2932 exposes the unsafe WriteOFXDataFile method, which allows remote attackers to overwrite arbitrary files via a full pathname in the argument. NOTE: some of these details are obtained from third party information.
by shinnai
phpBB Fishing Cat Portal Addon - 'functions_portal.php' Remote File Inclusion
by bd0rk
phpBB Addon Fishing Cat Portal - Remote File Inclusion
by bd0rk
SecureTransport Server <4.6.1 - Buffer Overflow
Stack-based buffer overflow in the IActiveXTransfer.FileTransfer method in the SecureTransport FileTransfer ActiveX control in vcst_en.dll 1.0.0.5 in Tumbleweed SecureTransport Server before 4.6.1 Hotfix 20 allows remote attackers to execute arbitrary code via a long remoteFile parameter.
by Patrick Webster
Data Dynamics ActiveBar <3.2 - Path Traversal
The Data Dynamics ActiveBar ActiveX control (actbar3.ocx) 3.2 and earlier allows remote attackers to create or overwrite files via a full pathname in (1) the second argument to the Save method, or the first argument to the (2) SaveLayoutChanges or (3) SaveMenuUsageData method.
by shinnai
Parallels Virtuozzo Containers - Cross-Site Request Forgery in VZPP File Manager
Cross-site request forgery (CSRF) vulnerability in the file manager in the VZPP web interface for Parallels Virtuozzo 365.6.swsoft (build 4.0.0-365.6.swsoft) and 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to create and delete arbitrary files as the administrator via a link or IMG tag to (1) create-file and (2) list-control in vz/cp/vzdir/infrman/envs/files/; or modify system configuration via the path parameter to vz/cp/vzdir/infrman/envs/files/index.
by poplix
Parallels Virtuozzo 25.4.swsoft - Cross-Site Request Forgery in VZPP Password Change
Cross-site request forgery (CSRF) vulnerability in the "change password" feature in the VZPP web interface for Parallels Virtuozzo 25.4.swsoft (build 3.0.0-25.4.swsoft) allows remote attackers to modify the password via a link or IMG tag to vz/cp/pwd.
by poplix
Opera < 9.27 - Remote Code Execution via Crafted CANVAS Image Pattern
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory corruption.
by Michal Zalewski
RealPlayer - Remote Code Execution via RealAudioObjects.RealAudio ActiveX Control
The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1) Console or (2) Controls property, which allows remote attackers to execute arbitrary code or cause a denial of service (browser crash) via a series of assignments of long string values, which triggers an overwrite of freed heap memory.
by Elazar
ChilkatHttp <2.4.0.0 - Code Injection
The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll 2.4.0.0, 2.3.0.0, and earlier in ChilkatHttp ActiveX expose the unsafe SaveLastError method, which allows remote attackers to overwrite arbitrary files. NOTE: some of these details are obtained from third party information.
by shinnai
Invision Power Board < 2.3.1 - Stored Cross-Site Scripting via IFRAME in Signature
Cross-site scripting (XSS) vulnerability in Invision Power Board 2.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via an IFRAME tag in the signature.
by SHAHEE_MIRZA
LEADTOOLS Multimedia Toolkit <15 - File Overwrite
The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ltmmPlayCtrl Class ActiveX controls (ltmm15.dll 15.1.0.17 and earlier) in LEADTOOLS Multimedia Toolkit 15 allow attackers to overwrite arbitrary files via the SaveSettingsToFile method.
by shinnai
Apple Safari 3.1 - Window.setTimeout Variant Content Spoofing
by Juan Pablo Lopez Yacubian
Apple Safari (webkit) (iPhone/OSX/Windows) - Remote Denial of Service
by Georgi Guninski
ListCtrl ActiveX Control - Buffer Overflow
Stack-based buffer overflow in the ListCtrl ActiveX Control (ListCtrl.ocx), as used in multiple CA products including BrightStor ARCserve Backup R11.5, Desktop Management Suite r11.1 through r11.2, and Unicenter products r11.1 through r11.2, allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long argument to the AddColumn method.
by h07
QT-cute QuickTalk Forum <1.6 - SQL Injection
SQL injection vulnerability in qtf_ind_search_ov.php in QT-cute QuickTalk Forum 1.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by t0pP8uZz
Beijing KingSoft Antivirus Online Update Module 2007.12.29.29 - Heap-Based Buffer Overflow via SetUninstallName Method
Heap-based buffer overflow in the KUpdateObj2 Class ActiveX control in UpdateOcx2.dll in Beijing KingSoft Antivirus Online Update Module 2007.12.29.29 allows remote attackers to execute arbitrary code via a long argument to the SetUninstallName method.
by void
Microsoft Internet Explorer 7 - Combined JavaScript and XML Remote Information Disclosure
by Ronald van den Heetkamp
ICQ Toolbar 2.3 - Denial of Service via Long Argument to RequestURL GetPropertyById or SetPropertyById
toolbaru.dll in ICQ Toolbar (ICQToolbar) 2.3 allows remote attackers to cause a denial of service (toolbar crash) via a long argument to the (1) RequestURL, (2) GetPropertyById, or (3) SetPropertyById method, different vectors than CVE-2008-7135.
by spdr
Check Point VPN-1 UTM Edge W Embedded NGX 7.0.48x - XSS
Cross-site scripting (XSS) vulnerability in the login page in Check Point VPN-1 UTM Edge W Embedded NGX 7.0.48x allows remote attackers to inject arbitrary web script or HTML via the user parameter.
by Henri Lindberg
By Source