Html Exploits

2,054 exploits tracked across all sources.

Sort: Activity Stars
CVE-2008-4664 EXPLOITDB html VERIFIED
Qvod Player - Memory Corruption
Heap-based buffer overflow in QvodInsert.QvodCtrl.1 ActiveX control (QvodInsert.dll) in QVOD Player before 2.1.5 build 0053 allows remote attackers to execute arbitrary code via a long URL property. NOTE: some of these details are obtained from third party information.
by anonymous
CVE-2008-0290 EXPLOITDB html VERIFIED
Digitalhive < 2.0_rc2 - SQL Injection
Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the selectskin parameter to an unspecified program, or (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in the gestion_membre.php page to base.php.
by j0j0
CVE-2008-0237 EXPLOITDB html VERIFIED
Microsoft Rich Textbox Control - Improper Input Validation
The Microsoft Rich Textbox ActiveX Control (RICHTX32.OCX) 6.1.97.82 allows remote attackers to execute arbitrary commands by invoking the insecure SaveFile method.
by shinnai
CVE-2008-0236 EXPLOITDB html VERIFIED
Microsoft Visual FoxPro vfp6r.dll 6.0.8862.0 - Command Injection
An ActiveX control for Microsoft Visual FoxPro (vfp6r.dll 6.0.8862.0) allows remote attackers to execute arbitrary commands by invoking the DoCmd method.
by shinnai
CVE-2008-0220 EXPLOITDB html VERIFIED
Gateway Cweblaunchctl Activex Control - Memory Corruption
Multiple stack-based buffer overflows in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allow remote attackers to execute arbitrary code via a long string in the (1) second or (2) fourth argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information.
by Elazar
CVE-2007-4722 EXPLOITDB html VERIFIED
Move Networks Move Media Player - Memory Corruption
Multiple stack-based buffer overflows in the Quantum Streaming Internet Explorer Player ActiveX control in qsp2ie07051001.dll 1.0.0.1 in Move Media Player allow remote attackers to execute arbitrary code via a long string to the (1) Play and (2) Buzzer methods.
by Elazar
CVE-2008-0221 EXPLOITDB html VERIFIED
Gateway Weblaunch - Path Traversal
Directory traversal vulnerability in the WebLaunch.WeblaunchCtl.1 (aka CWebLaunchCtl) ActiveX control in weblaunch.ocx 1.0.0.1 in Gateway Weblaunch allows remote attackers to execute arbitrary programs via a ..\ (dot dot backslash) in the second argument to the DoWebLaunch method. NOTE: some of these details are obtained from third party information.
by Elazar
CVE-2008-0266 EXPLOITDB html VERIFIED
Eticket - CSRF
Cross-site request forgery (CSRF) vulnerability in admin.php in eTicket 1.5.5.2 allows remote attackers to change the administrative password and possibly perform other administrative tasks. NOTE: either the old password must be known, or the attacker must leverage a separate SQL injection vulnerability.
by L4teral
EIP-2026-109979 EXPLOITDB html VERIFIED
Nucleus CMS 3.0.1 - 'myid' SQL Injection
by MustLive
CVE-2008-0090 EXPLOITDB html VERIFIED
Divx Player - Memory Corruption
A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long argument to the SetPassword method.
by anonymous
CVE-2007-6387 EXPLOITDB html VERIFIED
awApi4.dll 4.0.0.42 - Buffer Overflow
Multiple stack-based buffer overflows in the awApi4.AnswerWorks.1 ActiveX control in awApi4.dll 4.0.0.42, as used by Vantage Linguistics AnswerWorks, and Intuit Clearly Bookkeeping, ProSeries, QuickBooks, Quicken, QuickTax, and TurboTax, allow remote attackers to execute arbitrary code via long arguments to the (1) GetHistory, (2) GetSeedQuery, (3) SetSeedQuery, and possibly other methods. NOTE: some of these details are obtained from third party information.
by Elazar
CVE-2007-6654 EXPLOITDB html VERIFIED
Macrovision Update Service - Memory Corruption
Buffer overflow in a certain ActiveX control in Macrovision InstallShield Update Service Web Agent 5.1.100.47363 allows remote attackers to execute arbitrary code via a long string in the ProductCode argument (second argument) to the DownloadAndExecute method, a different vulnerability than CVE-2007-0321, CVE-2007-2419, and CVE-2007-5660.
by Elazar
CVE-2007-4474 EXPLOITDB html VERIFIED
IBM Lotus Domino - Buffer Overflow
Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1.
by Elazar
CVE-2007-4474 EXPLOITDB html VERIFIED
IBM Lotus Domino - Buffer Overflow
Multiple stack-based buffer overflows in the IBM Lotus Domino Web Access ActiveX control, as provided by inotes6.dll, inotes6w.dll, dwa7.dll, and dwa7w.dll, in Domino 6.x and 7.x allow remote attackers to execute arbitrary code, as demonstrated by an overflow from a long General_ServerName property value when calling the InstallBrowserHelperDll function in the Upload Module in the dwa7.dwa7.1 control in dwa7w.dll 7.0.34.1.
by Elazar
CVE-2007-6530 EXPLOITDB html VERIFIED
Persits Software XUpload <3.0 - Buffer Overflow
Buffer overflow in the XUpload.ocx ActiveX control in Persits Software XUpload 2.1.0.1, and probably other versions before 3.0, as used by HP Mercury LoadRunner and Groove Virtual Office, allows remote attackers to execute arbitrary code via a long argument to the AddFolder function.
by Elazar
CVE-2007-6605 EXPLOITDB html VERIFIED
SkyFexClient <1.0 - Buffer Overflow
Buffer overflow in a certain ActiveX control in SkyFexClient.ocx 1.0.2.77 in SkyFex Client 1.0 allows remote attackers to execute arbitrary code via long strings in the first four arguments to the Start method.
by shinnai
CVE-2007-6608 EXPLOITDB html VERIFIED
OpenBiblio <0.5.2-pre4 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in OpenBiblio 0.5.2-pre4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) LAST and (2) FIRST parameters to admin/staff_del_confirm.php, (3) the name parameter to admin/theme_del_confirm.php, or (4) the themeName parameter to admin/theme_preview.php.
by Juan Galiana Lara
CVE-2007-6699 EXPLOITDB html VERIFIED
AIM PicEditor 9.5.1.8 - Buffer Overflow
Multiple buffer overflows in the AIM PicEditor 9.5.1.8 ActiveX control in YGPPicEdit.dll in AOL You've Got Pictures (YGP) Picture Editor allow remote attackers to cause a denial of service (browser crash) via a long string in the (1) DisplayName, (2) FinalSavePath, (3) ForceSaveTo, (4) HiddenControls, (5) InitialEditorScreen, (6) Locale, (7) Proxy, and (8) UserAgent property values.
by Elazar Broad
CVE-2007-6513 EXPLOITDB html VERIFIED
HP eSupportDiagnostics ActiveX control <1.0.11.0 - Info Disclosure
HP eSupportDiagnostics ActiveX control (hpediag.dll) 1.0.11.0 exports dangerous methods, which allows remote attackers to (1) read arbitrary files via the ReadTextFile method, or (2) read arbitrary registry values via the ReadValue method.
by Elazar Broad
CVE-2007-6516 EXPLOITDB html VERIFIED
RavWare Software MAS Flic ActiveX Control <1.0.0.1 - Buffer Overflow
Buffer overflow in RavWare Software MAS Flic ActiveX Control (masflc.ocx) 1.0.0.1 allows remote attackers to execute arbitrary code via a long FileName property.
by shinnai
CVE-2007-6493 EXPLOITDB html VERIFIED
iMesh <7.1.0.x - RCE
The IMWeb.IMWebControl.1 ActiveX control in IMWeb.dll 7.0.0.x, and possibly IMWebControl.dll, in iMesh 7.1.0.x and earlier allows remote attackers to execute arbitrary code via a certain argument to the SetHandler method.
by rgod
CVE-2007-6332 EXPLOITDB html VERIFIED
HPInfoDLL.HPInfo.1 - Registry Access
The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, on Microsoft Windows before Vista allows remote attackers to create or modify arbitrary registry values via the arguments to the SetRegValue method.
by porkythepig
CVE-2007-6331 EXPLOITDB html VERIFIED
HPInfoDLL.HPInfo.1 - Path Traversal
Absolute path traversal vulnerability in the HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier allows remote attackers to execute arbitrary programs via the first argument to the LaunchApp method. NOTE: only a user-assisted attack is possible on Windows Vista.
by porkythepig
CVE-2007-6333 EXPLOITDB html VERIFIED
HPInfoDLL.HPInfo.1 - Info Disclosure
The HPInfoDLL.HPInfo.1 ActiveX control in HPInfoDLL.dll 1.0, as shipped with HP Info Center (hpinfocenter.exe) 1.0.1.1 in HP Quick Launch Button (QLBCTRL.exe, aka QLB) 6.3 and earlier, allows remote attackers to read arbitrary registry values via the arguments to the GetRegValue method.
by porkythepig
CVE-2007-6327 EXPLOITDB html VERIFIED
Online Media Technologies AVSMJPEGFILE.DLL 1.1.1.102 - Buffer Overflow
Buffer overflow in a certain ActiveX control in Online Media Technologies AVSMJPEGFILE.DLL 1.1.1.102 allows remote attackers to execute arbitrary code via a long first argument to the CreateStill method.
by shinnai
By Source
All 2,054 Exploitdb 50,121 Writeup 46,751 Nomisec 21,200 Metasploit 3,189 Github 2,250 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,738 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 68 go 41 postscript 25 xml 24