Html Exploits

2,054 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-5779 EXPLOITDB html VERIFIED
Gom Player - Memory Corruption
Buffer overflow in the GomManager (GomWeb Control) ActiveX control in GomWeb3.dll 1.0.0.12 in Gretech Online Movie Player (GOM Player) 2.1.6.3499 allows remote attackers to execute arbitrary code via a long argument to the OpenUrl method.
by rgod
CVE-2007-5722 EXPLOITDB html VERIFIED
Ourgame.com Globallink - Memory Corruption
Stack-based buffer overflow in a certain ActiveX control in GLChat.ocx 2.5.1.32 in GlobalLink 2.7.0.8, as used in Ourgame GLWorld and possibly other products, allows remote attackers to execute arbitrary code via a long first argument to the ConnectAndEnterRoom method, possibly involving the GLCHAT.GLChatCtrl.1 control, as originally exploited in the wild in October 2007. NOTE: some of these details are obtained from third party information. NOTE: this was originally reported as a heap-based issue by some sources.
by anonymous
EIP-2026-103568 EXPLOITDB html VERIFIED
Mozilla FireFox 2.0.8 - Sidebar Bookmark Persistent Denial of Service
by The Hacker Webzine
EIP-2026-103566 EXPLOITDB html VERIFIED
Mozilla Firefox 2.0.0.7 - Malformed XBL Constructor Remote Denial of Service
by Soroush Dalili
CVE-2007-5446 EXPLOITDB html VERIFIED
Perfection Bytes Pbemail - Path Traversal
Absolute path traversal vulnerability in a certain ActiveX control in PBEmail7Ax.dll in PBEmail 7 ActiveX Edition allows remote attackers to create or overwrite arbitrary files via a full pathname in the XmlFilePath argument to the SaveSenderToXml method.
by Katatafish
CVE-2007-5450 EXPLOITDB html VERIFIED
Apple Safari - Memory Corruption
Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouch) and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service (application crash), and enable filesystem browsing by the local user, via a certain TIFF file.
by Niacin & Dre
CVE-2007-5322 EXPLOITDB html VERIFIED
Microsoft Visual Foxpro - OS Command Injection
Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX control in Microsoft Visual FoxPro 6.0 allows remote attackers to execute arbitrary programs by specifying them as an argument to the FoxDoCmd function.
by shinnai
EIP-2026-119031 EXPLOITDB html VERIFIED
Pegasus Imaging ThumbnailXpress 1.0 - Arbitrary File Deletion
by shinnai
CVE-2007-5320 EXPLOITDB html VERIFIED
Pegasus Imaging Imagxpress - Path Traversal
Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll).
by shinnai
CVE-2007-5257 EXPLOITDB html VERIFIED
Edraw Office Viewer Component < 5.3.220.1 - Memory Corruption
Stack-based buffer overflow in the EDraw.OfficeViewer ActiveX control in officeviewer.ocx in EDraw Office Viewer Component 5.3.220.1 and earlier allows remote attackers to execute arbitrary code via long strings in the first and second arguments to the FtpDownloadFile method, a different vector than CVE-2007-4821 and CVE-2007-3169.
by shinnai
CVE-2007-5219 EXPLOITDB html VERIFIED
Cyberlink Powerdvd - Path Traversal
Directory traversal vulnerability in the CLAVSetting.CLSetting.1 ActiveX control in CLAVSetting.DLL 1.00.1829 in the CLAVSetting module in CyberLink PowerDVD 7.0 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the CreateNewFile method.
by rgod
CVE-2007-4174 EXPLOITDB html VERIFIED
Tor <0.1.2.16 - Command Injection
Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node.
by elgCrew
CVE-2007-5158 EXPLOITDB html VERIFIED
Microsoft Internet Explorer 6.0 - XSS
The focus handling for the onkeydown event in Microsoft Internet Explorer 6.0 allows remote attackers to change field focus and copy keystrokes via a certain use of a JavaScript htmlFor attribute, as demonstrated by changing focus from a textarea to a file upload field, a related issue to CVE-2007-3511.
by Ronald van den Heetkamp
CVE-2007-5110 EXPLOITDB html VERIFIED
EB Design PTY LTD Ebcrypt - Path Traversal
Absolute path traversal vulnerability in the EbCrypt.eb_c_PRNGenerator.1 ActiveX control in EBCRYPT.DLL 2.0.0.2087 and earlier in EB Design ebCrypt allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveToFile method. NOTE: some of these details are obtained from third party information.
by shinnai
CVE-2007-5107 EXPLOITDB html VERIFIED
Ask.com Ask Toolbar < 4.0.2.53 - Memory Corruption
Stack-based buffer overflow in the AskJeevesToolBar.SettingsPlugin.1 ActiveX control in askBar.dll in IAC Search & Media ask.com Ask Toolbar 4.0.2.53 and earlier allows remote attackers to execute arbitrary code via a long ShortFormat property value. NOTE: some of these details are obtained from third party information. NOTE: the researcher claims that this is the same as CVE-2007-5108, but there is insufficient detail for CVE-2007-5108 to be certain.
by Joey Mengele
CVE-2007-5111 EXPLOITDB html VERIFIED
EB Design PTY LTD Ebcrypt - Denial of Service
A certain ActiveX control in EBCRYPT.DLL 2.0 in EB Design ebCrypt allows remote attackers to cause a denial of service (crash) via a string argument to the AddString method.
by shinnai
CVE-2007-5108 EXPLOITDB html VERIFIED
IAC Search & Media ask.com toolbar - Unknown Vuln
Unspecified vulnerability in IAC Search & Media ask.com toolbar has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. NOTE: this might be the same issue as CVE-2007-5107.
by Joey Mengele
CVE-2007-5070 EXPLOITDB html VERIFIED
Quiksoft Easymail Messageprinter Object - Memory Corruption
Heap-based buffer overflow in the EasyMailMessagePrinter ActiveX control in emprint.DLL 6.0.1.0 in the Quiksoft EasyMail MessagePrinter Object allows remote attackers to execute arbitrary code via a long string in the first argument to the SetFont method.
by rgod
CVE-2007-5060 EXPLOITDB html VERIFIED
Xcms - CSRF
Cross-site request forgery (CSRF) vulnerability in the cpass functionality in an admin action in index.php in XCMS allows remote attackers to change arbitrary passwords via certain password_ and rpassword_ parameters, possibly related to timestamp values.
by x0kster
CVE-2007-5105 EXPLOITDB html VERIFIED
Wordpress - XSS
Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the user_email parameter.
by Adrian Pastor
CVE-2007-5064 EXPLOITDB html VERIFIED
Xunlei Web Thunder - Memory Corruption
Buffer overflow in a certain ActiveX control in Xunlei Web Thunder 5.6.9.344, possibly the DapPlayer ActiveX control in DapPlayer_Now.dll, allows remote attackers to execute arbitrary code via a long first argument to the DownURL2 method. NOTE: some of these details are obtained from third party information.
by 7jdg
CVE-2007-5017 EXPLOITDB html VERIFIED
Yahoo Messenger - Path Traversal
Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method.
by shinnai
CVE-2007-4983 EXPLOITDB html VERIFIED
Cowon America Jetaudio - Path Traversal
Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX control in JetFlExt.dll in jetAudio 7.0.3 Basic and 7.0.3.3016 allows remote attackers to create or overwrite arbitrary local files via a ..\ (dot dot backslash) in the second argument to the DownloadFromMusicStore method. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for code execution by overwriting JetAudio.exe, which is launched by the control after completion of the method call.
by h07
CVE-2007-5019 EXPLOITDB html VERIFIED
SUN Java Web Start - Memory Corruption
Buffer overflow in the Sun Java Web Start ActiveX control in Java Runtime Environment (JRE) 1.6.0_X allows remote attackers to have an unknown impact via a long argument to the dnsResolve (isInstalled.dnsResolve) method.
by YAG KOHHA
CVE-2007-4982 EXPLOITDB html VERIFIED
MW6 Technologies Qrcode Activex < 3.0.0.1 - Path Traversal
Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCode.1 ActiveX control in MW6QRCode.dll in MW6 Technologies QRCode ActiveX 3.0.0.1 and earlier allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveAsBMP or (2) SaveAsWMF method. NOTE: some of these details are obtained from third party information.
by shinnai
By Source
All 2,054 Exploitdb 50,121 Writeup 46,758 Nomisec 21,200 Metasploit 3,189 Github 2,253 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,740 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 69 go 41 postscript 25 xml 24