Html Exploits
2,076 exploits tracked across all sources.
Mozilla FireFox 2.0.8 - Sidebar Bookmark Persistent Denial of Service
by The Hacker Webzine
Mozilla Firefox 2.0.0.7 - Malformed XBL Constructor Remote Denial of Service
by Soroush Dalili
PBEmail 7 ActiveX Edition - Unauthenticated Arbitrary File Write via SaveSenderToXml XmlFilePath Argument
Absolute path traversal vulnerability in a certain ActiveX control in PBEmail7Ax.dll in PBEmail 7 ActiveX Edition allows remote attackers to create or overwrite arbitrary files via a full pathname in the XmlFilePath argument to the SaveSenderToXml method.
by Katatafish
Safari on iPod touch and iPhone 1.1.1 - Denial of Service and Filesystem Exposure via TIFF File
Unspecified vulnerability in Safari on the Apple iPod touch (aka iTouch) and iPhone 1.1.1 allows user-assisted remote attackers to cause a denial of service (application crash), and enable filesystem browsing by the local user, via a certain TIFF file.
by Niacin & Dre
Microsoft Visual FoxPro 6.0 - Remote Code Execution via FPOLE.OCX FoxDoCmd Function
Insecure method vulnerability in the FPOLE.OCX 6.0.8450.0 ActiveX control in Microsoft Visual FoxPro 6.0 allows remote attackers to execute arbitrary programs by specifying them as an argument to the FoxDoCmd function.
by shinnai
Pegasus Imaging ThumbnailXpress 1.0 - Arbitrary File Deletion
by shinnai
Pegasus Imaging ImagXpress 8.0 - Path Traversal via CacheFile and CompactFile Attributes
Multiple absolute path traversal vulnerabilities in Pegasus Imaging ImagXpress 8.0 allow remote attackers to (1) delete arbitrary files via the CacheFile attribute in the ThumbnailXpres.1 ActiveX control (PegasusImaging.ActiveX.ThumnailXpress1.dll) or (2) overwrite arbitrary files via the CompactFile function in the ImagXpress.8 ActiveX control (PegasusImaging.ActiveX.ImagXpress8.dll).
by shinnai
EDraw Office Viewer Component < 5.3.220.1 - Stack-Based Buffer Overflow via FtpDownloadFile Method
Stack-based buffer overflow in the EDraw.OfficeViewer ActiveX control in officeviewer.ocx in EDraw Office Viewer Component 5.3.220.1 and earlier allows remote attackers to execute arbitrary code via long strings in the first and second arguments to the FtpDownloadFile method, a different vector than CVE-2007-4821 and CVE-2007-3169.
by shinnai
CyberLink PowerDVD 7.0 - Path Traversal and Arbitrary File Write via CLAVSetting ActiveX CreateNewFile Method
Directory traversal vulnerability in the CLAVSetting.CLSetting.1 ActiveX control in CLAVSetting.DLL 1.00.1829 in the CLAVSetting module in CyberLink PowerDVD 7.0 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the CreateNewFile method.
by rgod
Tor < 0.1.2.16 - Unauthenticated Configuration Modification via ControlPort
Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node.
by elgCrew
Microsoft Internet Explorer 6.0 - XSS
The focus handling for the onkeydown event in Microsoft Internet Explorer 6.0 allows remote attackers to change field focus and copy keystrokes via a certain use of a JavaScript htmlFor attribute, as demonstrated by changing focus from a textarea to a file upload field, a related issue to CVE-2007-3511.
by Ronald van den Heetkamp
EB Design ebCrypt <= 2.0.0.2087 - Arbitrary File Write via SaveToFile Method
Absolute path traversal vulnerability in the EbCrypt.eb_c_PRNGenerator.1 ActiveX control in EBCRYPT.DLL 2.0.0.2087 and earlier in EB Design ebCrypt allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SaveToFile method. NOTE: some of these details are obtained from third party information.
by shinnai
ask.com ask_toolbar < 4.0.2.53 - Stack-based Buffer Overflow via ShortFormat Property
Stack-based buffer overflow in the AskJeevesToolBar.SettingsPlugin.1 ActiveX control in askBar.dll in IAC Search & Media ask.com Ask Toolbar 4.0.2.53 and earlier allows remote attackers to execute arbitrary code via a long ShortFormat property value. NOTE: some of these details are obtained from third party information. NOTE: the researcher claims that this is the same as CVE-2007-5108, but there is insufficient detail for CVE-2007-5108 to be certain.
by Joey Mengele
EB Design ebCrypt - Denial of Service via AddString Method
A certain ActiveX control in EBCRYPT.DLL 2.0 in EB Design ebCrypt allows remote attackers to cause a denial of service (crash) via a string argument to the AddString method.
by shinnai
Ask.com Toolbar - Unspecified Remote Vulnerability
Unspecified vulnerability in IAC Search & Media ask.com toolbar has unknown impact and remote attack vectors. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine. NOTE: this might be the same issue as CVE-2007-5107.
by Joey Mengele
Quiksoft EasyMail MessagePrinter Object 6.0.1.0 - Heap-Based Buffer Overflow via SetFont Method
Heap-based buffer overflow in the EasyMailMessagePrinter ActiveX control in emprint.DLL 6.0.1.0 in the Quiksoft EasyMail MessagePrinter Object allows remote attackers to execute arbitrary code via a long string in the first argument to the SetFont method.
by rgod
XCMS - Cross-Site Request Forgery via Password Change Functionality
Cross-site request forgery (CSRF) vulnerability in the cpass functionality in an admin action in index.php in XCMS allows remote attackers to change arbitrary passwords via certain password_ and rpassword_ parameters, possibly related to timestamp values.
by x0kster
WordPress 2.0-2.0.1 - Cross-Site Scripting via user_email Parameter
Cross-site scripting (XSS) vulnerability in wp-register.php in WordPress 2.0 and 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the user_email parameter.
by Adrian Pastor
Xunlei Web Thunder 5.6.9.344 - Buffer Overflow via DownURL2 Method
Buffer overflow in a certain ActiveX control in Xunlei Web Thunder 5.6.9.344, possibly the DapPlayer ActiveX control in DapPlayer_Now.dll, allows remote attackers to execute arbitrary code via a long first argument to the DownURL2 method. NOTE: some of these details are obtained from third party information.
by 7jdg
Yahoo Messenger 8.1.0.421 - Path Traversal and Arbitrary File Write via CYFT ActiveX GetFile Method
Absolute path traversal vulnerability in a certain ActiveX control in the CYFT object in ft60.dll in Yahoo! Messenger 8.1.0.421 allows remote attackers to force a download, and create or overwrite arbitrary files via a full pathname in the second argument to the GetFile method.
by shinnai
JetAudio 7.0.3 Basic and 7.0.3.3016 - Path Traversal and Arbitrary File Write via DownloadFromMusicStore Method
Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX control in JetFlExt.dll in jetAudio 7.0.3 Basic and 7.0.3.3016 allows remote attackers to create or overwrite arbitrary local files via a ..\ (dot dot backslash) in the second argument to the DownloadFromMusicStore method. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for code execution by overwriting JetAudio.exe, which is launched by the control after completion of the method call.
by h07
Java Web Start ActiveX Control - Buffer Overflow via dnsResolve Method
Buffer overflow in the Sun Java Web Start ActiveX control in Java Runtime Environment (JRE) 1.6.0_X allows remote attackers to have an unknown impact via a long argument to the dnsResolve (isInstalled.dnsResolve) method.
by YAG KOHHA
MW6 QRCode ActiveX < 3.0.0.1 - Arbitrary File Write via SaveAsBMP or SaveAsWMF Method
Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCode.1 ActiveX control in MW6QRCode.dll in MW6 Technologies QRCode ActiveX 3.0.0.1 and earlier allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveAsBMP or (2) SaveAsWMF method. NOTE: some of these details are obtained from third party information.
by shinnai
Apple QuickTime /w IE .qtl Version XAS - Remote
by Aviv Raff
HP Photo and Imaging Gallery - Heap-Based Buffer Overflow via Long First Argument
Heap-based buffer overflow in the FileFind::FindFile method in (1) MFC42.dll, (2) MFC42u.dll, (3) MFC71.dll, and (4) MFC71u.dll in Microsoft Foundation Class (MFC) Library 8.0, as used by the ListFiles method in hpqutil.dll 2.0.0.138 in Hewlett-Packard (HP) All-in-One and Photo & Imaging Gallery 1.1 and probably other products, allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long first argument.
by GOODFELLAS
By Source