Html Exploits

2,055 exploits tracked across all sources.

Sort: Activity Stars
CVE-2007-4489 EXPLOITDB html VERIFIED
eCentrex VOIP Client <2.0.1 - Buffer Overflow
Buffer overflow in the IUAComFormX ActiveX control in uacomx.ocx 2.0.1 in the eCentrex VOIP Client module allows remote attackers to execute arbitrary code via a long Username argument to the ReInit method.
by rgod
CVE-2007-4420 EXPLOITDB html VERIFIED
EDraw Office Viewer Component 5.1 - Path Traversal
Absolute path traversal vulnerability in a certain ActiveX control in officeviewer.ocx 5.1.199.1 in EDraw Office Viewer Component 5.1 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the HttpDownloadFile method, a different vulnerability than CVE-2007-3168 and CVE-2007-3169.
by shinnai
CVE-2007-1749 EXPLOITDB html VERIFIED
Microsoft Internet Explorer - Buffer Overflow
Integer underflow in the CDownloadSink class code in the Vector Markup Language (VML) component (VGX.DLL), as used in Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code via compressed content with an invalid buffer size, which triggers a heap-based buffer overflow.
by Ben Nagy & Derek Soeder
CVE-2007-3386 EXPLOITDB html VERIFIED
Apache Tomcat - XSS
Cross-site scripting (XSS) vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action.
by NTT OSS CENTER
CVE-2007-4336 EXPLOITDB html VERIFIED
Microsoft DirectX Media 6.0 - Buffer Overflow
Buffer overflow in the Live Picture Corporation DXSurface.LivePicture.FlashPix.1 (DirectTransform FlashPix) ActiveX control in DXTLIPI.DLL 6.0.2.827, as packaged in Microsoft DirectX Media 6.0 SDK, allows remote attackers to execute arbitrary code via a long SourceUrl property value.
by h07
CVE-2007-4318 EXPLOITDB html VERIFIED
ZyNOS 3.62(WK.6) - XSS
Cross-site scripting (XSS) vulnerability in Forms/General_1 in the management interface in ZyNOS firmware 3.62(WK.6) on the Zyxel Zywall 2 device allows remote authenticated administrators to inject arbitrary web script or HTML via the sysSystemName parameter.
by Henri Lindberg
CVE-2007-4252 EXPLOITDB html VERIFIED
CkString.dll <1.1 - Path Traversal
Absolute path traversal vulnerability in a certain ActiveX control in CkString.dll 1.1 and earlier in CHILKAT ASP String allows remote attackers to create or overwrite arbitrary files via a full pathname in the first argument to the SaveToFile method, a different vulnerability than CVE-2007-3633.
by shinnai
CVE-2007-4174 EXPLOITDB html VERIFIED
Tor <0.1.2.16 - Command Injection
Tor before 0.1.2.16, when ControlPort is enabled, does not properly restrict commands to localhost port 9051, which allows remote attackers to modify the torrc configuration file, compromise anonymity, and have other unspecified impact via HTTP POST data containing commands without valid authentication, as demonstrated by an HTML form (1) hosted on a web site or (2) injected by a Tor exit node.
by anonymous
CVE-2007-4034 EXPLOITDB html VERIFIED
Yahoo! Installer Plugin for Widgets <2007.7.13.3 - Buffer Overflow
Stack-based buffer overflow in the YDPCTL.YDPControl.1 (aka Yahoo! Installer Plugin for Widgets) ActiveX control before 2007.7.13.3 (20070620) in YDPCTL.dll in Yahoo! Widgets before 4.0.5 allows remote attackers to execute arbitrary code via a long argument to the GetComponentVersion method. NOTE: some of these details are obtained from third party information.
by lhoang8500
CVE-2007-4145 EXPLOITDB html VERIFIED
BlueSkychat V2.V2Ctrl.1 <8.1.2.0 - Buffer Overflow
Heap-based buffer overflow in the BlueSkychat (BlueSkyCat) ActiveX control (V2.V2Ctrl.1) in v2.ocx 8.1.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the second argument to the ConnecttoServer method.
by Code Audit Labs
CVE-2006-4301 EXPLOITDB html VERIFIED
Microsoft IE - Improper Input Validation
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (crash) via a long Color attribute in multiple DirectX Media Image DirectX Transforms ActiveX COM Objects from (a) dxtmsft.dll and (b) dxtmsft3.dll, including (1) DXImageTransform.Microsoft.MaskFilter.1, (2) DXImageTransform.Microsoft.Chroma.1, and (3) DX3DTransform.Microsoft.Shapes.1.
by DeltahackingTEAM
CVE-2007-4155 EXPLOITDB html VERIFIED
EMC VMware 6.0.0 - Path Traversal
Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first two arguments to the (1) CreateProcess or (2) CreateProcessEx method.
by callAX
CVE-2007-4058 EXPLOITDB html VERIFIED
EMC VMware 6.0.0 - Path Traversal
Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll 2.2.5.42958 in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first argument to the StartProcess method.
by callAX
CVE-2007-4105 EXPLOITDB html VERIFIED
BaiduBar.dll - RCE
A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 allows remote attackers to execute arbitrary code via a request containing "a link to download and a file to execute," possibly involving remote file inclusion.
by cocoruder
CVE-2007-4059 EXPLOITDB html VERIFIED
EMC VMware <5.5.3.42958 - Path Traversal
Absolute path traversal vulnerability in a certain ActiveX control in IntraProcessLogging.dll 5.5.3.42958 in EMC VMware allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SetLogFileName method.
by callAX
CVE-2007-4061 EXPLOITDB html VERIFIED
Nessus Vulnerability Scanner <3.0.6 - Path Traversal
Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in the argument to the saveNessusRC method, which writes text specified by the addsetConfig method, possibly related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll. NOTE: this can be leveraged for code execution by writing to a Startup folder.
by h07
CVE-2007-4062 EXPLOITDB html VERIFIED
Nessus Vulnerability Scanner <3.0.6 - Path Traversal
The SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via unspecified vectors involving the deleteNessusRC method, probably a directory traversal vulnerability.
by h07
EIP-2026-118916 EXPLOITDB html VERIFIED
mlsrvx.dll 1.8.9.1 ArGoSoft Mail Server - Data Write/Code Execution
by callAX
CVE-2007-4031 EXPLOITDB html VERIFIED
Nessus Vulnerability Scanner <3.0.6 - Path Traversal
Directory traversal vulnerability in a certain ActiveX control in Nessus Vulnerability Scanner 3.0.6 allows remote attackers to delete arbitrary files via a .. (dot dot) in the argument to the deleteReport method, probably related to the SCANCTRL.ScanCtrlCtrl.1 ActiveX control in scan.dll.
by h07
CVE-2007-4067 EXPLOITDB html VERIFIED
Clever Internet ActiveX Suite 6.2 - Path Traversal
Absolute path traversal vulnerability in the clInetSuiteX6.clWebDav ActiveX control in CLINETSUITEX6.OCX in Clever Internet ActiveX Suite 6.2 allows remote attackers to create or overwrite arbitrary files via a full pathname in the second argument to the GetToFile method. NOTE: some of these details are obtained from third party information.
by shinnai
CVE-2007-3955 EXPLOITDB html VERIFIED
Linkedin Toolbar - Buffer Overflow
Buffer overflow in the IEToolbar.IEContextMenu.1 ActiveX control in LinkedInIEToolbar.dll in the LinkedIn Toolbar 3.0.2.1098 allows remote attackers to execute arbitrary code via a long second argument (varBrowser argument) to the search method. NOTE: some of these details are obtained from third party information.
by Jared DeMott
EIP-2026-113247 EXPLOITDB html VERIFIED
Webbler CMS 3.1.3 - Mail A Friend Open Email Relay
by Adrian Pastor
CVE-2007-3984 EXPLOITDB html VERIFIED
Zenturi Programchecker - Buffer Overflow
Buffer overflow in a certain ActiveX control in the NixonMyPrograms class in sasatl.dll 1.5.0.531 in Zenturi ProgramChecker allows remote attackers to execute arbitrary code via a long argument to the Scan method. NOTE: this is probably a different issue than CVE-2007-2987.
by shinnai
CVE-2007-3989 EXPLOITDB html VERIFIED
ASP Indir Dora Emlak - XSS
Multiple cross-site scripting (XSS) vulnerabilities in default.asp in Dora Emlak 1.0, when the goster parameter is set to iletisim, allow remote attackers to inject arbitrary web script or HTML via the (1) Adiniz and (2) Soyadiniz parameters; and possibly other unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by GeFORC3
CVE-2007-3991 EXPLOITDB html VERIFIED
ASP Indir Cvmatik < 1.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in cv.asp in Asp cvmatik 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Adiniz (Ady), (2) Soyadiniz (Soyady), (3) Ehliyet, (4) Askerlik, and (5) GSM parameters; and possibly other unspecified vectors.
by GeFORC3
By Source
All 2,055 Exploitdb 50,121 Writeup 46,830 Nomisec 21,202 Metasploit 3,189 Github 2,258 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,742 c 3,550 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 69 go 41 postscript 25 xml 24