Html Exploits
2,076 exploits tracked across all sources.
NCTAudioEditor and NCTAudioStudio - Arbitrary File Write via NCTWMAFile2.dll CreateFile Method
The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as distributed in NCTAudioEditor and NCTAudioStudio 2.7, allows remote attackers to overwrite arbitrary files via the CreateFile method.
by shinnai
Safari < 3.0.4 - Buffer Overflow via document.location.hash
Buffer overflow in Apple Safari 3.0.3 522.15.5, and other versions before Beta Update 3.0.4, allows remote attackers to cause a denial of service (crash) and possibly have other unspecified impact by setting document.location.hash to a long string. NOTE: the crash might actually occur in the alert method.
by Azizov E
RKD Software BarCodeAx.dll 4.9 - Stack-Based Buffer Overflow via BeginPrint Method
Stack-based buffer overflow in the BeginPrint method in a certain ActiveX control in RKD Software (barcodetools.com) BarCodeAx.dll 4.9 allows remote attackers to execute arbitrary code via a long argument.
by callAX
Apple Safari 3.0.1 (552.12.2) for Windows - Denial of Service via History Form Handling
corefoundation.dll in Apple Safari 3.0.1 (552.12.2) for Windows allows remote attackers to cause a denial of service (crash) via certain forms that trigger errors related to History, possibly involving multiple form fields with the same name.
by Lostmon
Microsoft Internet Explorer - Remote Code Execution via ActiveX Speech Control Buffer Overflow
Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.
by rgod
Microsoft Internet Explorer - Remote Code Execution via ActiveX Speech Control Buffer Overflow
Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS.
by rgod
Microsoft Office MSODataSourceControl ActiveX - Buffer Overflow via DeleteRecordSourceIfUnused Method
Buffer overflow in the Microsoft Office MSODataSourceControl ActiveX object allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to the DeleteRecordSourceIfUnused method.
by YAG KOHHA
TEC-IT TBarCode OCX <7.0.2.3524 - RCE
The TEC-IT TBarCode OCX ActiveX control (TBarCode7.ocx) 7.0.2.3524 allows remote attackers to overwrite arbitrary files via the SaveImage method.
by shinnai
Apple Safari 3 for Windows Beta - Remote Command Execution
by Thor Larholm
Apple Safari Beta 3.0.1 - Remote Code Execution via Gopher URI in IFRAME SRC
Apple Safari Beta 3.0.1 for Windows allows remote attackers to execute arbitrary commands via shell metacharacters in a URI in the SRC of an IFRAME, as demonstrated using a gopher URI.
by Thor Larholm
Internet Download Accelerator 5.2 - Buffer Overflow via idaiehlp ActiveX Control
Buffer overflow in the NotSafe function in the idaiehlp ActiveX control in idaiehlp.dll 1.9.1.74 in Internet Download Accelerator (ida) 5.2 allows remote attackers to cause a denial of service (Internet Explorer crash) via a long argument.
by DeltahackingTEAM
PHP Real Estate Classifieds Premium Plus - RCE
PHP remote file inclusion vulnerability in admin/header.php in PHP Real Estate Classifieds Premium Plus allows remote attackers to execute arbitrary PHP code via a URL in the loc parameter.
by not sec group
Zenturi ProgramChecker - ActiveX Multiple Insecure Methods
by shinnai
Zenturi ProgramChecker - 'ActiveX NavigateUrl()' Insecure Method
by shinnai
BlueCoat K9 Web Protection < 3.2.44 - Buffer Overflow via Long HTTP GET Request
Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, and probably other versions before 3.2.44, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request to port 2372.
by Dennis Rand
Yahoo! Messenger - Buffer Overflow via Webcam Viewer ActiveX Control
Buffer overflow in the Yahoo! Webcam Viewer ActiveX control in ywcvwr.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the receive method.
by Excepti0n
Yahoo! Messenger - Buffer Overflow in Webcam Upload ActiveX Control
Buffer overflow in the Yahoo! Webcam Upload ActiveX control in ywcupl.dll 2.0.1.4 for Yahoo! Messenger 8.1.0.249 allows remote attackers to execute arbitrary code via a long server property value to the send method. NOTE: some of these details are obtained from third party information.
by Excepti0n
newsSync 1.5.0rc6 - Remote File Inclusion via newsSync_NUKE_PATH Parameter
PHP remote file inclusion vulnerability in inc/nuke_include.php in newsSync 1.5.0rc6 allows remote attackers to execute arbitrary PHP code via a URL in the newsSync_NUKE_PATH parameter.
by GoLd_M
eSellerate SDK 3.6.5.0 - Buffer Overflow via GetWebStoreURL ActiveX Control
Buffer overflow in the GetWebStoreURL function in a certain ActiveX control in eSellerateControl365.dll 3.6.5.0 in eSellerate SDK allows user-assisted remote attackers to execute arbitrary code via a long first argument.
by shinnai
Microsoft Internet Explorer - Buffer Overflow
Buffer overflow in the Provideo Camimage ActiveX control in ISSCamControl.dll 1.0.1.5, when Internet Explorer 6 is used on Windows 2000 SP4, allows remote attackers to execute arbitrary code via a long URL property value.
by rgod
Zenturi ProgramChecker - Remote Code Execution via DebugMsgLog or DoFileProperties Methods
Multiple buffer overflows in certain ActiveX controls in sasatl.dll in Zenturi ProgramChecker allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the (1) DebugMsgLog or (2) DoFileProperties methods.
by shinnai
XOOPS icontent_module 4.5 - Remote File Inclusion via spaw_root Parameter
PHP remote file inclusion vulnerability in include/wysiwyg/spaw_control.class.php in the icontent 4.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a duplicate of CVE-2006-4656.
by GoLd_M
Vivotek MjpegControl - Stack-Based Buffer Overflow via PtzUrl Property
Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control (aka MjpegControl) in MjpegDecoder.dll 2.0.0.13 allows remote attackers to execute arbitrary code via a long PtzUrl property value.
by rgod
Zenturi ProgramChecker - Arbitrary File Download via ActiveX DownloadFile Function
A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker allows remote attackers to download arbitrary files to the client system via the DownloadFile function.
by shinnai
EDraw Office Viewer Component < 5.0 - Arbitrary File Deletion via DeleteLocalFile Method
A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFile method.
by shinnai
By Source