Html Exploits
2,055 exploits tracked across all sources.
Epic Designs Eggblog < 3.0.6 - SQL Injection
SQL injection vulnerability in rss/posts.php in Eggblog before 3.07 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by nukedx
Microsoft Internet Explorer 6.0 - RCE
Unspecified vulnerability in Microsoft Internet Explorer 6.0 allows remote attackers to execute HTA files via unknown vectors.
by Thomas Waldegger
Mozilla Firefox 1.5.0.3 - 'Loop' Denial of Service
by Gianni Amato
Microsoft Internet Explorer < 6.0.2900 - Denial of Service
Microsoft Internet Explorer 6.0.2900 SP2 and earlier allows remote attackers to cause a denial of service (crash) via a table element with a CSS attribute that sets the position, which triggers an "unhandled exception" in mshtml.dll.
by seven
CVSS 6.5
Openfaq - XSS
Cross-site scripting vulnerability in submit.php in OpenFAQ 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
by Kamil Sienicki
Microsoft IE - Race Condition
Microsoft Internet Explorer before Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1, when Prompt is configured in Security Settings, uses modal dialogs to verify that a user wishes to run an ActiveX control or perform other risky actions, which allows user-assisted remote attackers to construct a race condition that tricks a user into clicking an object or pressing keys that are actually applied to a "Yes" approval for executing the control.
by Matthew Murphy
Apple Mac OSX Safari 2.0.3 (417.9.2) - Multiple Vulnerabilities
by Tom Ferris
Apple Safari - Denial of Service
Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute.
by Yannick von Arx
Mozilla Firefox - Resource Management Error
Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. NOTE: this was originally claimed to be a buffer overflow in (1) js320.dll and (2) xpcom_core.dll, but the vendor disputes this claim.
by splices
Mozilla Firefox 1.5.0.1 / Camino 1.0 - Null Pointer Dereference Crash
by BuHa
Microsoft Internet Explorer <7 - RCE/DoS
Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
by darkeagle
Microsoft Internet Explorer 6 - 'mshtml.dll checkbox' Crash
by Stelian Ene
Microsoft Internet Explorer 6 - Script Action Handlers 'mshtml.dll' Denial of Service
by Michal Zalewski
JiRo's Banner System Experience and Professional <1.0 - Privilege E...
JiRo's Banner System Experience and Professional 1.0 and earlier allows remote attackers to bypass access restrictions and gain privileges via a direct request to certain scripts in the files directory, as demonstrated by using addadmin.asp to create a new administrator account.
by nukedx
Pentacle In-Out Board 6.03 - 'login.asp' Remote Authentication Bypass
by nukedx
Devellion Cubecart - Path Traversal
CubeCart 3.0 through 3.6 does not properly check authorization for an administration session because of a missing auth.inc.php include, which results in an absolute path traversal vulnerability in FileUpload in connector.php (aka upload.php) that allows remote attackers to upload arbitrary files via a modified CurrentFolder parameter in a direct request to admin/filemanager/upload.php.
by NSA Group
Mozilla Thunderbird < 1.0.7 - Improper Input Validation
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.
by Georgi Guninski
php-Nuke 6.0-7.9 - Auth Bypass
The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters.
by waraxe
Microsoft WMP <10 - RCE
Buffer overflow in the plug-in for Microsoft Windows Media Player (WMP) 9 and 10, when used in browsers other than Internet Explorer and set as the default application to handle media files, allows remote attackers to execute arbitrary code via HTML with an EMBED element containing a long src attribute.
by Matthew Murphy
Virtual Hosting Control System <2.4.7.1 - Privilege Escalation
The check_login function in login.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access.
by Roman Medina-Heigl Hernandez
Virtual Hosting Control System <2.4.7.1 - Info Disclosure
change_password.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not verify the old password when a user changes the password, which may allow remote attackers to gain unauthorized access.
by Roman Medina-Heigl Hernandez
Microsoft IE - Denial of Service
urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 (aka 7.0.5296.0) allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" (dash of hyphen) characters.
by Tom Ferris
Microsoft Internet Explorer 6.x - IMG / XML elements Denial of Service
by Inge Henriksen
By Source