Html Exploits
2,055 exploits tracked across all sources.
Microsoft Internet Explorer 6 - 'mshtml.dll div' Denial of Service
by rgod
Microsoft Internet Explorer 6 - 'mshtml.dll datasrc' Denial of Service
by BuHa
Microsoft Internet Explorer 6 - PRE Tag Multiple Single Tags Denial of Service Vulnerabilities
by Markus Heer
Mozilla Firefox 1.04 - 'compareTo()' Remote Code Execution
by Aviv Raff
K-meleon < 0.9 - Buffer Overflow
Mozilla Firefox 1.5, Netscape 8.0.4 and 7.2, and K-Meleon before 0.9.12 allows remote attackers to cause a denial of service (CPU consumption and delayed application startup) via a web site with a large title, which is recorded in history.dat but not processed efficiently during startup. NOTE: despite initial reports, the Mozilla vendor does not believe that this issue can be used to trigger a crash or buffer overflow in Firefox. Also, it has been independently reported that Netscape 8.1 does not have this issue.
by ZIPLOCK
Mozilla Firefox 1.5 - 'history.dat' Looping (PoC)
by ZIPLOCK
Virtual Programming Vp-asp - XSS
Cross-site scripting (XSS) vulnerability in shopadmin.asp in VP-ASP Shopping Cart 5.50 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter.
by ConcorDHacK
Opera Web Browser 8.0/8.5 - HTML Form Status Bar Misrepresentation
by Sverx
Elite Forum - XSS
Cross-site scripting (XSS) vulnerability in Elite Forum 1.0.0.0 allows remote attackers to inject arbitrary web script or HTML via a Post Reply to a topic, in which the reply contains a javascript: URL in an <img> tag.
by gladiator
Microsoft Internet Explorer 6 - 'mshtmled.dll' Denial of Service
by Tom Ferris
Search Enhanced - XSS
Cross-site scripting (XSS) vulnerability in the Search_Enhanced module in PHP-Nuke 7.9 allows remote attackers to inject arbitrary web script or HTML via the query parameter.
by bhfh01
Techno Dreams (Multiple Scripts) - Multiple SQL Injections
by farhad koosha
Siteturn Domain Manager Pro - XSS
Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager Pro allows remote attackers to inject arbitrary web script or HTML via the err parameter in the panel script.
by farhad koosha
Mozilla Firefox 1.0.7 (Mozilla 1.7.12) - Denial of Service
by Kubbo
Opera <8.02 - DoS
Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a crafted HTML file with a "content: url(0);" style attribute, a "bodyA" tag, a long string, and a "u" tag with a long attribute, as demonstrated by opera.html; and (2) a BGSOUND element with a "margin:-99;" STYLE attribute.
by posidron
Opera <8.02 - DoS
Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a crafted HTML file with a "content: url(0);" style attribute, a "bodyA" tag, a long string, and a "u" tag with a long attribute, as demonstrated by opera.html; and (2) a BGSOUND element with a "margin:-99;" STYLE attribute.
by posidron
Mozilla Firefox 1.0.7 / Thunderbird 1.0.6 - Denial of Service
by posidron
MuOnline Loopholes Web Server - 'pkok.asp' SQL Injection
by nukedx
aeNovo <version> - SQL Injection
Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop and (3) aeNovoWYSI allow remote attackers to execute arbitrary SQL code via (a) the password parameter in control.asp, and (b) the strSQL parameter in search.asp, which can enable XSS attacks in resulting error messages.
by farhad koosha
Mozilla Firefox 1.0.7 - Integer Overflow Denial of Service
by Georgi Guninski
Mozilla Firefox <1.0.6 - Buffer Overflow
Buffer overflow in the International Domain Name (IDN) support in Mozilla Firefox 1.0.6 and earlier, and Netscape 8.0.3.3 and 7.2, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a hostname with all "soft" hyphens (character 0xAD), which is not properly handled by the NormalizeIDN call in nsStandardURL::BuildNormalizedSpec.
by Skylined
Mozilla Products - 'Host:' Buffer Overflow (Denial of Service) (PoC) String
by Tom Ferris
CMS Made Simple <0.10 - RCE
PHP remote file inclusion vulnerability in lang.php in CMS Made Simple 0.10 and earlier allows remote attackers to execute arbitrary PHP code via the nls[file][vx][vxsfx] parameter.
by groszynskif
Microsoft Internet Explorer 5.2.3 - DoS
Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers to cause a denial of service (crash) via a web page with malformed attributes in a BGSOUND tag, possibly involving double-quotes in an about: URI.
by Mella Marco
Microsoft IE - Denial of Service
Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including (1) devenum.dll, (2) diactfrm.dll, (3) wmm2filt.dll, (4) fsusd.dll, (5) dmdskmgr.dll, (6) browsewm.dll, (7) browseui.dll, (8) shell32.dll, (9) mshtml.dll, (10) inetcfg.dll, (11) infosoft.dll, (12) query.dll, (13) syncui.dll, (14) clbcatex.dll, (15) clbcatq.dll, (16) comsvcs.dll, and (17) msconf.dll, which causes memory corruption, aka "COM Object Instantiation Memory Corruption Vulnerability," a different vulnerability than CVE-2005-2087.
by FrSIRT
By Source