Html Exploits
2,055 exploits tracked across all sources.
Apple Safari - Denial of Service
Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to cause a denial of service (crash) via certain Javascript, possibly involving a function that defines a handler for itself within the function body.
by Patrick Webster
Invision Power Board IPB 1.0.3 - XSS
Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML.
by V[i]RuS
E107 Website System 0.6 - Attached File Cross-Site Scripting
by edward11
SPI Dynamics WebInspect 5.0.196 - Cross Application Script Injection
Firefox 1.0.3-1.0.4 & Netscape 8.0.2 - RCE
Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers to execute arbitrary code by tricking the user into using the "Set As Wallpaper" (in Firefox) or "Set as Background" (in Netscape) context menu on an image URL that is really a javascript: URL with an eval statement, aka "Firewalling."
by Michael Krax
Microsoft IE - Resource Management Error
Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.
by k-otik
Microsoft Internet Explorer - Multiple Stack Overflows Crashs
by Benjamin Franz
Microsoft Internet Explorer - JavaScript 'window()' Crash
by Benjamin Franz
Mozilla Firefox - view-source:JavaScript url Code Execution
by mikx
D-Link DSL-504T - Auth Bypass
D-Link DSL-504T allows remote attackers to bypass authentication and gain privileges, such as upgrade firmware, restart the router or restore a saved configuration, via a direct request to firmwarecfg.
by Francesco Orro
Firefox <1.0.4 & Mozilla Suite <1.7.8 - Privilege Escalation
Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.
by moz_bug_r_a4
Firefox 1.0.3 - XSS
Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477.
by Edward Gagnon
phpMyVisites 1.3 - Info Disclosure
set_lang.php in phpMyVisites 1.3 allows remote attackers to read and include arbitrary files via the mylang parameter.
by Max Cerny
Microsoft Internet Explorer - DHTML Object Memory Corruption
by Skylined
Microsoft Internet Explorer - Buffer Overflow
Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."
by Skylined
PHP-Nuke <7.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads module.
Maxthon 1.2.0 - Info Disclosure
Maxthon 1.2.0 allows remote malicious web sites to obtain potentially sensitive data from the search bar via the m2_search_text property.
by Aviv Raff
Php Fusion - XSS
Cross-site scripting (XSS) vulnerability in setuser.php of the Digitanium addon to PHP-Fusion 5.01 allows remote attackers to inject arbitrary web script or HTML via the (1) user_name or (2) user_pass parameters.
by PersianHacker Team
Phpopenchat - XSS
Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows remote attackers to inject arbitrary web script or HTML via (1) the chatter parameter to regulars.php or (2) the chatter, chatter1, chatter2, chatter3, or chatter4 parameters to register.php.
by PersianHacker Team
HolaCMS 1.4.9-1 - Path Traversal
Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote attackers to overwrite arbitrary files via a "holaDB/votes" followed by a .. (dot dot) in the vote_filename parameter, which bypasses the check by HolaCMS to ensure that the file is in the holaDB/votes directory.
by Virginity Security
HolaCMS 1.4.9 - File Access
HolaCMS 1.4.9 does not restrict file access to the holaDB/votes directory, which allows remote attackers to overwrite arbitrary files via a modified vote_filename parameter.
by Virginity Security
Microsoft Internet Explorer 6 - Pop-up Window Title Bar Spoofing
by bitlance winter
Netscape Navigator 7.2 - Infinite Array Sort Denial of Service
by Berend-Jan Wever
By Source