Html Exploits
2,055 exploits tracked across all sources.
Siteman <1.1.10 - Code Injection
CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation.
by amironline452
Microsoft Internet Explorer - '.ANI' Remote Stack Overflow (MS05-002) (2)
by Skylined
Norton AntiVirus < 2005 - Remote Stack Overflow
by Rafel Ivgi
Microsoft Internet Explorer - Remote Code Execution
by ShredderSub7
Nortel IP Softphone 2050 - Denial of Service
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allow remote attackers to cause a denial of service via (1) the frame number set to zero, which causes an invalid memory address to be used and leads to a kernel crash, or (2) the rate number set to zero, which leads to resource exhaustion and hang.
by Flashsky
Microsoft Internet Explorer / MSN - Memory_Access_Violation Denial of Service
by Emmanouel Kellinis
Microsoft Windows Media Player 9.0 - XSS
The Microsoft Windows Media Player 9.0 ActiveX control may allow remote attackers to execute arbitrary web script in the Local computer zone via the (1) artist or (2) song fields of a music file, if the file is processed using Internet Explorer.
by Arman Nayyeri
Microsoft Windows Media Player 9.0 - Info Disclosure
The getItemInfoByAtom function in the ActiveX control for Microsoft Windows Media Player 9.0 returns a 0 if the file does not exist and the size of the file if the file exists, which allows remote attackers to determine the existence of files on the local system.
by Arman Nayyeri
Mozilla Firefox 0.8/0.9/0.10 - Infinite Array Sort Denial of Service
by Berend-Jan Wever
Microsoft Internet Explorer 6 - Infinite Array Sort Denial of Service
by Berend-Jan Wever
Apple Safari Web Browser 1.x - Infinite Array Sort Denial of Service
by Berend-Jan Wever
Sun Java Applet 1.x - Invocation Version Specification
by Peter Greenwood
Mozilla Camino Web Browser 0.7/0.8 - Infinite Array Sort Denial of Service
by Berend-Jan Wever
Avaya Ip600 Media Servers - Buffer Overflow
Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME attributes in IFRAME, FRAME, and EMBED elements, as originally discovered using the mangleme utility, aka "the IFRAME vulnerability" or the "HTML Elements Vulnerability."
by Skylined
Firefox <1.0 - Info Disclosure
Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background) tabs to focus on input being entered in the active tab, as originally reported using form fields, which allows remote attackers to steal sensitive data that is intended for other sites, which could facilitate phishing attacks.
by Jakob Balle
NullSoft Winamp 2.x/3.x/5.0.x - ActiveX Control Remote Buffer Overflow
by celebrityhacker
Grokster 1.3/2.6 / KaZaA Media Desktop 1.3.x/1.6.1/2.0.x - ActiveX Control Remote Buffer Overflow
by celebrityhacker
Opera Web Browser 7.23 - Empty Embedded Object JavaScript Denial of Service
by Stevo
Microsoft Internet Explorer 6.0 SP1 - DoS
Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a denial of service (browser crash) via a link with "::{" (colon colon left brace), which triggers a null dereference when the user attempts to save the link using "Save As" and Internet Explorer prepares an error message with an attacker-controlled format string.
by anonymous
Opera web browser <7.53.3850 - XSS
A race condition in Opera web browser 7.53 Build 3850 causes Opera to fill in the address bar before the page has been loaded, which allows remote attackers to spoof the URL in the address bar via the window.open and location.replace HTML parameters, which facilitates phishing attacks.
by bitlance winter
Mozilla Firefox <0.9.3 - XSS
Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certificates of trusted web sites via redirects and Javascript that uses the "onunload" method.
by E.Kellinis
Microsoft Internet Explorer 6.0.2800 - DoS
mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to cause a denial of service (crash) via a table containing a form that crosses multiple td elements, and whose "float: left" class is defined in a link to a CSS stylesheet after the end of the table, which may trigger a null dereference.
by Phuong
Mensajeitor Tag Board 1.x - Authentication Bypass
by Jordi Corrales
Microsoft Internet Explorer - Overly Trusted Location Cache
by anonymous
Microsoft Internet Explorer 6.0.2800.1106 - Auth Bypass
Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, and other versions including 5.01 and 5.5, allows remote web servers to bypass zone restrictions and execute arbitrary code in the local computer zone by redirecting a function to another function with the same name, as demonstrated by SimilarMethodNameRedir, aka the "Similar Method Name Redirection Cross Domain Vulnerability."
by Paul
By Source