Html Exploits
2,076 exploits tracked across all sources.
Microsoft Internet Explorer 6 - '%USERPROFILE%' File Execution
by Eiji James Yoshida
vBulletin 3.0.0 Beta 2 - Cross-Site Scripting via Preview Message
Cross-site scripting (XSS) vulnerability in private.php for vBulletin 3.0.0 Beta 2 allows remote attackers to inject arbitrary web script and HTML via the "Preview Message" capability.
by Ferruh Mavituna
Yahoo! Audio Conferencing ActiveX Control - Buffer Overflow via Long Hostname URL
Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ActiveX control before 1,0,0,45 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a URL with a long hostname to Yahoo! Messenger or Yahoo! Chat.
by cesaro
Microsoft 'Shlwapi.dll' 6.0.2800.1106 - Malformed HTML Form Tag Denial of Service
by Ramon Pinuaga Cascales
Netscape Navigator 7.0 - Denial of Service via Invalid Regular Expression in reformatDate
Netscape 7.0 allows remote attackers to cause a denial of service (crash) via a web page with an invalid regular expression argument to the JavaScript reformatDate function.
by dwm
Pocket Internet Explorer 3.0 - Denial of Service via Recursive innerHTML Function
Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a denial of service (crash) via a Javascript function that uses the object.innerHTML function to recursively call that function.
by Christopher Sogge Røtnes
phpBB 2.0.3 - Cross-Site Scripting via search_username Parameter
Cross-site scripting (XSS) vulnerability in search.php in phpBB 2.0.3 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the search_username parameter in searchuser mode.
by f_a_a
Microsoft Internet Explorer 5 - Document Reference Zone Bypass
by Liu Die Yu
Internet Explorer 4.0+ - Info Disclosure
Internet Explorer 4.0 and later allows remote attackers to read arbitrary files via a web page that accesses a legacy XML Datasource applet (com.ms.xml.dso.XMLDSO.class) and modifies the base URL to point to the local system, which is trusted by the applet.
by Jelmer
Internet Explorer 5.5-6.0 - Remote Code Execution via Web Folder Error Message Injection
The Web Folder component for Internet Explorer 5.5 and 6.0 writes an error message to a known location in the temporary folder, which allows remote attackers to execute arbitrary code by injecting it into the error message, then referring to the error message file via a mhtml: URL.
by http-equiv
Opera Web Browser 6.0-6.04 - Cross-Site Scripting via FTP URL Title Tag
Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL.
by Eiji James Yoshida
Easy Homepage Creator 1.0 - Unauthenticated Arbitrary File Write via print_html_to_file
The print_html_to_file function in edit.cgi for Easy Homepage Creator 1.0 does not check user credentials, which allows remote attackers to modify home pages of other users.
by Arek Suroboyo
Easy Guestbook - Unauthenticated Administrative Access via Direct CGI Access
Easy Guestbook CGI programs do not authenticate the administrator, which allows remote attackers to (1) delete entries via direct access of admin.cgi, or (2) reconfigure Guestbook via direct access of config.cgi.
by Arek Suroboyo
BadBlue Enterprise Edition <1.74 - RCE
Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 attempts to restrict administrator actions to the IP address of the local host, but does not provide additional authentication, which allows remote attackers to execute arbitrary code via a web page containing an HTTP POST request that accesses the dir.hts page on the localhost and adds an entire hard drive to be shared.
by Matthew Murphy
Netscape Communicator - Buffer Overflow via Font Tag Face Attribute
Buffer overflow in Composer in Netscape 4.77 allows local users to overwrite process memory and execute arbitrary code via a font tag with a long face attribute.
by S[h]iff
Opera Web Browser 6.0.1-6.0.2 - Unauthenticated Arbitrary File Upload via Input File Tag Newline Injection
Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline.
by GreyMagic Software
Microsoft Internet Explorer 5.0-6.0 - Denial of Service via Recursive HTML Object Handling
Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to cause a denial of service (crash) via an object of type "text/html" with the DATA field that identifies the HTML document that contains the object, which may cause infinite recursion.
by Matthew Murphy
AOL Instant Messenger - Directory Traversal and Arbitrary File Write via IMG Tag SRC Attribute
Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 beta and earlier allows remote attackers to create arbitrary files and execute commands via a Direct Connection with an IMG tag with a SRC attribute that specifies the target filename.
by Noah Johnson
Microsoft Internet Explorer <6.0 - XSS
The browser history feature in Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to execute arbitrary script as other users and steal authentication information via cookies by injecting JavaScript into the URL, which is executed when the user hits the Back button.
by Andreas Sandblad
Internet Explorer 5.01-6 - Denial of Service via JavaScript location.replace Loop
Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application crash) via Javascript in a web page that calls location.replace on itself, causing a loop.
by Patrik Birgersson
Internet Explorer <5.6 - Info Disclosure
Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled allows remote attackers to determine the existence of arbitrary files via a script tag with a src parameter that references a non-JavaScript file, then using the onError event handler to monitor the results.
by Tom Micklovitch
Brian Dorricott MAILTO <= 1.0.9 - Unauthenticated SPAM Email Relay via Hidden Form Field Manipulation
mailto.exe in Brian Dorricott MAILTO 1.0.9 and earlier allows remote attackers to send SPAM e-mail through remote servers by modifying the sendto, email, server, subject, and resulturl hidden form fields.
by http-equiv
By Source