Ozer Goker - Security Researcher - Exploit Intelligence Platform

CVE-2019-25384 EXPLOITDB MEDIUM text WORKING POC

Smoothwall Express 3.1-SP4 - XSS

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the portfw.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the EXT, SRC_PORT_SEL, SRC_PORT, DEST_IP, DEST_PORT_SEL, or COMMENT parameters to execute arbitrary JavaScript in users' browsers.

CVSS 6.1

View Code

CVE-2019-25383 EXPLOITDB MEDIUM text WORKING POC

Smoothwall Express 3.1-SP4 - XSS

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the apcupsd.cgi script that allow attackers to inject malicious scripts through multiple POST parameters. Attackers can submit crafted POST requests with script payloads in parameters like BATTLEVEL, RTMIN, BATTDELAY, TO, ANNOY, UPSIP, UPSNAME, UPSPORT, POLLTIME, UPSUSER, NISPORT, UPSAUTH, EMAIL, FROM, CC, SMSEMAIL, SMTPSERVER, PORT, USER, and EMAIL_PASSWORD to execute arbitrary JavaScript in victim browsers.

CVSS 6.1

View Code

CVE-2019-25382 EXPLOITDB MEDIUM text WORKING POC

Smoothwall Express 3.1-SP4 - XSS

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the NTP_SERVER parameter. Attackers can send POST requests to the time.cgi endpoint with script payloads in the NTP_SERVER parameter to execute arbitrary JavaScript in users' browsers.

CVSS 6.1

View Code

CVE-2019-25381 EXPLOITDB MEDIUM text WORKING POC

Smoothwall Express 3.1-SP4 - XSS

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests to the hosts.cgi endpoint with script payloads in the IP, HOSTNAME, or COMMENT parameters to execute arbitrary JavaScript in users' browsers.

CVSS 6.1

View Code

CVE-2019-25380 EXPLOITDB MEDIUM text WORKING POC

Smoothwall Express 3.1-SP4 - XSS

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dhcp.cgi script that allow attackers to inject malicious scripts through multiple parameters. Attackers can submit POST requests to dhcp.cgi with script payloads in parameters such as BOOT_SERVER, BOOT_FILE, BOOT_ROOT, START_ADDR, END_ADDR, DNS1, DNS2, NTP1, NTP2, WINS1, WINS2, DEFAULT_LEASE_TIME, MAX_LEASE_TIME, DOMAIN_NAME, NIS_DOMAIN, NIS1, NIS2, STATIC_HOST, STATIC_DESC, STATIC_MAC, and STATIC_IP to execute arbitrary JavaScript in user browsers.

CVSS 6.1

View Code

CVE-2019-25379 EXPLOITDB HIGH text WORKING POC

Smoothwall Express 3.1-SP4 - XSS

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilter.cgi endpoint that allow attackers to inject malicious scripts. Attackers can submit POST requests with script payloads in the REDIRECT_PAGE or CHILDREN parameters to execute arbitrary JavaScript in user browsers.

CVSS 7.2

View Code

CVE-2019-25378 EXPLOITDB MEDIUM text WORKING POC

Smoothwall Express 3.1-SP4 - XSS

Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHE_SIZE, MAX_SIZE, MIN_SIZE, MAX_OUTGOING_SIZE, and MAX_INCOMING_SIZE. Attackers can submit POST requests with script payloads to store or reflect arbitrary JavaScript code that executes in users' browsers when the proxy configuration page is accessed.

CVSS 6.1

View Code

CVE-2019-25377 EXPLOITDB MEDIUM text WORKING POC

OPNsense 19.1 - XSS

OPNsense 19.1 contains a reflected cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that allows attackers to inject malicious scripts via the value parameter. Attackers can craft POST requests with script payloads in the value parameter to execute JavaScript in the context of authenticated user sessions.

CVSS 5.4

View Code

CVE-2019-25376 EXPLOITDB MEDIUM text WORKING POC

OPNsense 19.1 - XSS

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted payloads through the ignoreLogACL parameter. Attackers can send POST requests to the proxy endpoint with JavaScript code in the ignoreLogACL parameter to execute arbitrary scripts in users' browsers.

CVSS 6.1

View Code

CVE-2019-25375 EXPLOITDB MEDIUM text WORKING POC

OPNsense 19.1 - XSS

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the mailserver parameter. Attackers can send POST requests to the monit interface with JavaScript payloads in the mailserver parameter to execute arbitrary code in users' browsers.

CVSS 6.1

View Code

CVE-2019-25374 EXPLOITDB MEDIUM text WORKING POC

OPNsense 19.1 - XSS

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by exploiting the passthrough_networks parameter in vpn_ipsec_settings.php. Attackers can craft POST requests with JavaScript payloads in the passthrough_networks parameter to execute arbitrary code in users' browsers.

CVSS 6.1

View Code

CVE-2019-25373 EXPLOITDB MEDIUM text WORKING POC

OPNsense 19.1 - XSS

OPNsense 19.1 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the category parameter. Attackers can send POST requests to firewall_rules_edit.php with script payloads in the category field to execute arbitrary JavaScript in the browsers of other users accessing firewall rule pages.

CVSS 6.4

View Code

CVE-2019-25372 EXPLOITDB MEDIUM text WORKING POC

OPNsense 19.1 - XSS

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted payloads through POST requests to diag_traceroute.php to execute arbitrary JavaScript in the context of a user's browser session.

CVSS 6.1

View Code

CVE-2019-25370 EXPLOITDB MEDIUM text WORKING POC

OPNsense 19.1 - XSS

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through multiple parameters. Attackers can send POST requests to interfaces_vlan_edit.php with script payloads in the tag, descr, or vlanif parameters to execute arbitrary JavaScript in users' browsers.

CVSS 6.1

View Code

CVE-2019-25369 EXPLOITDB MEDIUM text WORKING POC

OPNsense 19.1 - XSS

OPNsense 19.1 contains a stored cross-site scripting vulnerability in the system_advanced_sysctl.php endpoint that allows attackers to inject persistent malicious scripts via the tunable parameter. Attackers can submit POST requests with script payloads that are stored and executed in the context of authenticated user sessions when the page is viewed.

CVSS 6.4

View Code

CVE-2019-25368 EXPLOITDB MEDIUM text WORKING POC

OPNsense 19.1 - XSS

OPNsense 19.1 contains multiple cross-site scripting vulnerabilities in the diag_backup.php endpoint that allow attackers to inject malicious scripts through multiple parameters including GDrive_GDriveEmail, GDrive_GDriveFolderID, GDrive_GDriveBackupCount, Nextcloud_url, Nextcloud_user, Nextcloud_password, Nextcloud_password_encryption, and Nextcloud_backupdir. Attackers can submit POST requests with script payloads in these parameters to execute arbitrary JavaScript in the context of authenticated administrator sessions.

CVSS 5.4

View Code

CVE-2019-25367 EXPLOITDB MEDIUM text WORKING POC

ArangoDB Community Edition 3.4.2-1 - XSS

ArangoDB Community Edition 3.4.2-1 contains multiple cross-site scripting vulnerabilities in the Aardvark web admin interface (index.html) through search, user management, and API parameters. Attackers can inject scripts via parameters in /_db/_system/_admin/aardvark/index.html to execute JavaScript in authenticated users' browsers.

CVSS 5.4

View Code

CVE-2019-25371 EXPLOITDB MEDIUM text WORKING POC

OPNsense 19.1 - XSS

OPNsense 19.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting insufficient input validation in the host parameter. Attackers can submit crafted POST requests to the diag_ping.php endpoint with script payloads in the host parameter to execute arbitrary JavaScript in users' browsers.

CVSS 6.1

View Code

EIP-2026-111789 EXPLOITDB text WORKING POC

RockMongo PHP MongoDB Administrator 1.1.8 - Multiple Vulnerabilities

View Code

EIP-2026-111122 EXPLOITDB text WORKING POC

phpLiteAdmin 1.9.6 - Multiple Vulnerabilities

View Code

EIP-2026-111132 EXPLOITDB text WORKING POC

PHPmongoDB 1.0.0 - Multiple Vulnerabilities

View Code

EIP-2026-109931 EXPLOITDB text WORKING POC

Nextcloud 17 - Cross-Site Request Forgery

View Code

EIP-2026-104392 EXPLOITDB text WORKING POC

pfSense 2.4.4-p1 - Cross-Site Scripting

View Code

EIP-2026-104355 EXPLOITDB text WORKING POC

Nessus 8.2.1 - Cross-Site Scripting

View Code

EIP-2026-104161 EXPLOITDB text WORKING POC

Apache CouchDB 2.3.1 - Cross-Site Request Forgery / Cross-Site Scripting

View Code