Exploitdb Exploits
2,012 exploits tracked across all sources.
Njtech Greencms - CSRF
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that allows attackers to execute arbitrary PHP code via the content parameter to index.php?m=admin&c=media&a=fileconnect.
by xichao
CVSS 8.8
Njtech Greencms - CSRF
An issue was discovered in GreenCMS v2.3.0603. There is a CSRF vulnerability that can add an admin account via index.php?m=admin&c=access&a=adduserhandle.
by xichao
CVSS 8.8
Joomla! Component JoomOCShop 1.0 - Cross-Site Request Forgery
by L0RD
Joomla! Component jCart for OpenCart 2.3.0.2 - Cross-Site Request Forgery
by L0RD
Sharetronix CMS 3.6.2 - Cross-Site Request Forgery / Cross-Site Scripting
by Hesam Bazvand
Easyservice Billing - CSRF
A CSRF issue was discovered in EasyService Billing 1.0, which was triggered via a quotation-new3-new2.php?add=true&id= URI, as demonstrated by adding a new quotation.
by Divya Jain
CVSS 8.8
Easyservice Billing - CSRF
A CSRF issue was discovered on the User Add/System Settings Page (system-settings-user-new2.php) in EasyService Billing 1.0. A User can be added with the Admin role.
by Divya Jain
CVSS 8.8
Microsoft Edge < 1.8.3 - Out-of-Bounds Write
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Microsoft Edge, aka "Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2018-0945, CVE-2018-0951, CVE-2018-0953, CVE-2018-0954, CVE-2018-0955, CVE-2018-1022, CVE-2018-8114, CVE-2018-8122, CVE-2018-8128, CVE-2018-8137, CVE-2018-8139.
by Google Security Research
CVSS 7.5
Skia - Buffer Overflow
An integer overflow can occur in the Skia library due to 32-bit integer use in an array without integer overflow checks, resulting in possible out-of-bounds writes. This could lead to a potentially exploitable crash triggerable by web content. This vulnerability affects Thunderbird < 52.8, Thunderbird ESR < 52.8, Firefox < 60, and Firefox ESR < 52.8.
by Google Security Research
CVSS 9.8
Teradek VidiU Pro 3.0.3 - CSRF
Teradek VidiU Pro 3.0.3 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft malicious web pages that automatically submit password change requests to the device when a logged-in administrator visits the page.
by LiquidWorm
CVSS 4.3
Teradek Cube 7.3.6 - CSRF
Teradek Cube 7.3.6 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page with a hidden form to submit password change requests to the device's system configuration interface.
by LiquidWorm
CVSS 4.3
Teradek Slice 7.3.15 - CSRF
Teradek Slice 7.3.15 contains a cross-site request forgery vulnerability that allows attackers to change administrative passwords without proper request validation. Attackers can craft a malicious web page that automatically submits password change requests to the device when a logged-in user visits the page.
by LiquidWorm
CVSS 4.3
Windows VBScript Engine - RCE
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
by smgorelik
CVSS 7.5
WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery
by dxw
Totemo Encryption Gateway < 6.0.0 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in totemomail Encryption Gateway before 6.0.0_Build_371 allow remote attackers to hijack the authentication of users for requests that (1) change user settings, (2) send emails, or (3) change contact information by leveraging lack of an anti-CSRF token.
by Compass Security
CVSS 8.8
Fastweb FASTgate <0.00.47 - CSRF
Fastweb FASTgate 0.00.47 devices are vulnerable to CSRF, with impacts including Wi-Fi password changing, Guest Wi-Fi activating, etc.
by Raffaele Sabato
CVSS 8.8
Apple Safari < 11.1 - Use After Free
An issue was discovered in certain Apple products. iOS before 11.3.1 is affected. Safari before 11.1 is affected. iCloud before 7.5 on Windows is affected. iTunes before 12.7.5 on Windows is affected. tvOS before 11.4 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site that triggers a WebCore::jsElementScrollHeightGetter use-after-free.
by Google Security Research
CVSS 8.8
WordPress Plugin Woo Import Export 1.0 - Arbitrary File Deletion
by Lenon Leite
phpMyAdmin <4.8.0-1 - CSRF
phpMyAdmin 4.8.0 before 4.8.0-1 has CSRF, allowing an attacker to execute arbitrary SQL statements, related to js/db_operations.js, js/tbl_operations.js, libraries/classes/Operations.php, and sql.php.
by revengsh
CVSS 8.8
Microsoft Internet Explorer - Out-of-Bounds Write
Internet Explorer in Microsoft Windows 7 SP1, Windows Server 2008 and R2 SP1, Windows 8.1 and Windows RT 8.1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows remote code execution, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0876, CVE-2018-0889, CVE-2018-0893, and CVE-2018-0925.
by Google Security Research
CVSS 7.5
Wampserver <3.1.3 - CSRF
Wampserver before 3.1.3 has CSRF in add_vhost.php.
by Vipin Chaudhary
CVSS 8.8
OpenCMS 10.5.3 - CSRF
Cross-site request forgery (CSRF) vulnerability in system/workplace/admin/accounts/user_role.jsp in OpenCMS 10.5.3 allows remote attackers to hijack the authentication of administrative users for requests that perform privilege escalation. Note: It is argued that OpenCMS allows only registered users to upload different kind of content artifacts (SVG, .doc, .docx). The uploaded content is stored in the CMS content repository "as is". In case of scripts inside an SVG, this may or may not be "malicious", there is no way of knowing if the uploaded SVG contains the script for a reason. To exploit the "issue", a user must have an account in the CMS as a content manager
by Sureshbabu Narvaneni
CVSS 8.8
Frog Cms - CSRF
An issue was discovered in /admin/?/user/add in Frog CMS 0.9.5. The application's add user functionality suffers from CSRF. A malicious user can craft an HTML page and use it to trick a victim into clicking on it; once executed, a malicious user will be created with admin privileges. This happens due to lack of an anti-CSRF token in state modification requests.
by Samrat Das
CVSS 8.8
1234n Minicms - CSRF
There is a CSRF vulnerability in mc-admin/conf.php in MiniCMS 1.10 that can change the administrator account password.
by zixian
CVSS 8.8
By Source