Exploitdb Exploits
2,009 exploits tracked across all sources.
pfSense Firewall 2.2.5 - Config File Cross-Site Request Forgery
by Aatif Shahdad
Trend Micro Password Manager - Command Injection
The HTTP server in Trend Micro Password Manager allows remote web servers to execute arbitrary commands via the url parameter to (1) api/openUrlInDefaultBrowser or (2) api/showSB.
by Google Security Research
CVSS 9.8
Microsoft Internet Explorer 11.0.9600.18124 EdUtil::GetCommonAncestorElement - Denial of Service
by Marcin Ressel
Internet Explorer 10 - Remote Code Execution via Memory Corruption
Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6162.
by Moritz Jodeit
Microsoft Internet Explorer 11.0.9600.18097 - COmWindowProxy::SwitchMarkup NULL PTR
by Marcin Ressel
Arris TG1682G - Unauthenticated XSS
Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter.
by Nu11By73
CVSS 6.1
PHP Server Monitor 3.1.1 - Cross-Site Request Forgery / Privilege Escalation
by hyp3rlinx
Dream CMS 2.3.0 - Cross-Site Request Forgery (Add Extension) / Arbitrary File Upload / PHP Code Execution
by LiquidWorm
Microsoft Internet Explorer 11 - Stack Underflow Crash (PoC)
by Mjx
Auto-Exchanger 5.1.0 - Cross-Site Request Forgery via Password Change Request
Cross-site request forgery (CSRF) vulnerability in Auto-Exchanger 5.1.0 allows remote attackers to hijack the authentication of users for requests that change a password via a request to signup.php.
by Aryan Bayaninejad
Contact Form Generator < 2.0.1 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in the Contact Form Generator plugin 2.0.1 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) create a field, (2) update a field, (3) delete a field, (4) create a form, (5) update a form, (6) delete a form, (7) create a template, (8) update a template, (9) delete a template, or (10) conduct cross-site scripting (XSS) attacks via a crafted request to the cfg_forms page in wp-admin/admin.php.
by i0akiN SEC-LABORATORY
GPON Home Router FTP G-93RG1 - Cross-Site Request Forgery / Command Execution
by Phan Thanh Duy
Pligg CMS 2.0.2 - Cross-Site Request Forgery via Admin User Addition
Cross-site request forgery (CSRF) vulnerability in Pligg CMS 2.0.2 allows remote attackers to hijack the authentication of administrators for requests that add an administrator via a request to admin/admin_users.php.
by Arash Khazaei
Microsoft Internet Explorer 8-11 - Remote Code Execution via Memory Corruption
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Memory Corruption Vulnerability," a different vulnerability than CVE-2015-2442.
by Blue Frost Security GmbH
Microweber 1.0.3 - Persistent Cross-Site Scripting / Cross-Site Request Forgery (Add Admin)
by LiquidWorm
McAfee SiteAdvisor 3.7.2 - Firefox Use-After-Free (PoC)
by Marcin Ressel
eSellerate SDK 3.6.5.0 - Buffer Overflow via GetWebStoreURL ActiveX Control
Buffer overflow in the GetWebStoreURL function in a certain ActiveX control in eSellerateControl365.dll 3.6.5.0 in eSellerate SDK allows user-assisted remote attackers to execute arbitrary code via a long first argument.
by metacom
Cisco AnyConnect Secure Mobility 2.x/3.x/4.x - Client Denial of Service (PoC)
by LiquidWorm
Microsoft Internet Explorer 11 - Crash (PoC) (2)
by Pawel Wylecial
By Source