Exploitdb Exploits
2,012 exploits tracked across all sources.
LevelOne WBR-3406TX Router - Cross-Site Request Forgery
by Yakir Wizman
Horde Groupware < 5.1.2 - CSRF
Multiple CSRF issues in Horde Groupware Webmail Edition 5.1.2 and earlier in basic.php.
by Marcela Benetrix
CVSS 6.5
JReport - 'dealSchedules.jsp' Cross-Site Request Forgery
by Poonam Singh
Aladdin Knowledge Systems Ltd. PrivAgent - ActiveX Control Overflow
by blake
Fortinet Fortianalyzer Firmware < 5.0.4 - CSRF
cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site request forgery (CSRF) attacks.
by William Costa
SolarWinds Server and Application Monitor - ActiveX 'Pepco32c' Buffer Overflow
by blake
Mitsubishi Electric Automation MC-WorX Suite 8.02 - RCE
An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction with a Login Client button click.
by blake
WordPress Plugin Event Easy Calendar - Multiple Cross-Site Request Forgery Vulnerabilities
by anonymous
Wellintech Kingview < 6.53 - Path Traversal
The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the two pathname arguments, as demonstrated by a directory traversal attack.
by blake
Wellintech Kingview < 6.52 - Access Control
The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict SaveToFile method calls, which allows remote attackers to create or overwrite arbitrary files, and subsequently execute arbitrary programs, via the single pathname argument, as demonstrated by a directory traversal attack.
by blake
Digital Signage Xibo 1.4.2 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new administrator via the AddUser action or (2) conduct cross-site scripting (XSS) attacks, as demonstrated by CVE-2013-4888.
by Jacob Holcomb
BigACE 2.7.8 - Cross-Site Request Forgery (Add Admin)
by Yashar shahinzadeh
TRENDnet TEW-812DRU - RCE
TRENDnet TEW-812DRU router allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) wan network prefix to internet/ipv6.asp; (2) remote port to adm/management.asp; (3) pptp username, (4) pptp password, (5) ip, (6) gateway, (7) l2tp username, or (8) l2tp password to internet/wan.asp; (9) NtpDstStart, (10) NtpDstEnd, or (11) NtpDstOffset to adm/time.asp; or (12) device url to adm/management.asp. NOTE: vectors 9, 10, and 11 can be exploited by unauthenticated remote attackers by leveraging CVE-2013-3098.
by Jacob Holcomb
Xmonad-contrab < 0.11.1 - Code Injection
The XMonad.Hooks.DynamicLog module in xmonad-contrib before 0.11.2 allows remote attackers to execute arbitrary commands via a web page title, which activates the commands when the user clicks on the xmobar window title, as demonstrated using an action tag.
by Joachim Breitner
Magnolia Form module <1.4.7-2.0.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the Magnolia Form module 1.x before 1.4.7 and 2.x before 2.0.2 for Magnolia CMS allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) fullname, or (3) email parameter to magnoliaPublic/demo-project/members-area/registration.html.
by High-Tech Bridge
PrestaShop - Multiple Cross-Site Request Forgery Vulnerabilities
by EntPro Cyber Security Research Group
phpVibe 3.1 - Information Disclosure / Remote File Inclusion
by indoushka
RealNetworks RealPlayer <16.0.2.32 - DoS
RealNetworks RealPlayer 16.0.2.32 and earlier allows remote attackers to cause a denial of service (resource consumption or application crash) via an HTML document containing JavaScript code that constructs a long string.
by Akshaysinh Vaghela
Ovislink Airlive Wl2600cam - CSRF
Cross-site request forgery (CSRF) vulnerability in the command/user.cgi in Sony SNC CH140, SNC CH180, SNC CH240, SNC CH280, SNC DH140, SNC DH140T, SNC DH180, SNC DH240, SNC DH240T, SNC DH280, and possibly other camera models allows remote attackers to hijack the authentication of administrators for requests that add users.
by Castillo
Brickcom 100ap Device Firmware - CSRF
Cross-site request forgery (CSRF) vulnerability in cgi-bin/users.cgi in Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.1.0.8 and earlier, allows remote attackers to hijack the authentication of administrators for requests that add users.
by Castillo
Synactis PDF In-The-Box ActiveX - Buffer Overflow
A stack-based buffer overflow vulnerability exists in Synactis PDF In-The-Box ActiveX control (PDF_IN_1.ocx), specifically the ConnectToSynactis method. When a long string is passed to this method—intended to populate the ldCmdLine argument of a WinExec call—a strcpy operation overwrites a saved TRegistry class pointer on the stack. This allows remote attackers to execute arbitrary code in the context of the user by enticing them to visit a malicious webpage that instantiates the vulnerable ActiveX control. The vulnerability was discovered via its use in third-party software such as Logic Print 2013.
by h1ch4m
Undolog Cleanfix - CSRF
WordPress WP Cleanfix Plugin 2.4.4 has CSRF
by Enigma Ideas
CVSS 5.4
By Source