Exploitdb Exploits
2,012 exploits tracked across all sources.
Google Chrome 73.0.3683.103 V8 JavaScript Engine - Out-of-Memory in Invalid Table Size Denial of Service (PoC)
by Bogdan Kurinnoy
Bolt < 3.6.7 - CSRF
Cross Site Request Forgery (CSRF) in the bolt/upload File Upload feature in Bolt CMS 3.6.6 allows remote attackers to execute arbitrary code by uploading a JavaScript file to include executable extensions in the file/edit/config/config.yml configuration file.
by FelipeGaspar
CVSS 8.8
WordPress Plugin Contact Form Maker 1.13.1 - Cross-Site Request Forgery
by Peyman Forouzan
Google Chrome 72.0.3626.96 / 74.0.3702.0 - 'JSPromise::TriggerPromiseReactions' Type Confusion
by Google Security Research
WebKitGTK+ - 'ThreadedCompositor' Race Condition
by Google Security Research
Google Chrome 73.0.3683.39 / Chromium 74.0.3712.0 - 'ReadableStream' Internal Object Leak Type Confusion
by Google Security Research
JioFi 4G M2S 1.0.2 - CSRF
JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi).
by Vikas Chaudhary
CVSS 6.5
Firefox < 66.0.1 - Buffer Overflow
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
by xuechiyaobai
CVSS 8.8
Windows VBScript Engine - RCE
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0772.
by Google Security Research
CVSS 7.5
IE - Auth Bypass
A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0761.
by Google Security Research
CVSS 4.3
Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password)
by LiquidWorm
PilusCart 1.4.1 - CSRF
PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator.
by Gionathan Reale
CVSS 8.8
Microsoft Chakracore < 1.11.5 - Out-of-Bounds Write
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0567, CVE-2019-0568.
by Fahad Aid Alharbi
CVSS 7.5
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)
by Mr Winst0n
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)
by Mr Winst0n
Zohocorp Manageengine Netflow Analyzer - XSS
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName.
by Rafael Pedrero
CVSS 6.1
Zohocorp Manageengine Netflow Analyzer - XSS
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, rep_schedule, rep_Type, schDesc, schName, schSource, selectDeviceDone, task, val10, and val11.
by Rafael Pedrero
CVSS 6.1
Zohocorp Manageengine Netflow Analyzer - XSS
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource.
by Rafael Pedrero
CVSS 6.1
Zohocorp Manageengine Netflow Analyzer - Path Traversal
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via any file name, such as a schFilePath=C:\boot.ini value.
by Rafael Pedrero
CVSS 4.3
Apachefriends Xampp < 5.6.8 - SQL Injection
XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued.
by Rafael Pedrero
CVSS 9.8
Apachefriends Xampp < 5.6.8 - XSS
XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued.
by Rafael Pedrero
CVSS 6.1
Zohocorp Manageengine Netflow Analyzer - XSS
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype.
by Rafael Pedrero
CVSS 6.1
Coship Wireless Router 4.0.0.x/5.0.0.x - WiFi Password Reset
by Adithyan AK
Beward N100 H.264 VGA IP Camera M2.1.6 - CSRF
Beward N100 H.264 VGA IP Camera M2.1.6 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft a malicious web page with a hidden form to add an admin user by tricking a logged-in user into submitting the form.
by LiquidWorm
CVSS 5.3
ZyXEL VMG3312-B10B DSL-491HUNU-B1B v2 - CSRF
ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF.
by Yusuf Furkan
CVSS 8.8
By Source