Exploitdb Exploits

2,009 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-25734 EXPLOITDB MEDIUM html
Contact Form by WD 1.13.1 CSRF to Local File Inclusion
Contact Form by WD 1.13.1 contains a cross-site request forgery vulnerability combined with local file inclusion that allows unauthenticated attackers to include arbitrary files by exploiting unsanitized action parameters. Attackers can craft malicious forms targeting the admin-ajax.php endpoint with directory traversal sequences in the GET action parameter to load files via CSRF, bypassing authentication on vulnerable AJAX actions.
by Peyman Forouzan
CVSS 4.0
EIP-2026-103913 EXPLOITDB html VERIFIED
Google Chrome 72.0.3626.96 / 74.0.3702.0 - 'JSPromise::TriggerPromiseReactions' Type Confusion
by Google Security Research
EIP-2026-103715 EXPLOITDB html VERIFIED
WebKitGTK+ - 'ThreadedCompositor' Race Condition
by Google Security Research
EIP-2026-103493 EXPLOITDB html VERIFIED
Google Chrome 73.0.3683.39 / Chromium 74.0.3712.0 - 'ReadableStream' Internal Object Leak Type Confusion
by Google Security Research
CVE-2019-7440 EXPLOITDB MEDIUM html
JioFi 4G M2S 1.0.2 - Cross-Site Request Forgery via Wi-Fi Settings
JioFi 4G M2S 1.0.2 devices have CSRF via the SSID name and Security Key field under Edit Wi-Fi Settings (aka a SetWiFi_Setting request to cgi-bin/qcmap_web_cgi).
by Vikas Chaudhary
CVSS 6.5
CVE-2019-9810 EXPLOITDB HIGH html
Firefox < 66.0.1 and ESR < 60.6.1 - Memory Corruption via IonMonkey JIT Compiler
Incorrect alias information in IonMonkey JIT compiler for Array.prototype.slice method may lead to missing bounds check and a buffer overflow. This vulnerability affects Firefox < 66.0.1, Firefox ESR < 60.6.1, and Thunderbird < 60.6.1.
by xuechiyaobai
CVSS 8.8
CVE-2019-0667 EXPLOITDB HIGH html VERIFIED
Internet Explorer - Remote Code Execution via VBScript Engine Memory Handling
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka 'Windows VBScript Engine Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-0665, CVE-2019-0666, CVE-2019-0772.
by Google Security Research
CVSS 7.5
CVE-2019-0768 EXPLOITDB MEDIUM html VERIFIED
Internet Explorer - Security Feature Bypass via VBScript Execution Policy
A security feature bypass vulnerability exists when Internet Explorer VBScript execution policy does not properly restrict VBScript under specific conditions, and to allow requests that should otherwise be ignored, aka 'Internet Explorer Security Feature Bypass Vulnerability'. This CVE ID is unique from CVE-2019-0761.
by Google Security Research
CVSS 4.3
EIP-2026-107878 EXPLOITDB html
Intel Modular Server System 10.18 - Cross-Site Request Forgery (Change Admin Password)
by LiquidWorm
CVE-2019-9769 EXPLOITDB HIGH html
PilusCart 1.4.1 - Cross-Site Request Forgery via User Creation Endpoint
PilusCart 1.4.1 is vulnerable to index.php?module=users&action=newUser CSRF, leading to the addition of a new user as administrator.
by Gionathan Reale
CVSS 8.8
CVE-2019-0539 EXPLOITDB HIGH html
ChakraCore - Remote Code Execution via Memory Corruption
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0567, CVE-2019-0568.
by Fahad Aid Alharbi
CVSS 7.5
EIP-2026-112123 EXPLOITDB html
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Delete Admin)
by Mr Winst0n
EIP-2026-112122 EXPLOITDB html
Simple Online Hotel Reservation System - Cross-Site Request Forgery (Add Admin)
by Mr Winst0n
CVE-2019-8928 EXPLOITDB MEDIUM html
ManageEngine Netflow Analyzer Professional 7.0.0.2 - Stored Cross-Site Scripting via User Management Form Parameters
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in /netflow/jspui/userManagementForm.jsp via these GET parameters: authMeth, passWord, pwd1, and userName.
by Rafael Pedrero
CVSS 6.1
CVE-2019-8927 EXPLOITDB MEDIUM html
ManageEngine Netflow Analyzer Professional 7.0.0.2 - Stored Cross-Site Scripting via Schedule Configuration Parameters
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, rep_schedule, rep_Type, schDesc, schName, schSource, selectDeviceDone, task, val10, and val11.
by Rafael Pedrero
CVSS 6.1
CVE-2019-8926 EXPLOITDB MEDIUM html
ManageEngine Netflow Analyzer Professional 7.0.0.2 - Cross-Site Scripting via Administration Zone Popup Parameters
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource.
by Rafael Pedrero
CVSS 6.1
CVE-2019-8925 EXPLOITDB MEDIUM html
ManageEngine Netflow Analyzer 7.0.0.2 Authenticated Path Traversal via CReportPDFServlet
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via any file name, such as a schFilePath=C:\boot.ini value.
by Rafael Pedrero
CVSS 4.3
CVE-2019-8923 EXPLOITDB CRITICAL html
XAMPP <= 5.6.8 - SQL Injection via cds-fpdf.php jahr Parameter
XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued.
by Rafael Pedrero
CVSS 9.8
CVE-2019-8924 EXPLOITDB MEDIUM html
XAMPP <= 5.6.8 - Cross-Site Scripting via cds-fpdf.php interpret or titel Parameter
XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued.
by Rafael Pedrero
CVSS 6.1
CVE-2019-8929 EXPLOITDB MEDIUM html
ManageEngine Netflow Analyzer 7.0.0.2 - Cross-Site Scripting via Device Selection
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype.
by Rafael Pedrero
CVSS 6.1
EIP-2026-101610 EXPLOITDB html
Coship Wireless Router 4.0.0.x/5.0.0.x - WiFi Password Reset
by Adithyan AK
CVE-2019-25247 EXPLOITDB MEDIUM html
Beward N100 H.264 VGA IP Camera M2.1.6 - CSRF
Beward N100 H.264 VGA IP Camera M2.1.6 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft a malicious web page with a hidden form to add an admin user by tricking a logged-in user into submitting the form.
by LiquidWorm
CVSS 5.3
CVE-2019-7391 EXPLOITDB HIGH html
ZyXEL VMG3312-B10B DSL-491HUNU-B1B v2 - CSRF
ZyXEL VMG3312-B10B DSL-491HNU-B1B v2 devices allow login/login-page.cgi CSRF.
by Yusuf Furkan
CVSS 8.8
CVE-2019-6967 EXPLOITDB HIGH html
AirTies Air5341 1.0.0.12 - Cross-Site Request Forgery via cgi-bin/login
AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF.
by Ali Can Gönüllü
CVSS 8.8
CVE-2019-6710 EXPLOITDB HIGH html
Zyxel NBG-418N v2 v1.00(AAXM.4)C0 - Cross-Site Request Forgery via login.cgi
Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF.
by Ali Can Gönüllü
CVSS 8.8
By Source
All 2,009 Writeup 61,941 Exploitdb 50,073 Nomisec 22,294 Github 3,475 Metasploit 3,294 Vulncheck_xdb 926 Inthewild 514 Gitlab 470 Gitee 415 Patchapalooza 312
By Language
text 31,383 python 6,491 ruby 5,984 c 3,619 perl 2,849 html 2,071 php 1,331 bash 462 java 370 c++ 255 javascript 227 shell 126 go 72 postscript 25 typescript 25