Exploitdb Exploits
2,012 exploits tracked across all sources.
AirTies Air5341 <1.0.0.12 - CSRF
AirTies Air5341 1.0.0.12 devices allow cgi-bin/login CSRF.
by Ali Can Gönüllü
CVSS 8.8
Zyxel Nbg-418n Firmware - CSRF
Zyxel NBG-418N v2 v1.00(AAXM.4)C0 devices allow login.cgi CSRF.
by Ali Can Gönüllü
CVSS 8.8
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory in Invalid Array Length
by Bogdan Kurinnoy
Coship Rt3050 Firmware - Authentication Bypass
An issue was discovered on Shenzhen Coship RT3050 4.0.0.40, RT3052 4.0.0.48, RT7620 10.0.0.49, WM3300 5.0.0.54, and WM3300 5.0.0.55 devices. The password reset functionality of the router doesn't have backend validation for the current password and doesn't require any type of authentication. By making a POST request to the apply.cgi file of the router, the attacker can change the admin username and password of the router.
by Adithyan AK
CVSS 9.8
Hucart - CSRF
An issue was discovered in HuCart v5.7.4. There is a CSRF vulnerability that can add an admin account via /adminsys/index.php?load=admins&act=edit_info&act_type=add.
by AllenChen
CVSS 8.8
Google Chrome V8 JavaScript Engine 71.0.3578.98 - Out-of-Memory. Denial of Service (PoC)
by Bogdan Kurinnoy
Leica Geosystems GR10/GR25/GR30/GR50 4.30.063 - CSRF
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without request validation. Attackers can trick logged-in users into executing unauthorized actions by crafting malicious web pages that submit requests to the application.
by LiquidWorm
CVSS 5.3
Leica Geosystems GR10/GR25/GR30/GR50 4.30.063 - XSS
Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 contains a stored cross-site scripting vulnerability in the configuration file upload functionality. Attackers can upload a malicious HTML file to that executes arbitrary JavaScript in a user's browser session when viewed.
by LiquidWorm
CVSS 7.2
Microsoft Edge 44.17763.1.0 - NULL Pointer Dereference
by Bogdan Kurinnoy
Apple Safari < 12.0.2 - Memory Corruption
A memory corruption issue was addressed with improved memory handling. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
by Google Security Research
CVSS 8.8
Microsoft Edge 42.17134.1.0 - 'Tree::ANode::DocumentLayout' Denial of Service
by Bogdan Kurinnoy
ZeusCart 4.0 - Cross-Site Request Forgery (Deactivate Customer Accounts)
by mqt
Artica Integria IMS 5.0.83 - CSRF
Artica Integria IMS 5.0.83 has CSRF in godmode/usuarios/lista_usuarios, resulting in the ability to delete an arbitrary user when the ID number is known.
by Javier Olmedo
CVSS 6.5
Hotel Booking Script 3.4 - Cross-Site Request Forgery (Change Admin Password)
by Sainadh Jamalpur
Internet Explorer < - Memory Corruption
A remote code execution vulnerability exists when Internet Explorer improperly accesses objects in memory, aka "Internet Explorer Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.
by Google Security Research
CVSS 7.5
Facebook And Google Reviews System For Businesses - Cross-Site Request Forgery (Change Admin Password)
by Veyselxan
Apple Safari < 12.0.2 - Memory Corruption
A logic issue existed resulting in memory corruption. This was addressed with improved state management. This issue affected versions prior to iOS 12.1.1, tvOS 12.1.1, watchOS 5.1.2, Safari 12.0.2, iTunes 12.9.2 for Windows, iCloud for Windows 7.9.
by Google Security Research
CVSS 8.8
Internet Explorer <11 - Info Disclosure
An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user's computer or data, aka "Windows Scripting Engine Memory Corruption Vulnerability." This affects Internet Explorer 9, Internet Explorer 11, Internet Explorer 10.
by Google Security Research
CVSS 7.5
Windows VBScript Engine - RCE
A remote code execution vulnerability exists in the way that the VBScript engine handles objects in memory, aka "Windows VBScript Engine Remote Code Execution Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2019, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 8.8
Royalapplications Royal TS < 4.3.60728 - Information Disclosure
The Royal browser extensions TS before 4.3.60728 (Release Date 2018-07-28) and TSX before 3.3.1 (Release Date 2018-09-13) allow Credentials Disclosure.
by Jakub Palaczynski
CVSS 8.1
Apple Safari < 12 - Use After Free
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
Apple Safari < 12 - Use After Free
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
Apple Safari < 12 - Use After Free
A use after free issue was addressed with improved memory management. This issue affected versions prior to iOS 12, tvOS 12, Safari 12, iTunes 12.9 for Windows, iCloud for Windows 7.7.
by Google Security Research
CVSS 8.8
By Source