Exploitdb Exploits

49,989 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-8927 EXPLOITDB MEDIUM html
Zohocorp Manageengine Netflow Analyzer - XSS
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/scheduleConfig.jsp file via these GET parameters: devSrc, emailId, excWeekModify, filterFlag, getFilter, mailReport, mset, popup, rep_schedule, rep_Type, schDesc, schName, schSource, selectDeviceDone, task, val10, and val11.
by Rafael Pedrero
CVSS 6.1
CVE-2019-8926 EXPLOITDB MEDIUM html
Zohocorp Manageengine Netflow Analyzer - XSS
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/popup1.jsp file via these GET parameters: bussAlert, customDev, and selSource.
by Rafael Pedrero
CVSS 6.1
CVE-2019-8925 EXPLOITDB MEDIUM html
Zohocorp Manageengine Netflow Analyzer - Path Traversal
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. An Absolute Path Traversal vulnerability in the Administration zone, in /netflow/servlet/CReportPDFServlet (via the parameter schFilePath), allows remote authenticated users to bypass intended SecurityManager restrictions and list a parent directory via any file name, such as a schFilePath=C:\boot.ini value.
by Rafael Pedrero
CVSS 4.3
CVE-2019-8923 EXPLOITDB CRITICAL html
Apachefriends Xampp < 5.6.8 - SQL Injection
XAMPP through 5.6.8 and previous allows SQL injection via the cds-fpdf.php jahr parameter. NOTE: This product is discontinued.
by Rafael Pedrero
CVSS 9.8
CVE-2019-15084 EXPLOITDB HIGH text
Waves Maxx Audio - Incorrect Permission Assignment
Realtek Waves MaxxAudio driver 1.6.2.0, as used on Dell laptops, installs with incorrect file permissions. As a result, a local attacker can escalate to SYSTEM.
by Mike Siegel
CVSS 7.8
EIP-2026-114654 EXPLOITDB text
Zuz Music 2.1 - 'zuzconsole/___contact ' Persistent Cross-Site Scripting
by Deyaa Muhammad
CVE-2019-8924 EXPLOITDB MEDIUM html
Apachefriends Xampp < 5.6.8 - XSS
XAMPP through 5.6.8 allows XSS via the cds-fpdf.php interpret or titel parameter. NOTE: This product is discontinued.
by Rafael Pedrero
CVSS 6.1
EIP-2026-109169 EXPLOITDB text
Listing Hub CMS 1.0 - 'pages.php id' SQL Injection
by Deyaa Muhammad
EIP-2026-107100 EXPLOITDB text
Find a Place CMS Directory 1.5 - 'assets/external/data_2.php cate' SQL Injection
by Deyaa Muhammad
CVE-2019-8929 EXPLOITDB MEDIUM html
Zohocorp Manageengine Netflow Analyzer - XSS
An issue was discovered in Zoho ManageEngine Netflow Analyzer Professional 7.0.0.2. XSS exists in the Administration zone /netflow/jspui/selectDevice.jsp file in these GET parameters: param and rtype.
by Rafael Pedrero
CVSS 6.1
CVE-2019-1003002 EXPLOITDB HIGH text VERIFIED
Pipeline: Declarative Plugin <1.3.3 - RCE
A sandbox bypass vulnerability exists in Pipeline: Declarative Plugin 1.3.3 and earlier in pipeline-model-definition/src/main/groovy/org/jenkinsci/plugins/pipeline/modeldefinition/parser/Converter.groovy that allows attackers with Overall/Read permission to provide a pipeline script to an HTTP endpoint that can result in arbitrary code execution on the Jenkins master JVM.
by orange
CVSS 8.8
CVE-2019-25674 EXPLOITDB HIGH text
CMSsite 1.0 SQL Injection via post Parameter
CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'post' parameter. Attackers can send GET requests to post.php with malicious 'post' values to extract sensitive database information or perform time-based blind SQL injection attacks.
by Mr Winst0n
CVSS 8.2
CVE-2019-25570 EXPLOITDB MEDIUM python
RealTerm Serial Terminal 2.0.0.70 Denial of Service via Port Field
RealTerm Serial Terminal 2.0.0.70 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an excessively long string in the Port field. Attackers can paste a buffer of 1000 characters into the Port input field and click the open button to trigger a crash.
by Alejandra Sánchez
CVSS 5.5
CVE-2019-25569 EXPLOITDB MEDIUM python
RealTerm Serial Terminal 2.0.0.70 SEH Overflow Crash
RealTerm Serial Terminal 2.0.0.70 contains a stack-based buffer overflow vulnerability in the Echo Port field that allows local attackers to crash the application by triggering a structured exception handler (SEH) chain corruption. Attackers can craft a malicious input string with 268 bytes of padding followed by SEH overwrite values and paste it into the Port field to cause denial of service.
by Alejandra Sánchez
CVSS 6.2
CVE-2019-25430 EXPLOITDB MEDIUM text
Comodo Dome Firewall 2.7.0 - XSS
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the vpn_users endpoint with script payloads in the username field to execute arbitrary JavaScript in victim browsers.
by Ozer Goker
CVSS 6.1
CVE-2019-25429 EXPLOITDB MEDIUM text
Comodo Dome Firewall 2.7.0 - XSS
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the openvpn_advanced endpoint. Attackers can inject JavaScript code through the GLOBAL_NETWORKS and GLOBAL_DNS parameters via POST requests to execute arbitrary scripts in users' browsers.
by Ozer Goker
CVSS 6.1
CVE-2019-25428 EXPLOITDB MEDIUM text
Comodo Dome Firewall 2.7.0 - XSS
Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the openvpn_users endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with script payloads in the username, remotenets, explicitroutes, static_ip, custom_dns, or custom_domain parameters to execute arbitrary JavaScript in users' browsers.
by Ozer Goker
CVSS 6.1
CVE-2019-25427 EXPLOITDB MEDIUM text
Comodo Dome Firewall 2.7.0 - XSS
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the antispyware endpoint. Attackers can send POST requests with JavaScript payloads in the DNSMASQ_WHITELIST or DNSMASQ_BLACKLIST parameters to execute arbitrary code in users' browsers.
by Ozer Goker
CVSS 6.1
CVE-2019-25426 EXPLOITDB MEDIUM text
Comodo Dome Firewall 2.7.0 - XSS
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the dnsmasq endpoint. Attackers can send POST requests with script payloads in the TRANSPARENT_SOURCE_BYPASS or TRANSPARENT_DESTINATION_BYPASS parameters to execute arbitrary JavaScript in users' browsers.
by Ozer Goker
CVSS 6.1
CVE-2019-25425 EXPLOITDB MEDIUM text
Comodo Dome Firewall 2.7.0 - XSS
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the VIRUS_ADMIN parameter. Attackers can send POST requests to the smtpconfig endpoint with script payloads to execute arbitrary JavaScript in the context of an administrator's browser session.
by Ozer Goker
CVSS 6.1
CVE-2019-25424 EXPLOITDB MEDIUM text
Comodo Dome Firewall 2.7.0 - XSS
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the EXCEPTIONSITELIST parameter. Attackers can craft POST requests to the https_exceptions endpoint with script payloads to execute arbitrary JavaScript in users' browsers and steal session data.
by Ozer Goker
CVSS 6.1
CVE-2019-25423 EXPLOITDB MEDIUM text
Comodo Dome Firewall 2.7.0 - XSS
Comodo Dome Firewall 2.7.0 contains multiple reflected cross-site scripting vulnerabilities in the /korugan/proxyconfig endpoint that allow attackers to inject malicious scripts through POST parameters. Attackers can submit crafted POST requests with JavaScript payloads in parameters like PROXY_PORT, VISIBLE_HOSTNAME, ADMIN_MAIL_ADDRESS, CACHE_MEM, MAX_SIZE, MIN_SIZE, and DST_NOCACHE to execute arbitrary scripts in administrator browsers.
by Ozer Goker
CVSS 6.1
CVE-2019-25422 EXPLOITDB HIGH text
Comodo Dome Firewall 2.7.0 - XSS
Comodo Dome Firewall 2.7.0 contains cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through the vpnfw endpoint. Attackers can submit POST requests with script payloads in the target parameter for reflected XSS or the remark parameter for stored XSS to execute arbitrary JavaScript in administrator browsers.
by Ozer Goker
CVSS 7.2
CVE-2019-25421 EXPLOITDB MEDIUM text
Comodo Dome Firewall 2.7.0 - XSS
Comodo Dome Firewall 2.7.0 contains multiple cross-site scripting vulnerabilities that allow attackers to inject malicious scripts through the policyfw endpoint. Attackers can submit POST requests with JavaScript payloads in the mac, target, and remark parameters to execute arbitrary code in administrator browsers or store persistent scripts in the application.
by Ozer Goker
CVSS 6.1
CVE-2019-25420 EXPLOITDB MEDIUM text
Comodo Dome Firewall 2.7.0 - XSS
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the snat endpoint. Attackers can send POST requests with JavaScript payloads in the port or snat_to_ip parameters to execute arbitrary scripts in users' browsers.
by Ozer Goker
CVSS 6.1
By Source
All 49,989 Writeup 59,870 Exploitdb 49,989 Nomisec 21,514 Metasploit 3,218 Github 2,540 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,330 python 5,922 ruby 5,907 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 53 postscript 25 xml 24