Exploitdb Exploits
49,989 exploits tracked across all sources.
Comodo Dome Firewall 2.7.0 - Stored XSS
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the schedule endpoint. Attackers can submit POST requests with JavaScript payloads in the SCHNAME parameter to execute arbitrary code in administrators' browsers when the schedule page is accessed.
by Ozer Goker
CVSS 7.2
Comodo Dome Firewall 2.7.0 - XSS
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the FWADDRESSES parameter. Attackers can send POST requests to the /korugan/fwgroups endpoint with script payloads to execute arbitrary JavaScript in users' browsers and steal session data.
by Ozer Goker
CVSS 6.1
Comodo Dome Firewall 2.7.0 - XSS
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the protocol parameter. Attackers can send POST requests to the QoS rules management endpoint with JavaScript payloads in the protocol parameter to execute arbitrary code in administrator browsers.
by Ozer Goker
CVSS 6.1
Comodo Dome Firewall 2.7.0 - XSS
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input through the device parameter. Attackers can send POST requests to the QoS devices management endpoint with script payloads in the device parameter to execute arbitrary JavaScript in users' browsers.
by Ozer Goker
CVSS 6.1
Comodo Dome Firewall 2.7.0 - XSS
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input to the hotspot_permanent_users endpoint. Attackers can send POST requests with JavaScript payloads in the MACADDRESSES parameter to execute arbitrary scripts in users' browsers.
by Ozer Goker
CVSS 6.1
Comodo Dome Firewall 2.7.0 - XSS
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/appid/ endpoint with script payloads in the ID parameter to execute arbitrary JavaScript in victim browsers.
by Ozer Goker
CVSS 6.1
Comodo Dome Firewall 2.7.0 - XSS
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the ID parameter. Attackers can craft requests to the /manage/ips/rules/ endpoint with script payloads in the ID parameter to execute arbitrary JavaScript in victim browsers.
by Ozer Goker
CVSS 6.1
Comodo Dome Firewall 2.7.0 - XSS
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting unsanitized input through the NTP_SERVER_LIST parameter. Attackers can send POST requests to the /korugan/time endpoint with script payloads in the NTP_SERVER_LIST parameter to execute arbitrary JavaScript in users' browsers.
by Ozer Goker
CVSS 6.1
Comodo Dome Firewall 2.7.0 - XSS
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the GATEWAY_GREEN parameter. Attackers can send POST requests to the DHCP configuration endpoint with script payloads to execute arbitrary JavaScript in administrator browsers.
by Ozer Goker
CVSS 6.1
Comodo Dome Firewall 2.7.0 - XSS
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts through the source and destination parameters. Attackers can submit POST requests to the policy routing endpoint with script payloads in these parameters to execute arbitrary JavaScript in users' browsers.
by Ozer Goker
CVSS 6.1
Comodo Dome Firewall 2.7.0 - XSS
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the destination parameter. Attackers can send POST requests to the routing endpoint with script payloads in the destination parameter to execute arbitrary JavaScript in users' browsers.
by Ozer Goker
CVSS 6.1
Comodo Dome Firewall 2.7.0 - XSS
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the netmask_addr parameter. Attackers can send POST requests to the netwizard2 endpoint with script payloads in the netmask_addr parameter to execute arbitrary JavaScript in users' browsers.
by Ozer Goker
CVSS 6.1
Comodo Dome Firewall 2.7.0 - XSS
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the backup schedule interface. Attackers can send POST requests to the backupschedule endpoint with JavaScript code in the BACKUP_RCPTTO parameter to execute arbitrary scripts in users' browsers.
by Ozer Goker
CVSS 6.1
Comodo Dome Firewall 2.7.0 - XSS
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows attackers to inject malicious scripts by manipulating the organization parameter. Attackers can send POST requests to the korugan/cmclient endpoint with script payloads in the organization parameter to execute arbitrary JavaScript in users' browsers.
by Ozer Goker
CVSS 6.1
Comodo Dome Firewall 2.7.0 - Stored XSS
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts by submitting crafted input to the newLicense parameter. Attackers can send POST requests to the license activation endpoint with script payloads in the newLicense field to execute arbitrary JavaScript in administrators' browsers.
by Ozer Goker
CVSS 7.2
Comodo Dome Firewall 2.7.0 - Stored XSS
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input through admin management parameters. Attackers can inject script payloads in the admin_name, name, and surname parameters via POST requests to the /korugan/admins endpoint, which are stored and executed when administrators access the interface.
by Ozer Goker
CVSS 6.4
Comodo Dome Firewall 2.7.0 - Stored XSS
Comodo Dome Firewall 2.7.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by submitting crafted input to the comment parameter. Attackers can inject JavaScript code through the admin_profiles endpoint that executes in the browsers of other users who view the affected page.
by Ozer Goker
CVSS 6.4
Comodo Dome Firewall 2.7.0 - XSS
Comodo Dome Firewall 2.7.0 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting crafted input to the username parameter. Attackers can send POST requests to the login endpoint with script payloads in the username field to execute arbitrary JavaScript in users' browsers.
by Ozer Goker
CVSS 6.1
M/Monit <3.7.3 - Privilege Escalation
An issue was discovered in /admin/users/update in M/Monit before 3.7.3. It allows unprivileged users to escalate their privileges to an administrator by requesting a password change and specifying the admin parameter.
by Dolev Farhi
CVSS 9.8
ArangoDB Community Edition 3.4.2-1 - XSS
ArangoDB Community Edition 3.4.2-1 contains multiple cross-site scripting vulnerabilities in the Aardvark web admin interface (index.html) through search, user management, and API parameters. Attackers can inject scripts via parameters in /_db/_system/_admin/aardvark/index.html to execute JavaScript in authenticated users' browsers.
by Ozer Goker
CVSS 5.4
mIRC <7.55 - Command Injection
mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling (Chrome is not exploitable).
by ProofOfCalc
CVSS 8.1
NBMonitor 1.6.5.0 - 'Key' Denial of Service (PoC)
by Alejandra Sánchez
NBMonitor 1.6.5.0 - 'Key' Denial of Service (PoC)
by Alejandra Sánchez
Globee Woocommerce < 1.1.2 - Improper Input Validation
The GloBee plugin before 1.1.2 for WooCommerce mishandles IPN messages.
by GeekHack
CVSS 7.5
Webiness Inventory - Unrestricted File Upload
An issue was discovered in Webiness Inventory 2.3. The ProductModel component allows Arbitrary File Upload via a crafted product image during the creation of a new product. Consequently, an attacker can steal information from the site with the help of an installed executable file, or change the contents of pages.
by Mehmet EMIROGLU
CVSS 6.5
By Source