Exploitdb Exploits
49,989 exploits tracked across all sources.
Smoothwall Express 3.1-SP4 - XSS
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the portfw.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests with script payloads in the EXT, SRC_PORT_SEL, SRC_PORT, DEST_IP, DEST_PORT_SEL, or COMMENT parameters to execute arbitrary JavaScript in users' browsers.
by Ozer Goker
CVSS 6.1
Smoothwall Express 3.1-SP4 - XSS
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the apcupsd.cgi script that allow attackers to inject malicious scripts through multiple POST parameters. Attackers can submit crafted POST requests with script payloads in parameters like BATTLEVEL, RTMIN, BATTDELAY, TO, ANNOY, UPSIP, UPSNAME, UPSPORT, POLLTIME, UPSUSER, NISPORT, UPSAUTH, EMAIL, FROM, CC, SMSEMAIL, SMTPSERVER, PORT, USER, and EMAIL_PASSWORD to execute arbitrary JavaScript in victim browsers.
by Ozer Goker
CVSS 6.1
Smoothwall Express 3.1-SP4 - XSS
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the NTP_SERVER parameter. Attackers can send POST requests to the time.cgi endpoint with script payloads in the NTP_SERVER parameter to execute arbitrary JavaScript in users' browsers.
by Ozer Goker
CVSS 6.1
Smoothwall Express 3.1-SP4 - XSS
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the hosts.cgi script that allow attackers to inject malicious scripts through unvalidated parameters. Attackers can submit POST requests to the hosts.cgi endpoint with script payloads in the IP, HOSTNAME, or COMMENT parameters to execute arbitrary JavaScript in users' browsers.
by Ozer Goker
CVSS 6.1
Smoothwall Express 3.1-SP4 - XSS
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple reflected cross-site scripting vulnerabilities in the dhcp.cgi script that allow attackers to inject malicious scripts through multiple parameters. Attackers can submit POST requests to dhcp.cgi with script payloads in parameters such as BOOT_SERVER, BOOT_FILE, BOOT_ROOT, START_ADDR, END_ADDR, DNS1, DNS2, NTP1, NTP2, WINS1, WINS2, DEFAULT_LEASE_TIME, MAX_LEASE_TIME, DOMAIN_NAME, NIS_DOMAIN, NIS1, NIS2, STATIC_HOST, STATIC_DESC, STATIC_MAC, and STATIC_IP to execute arbitrary JavaScript in user browsers.
by Ozer Goker
CVSS 6.1
Smoothwall Express 3.1-SP4 - XSS
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains stored and reflected cross-site scripting vulnerabilities in the urlfilter.cgi endpoint that allow attackers to inject malicious scripts. Attackers can submit POST requests with script payloads in the REDIRECT_PAGE or CHILDREN parameters to execute arbitrary JavaScript in user browsers.
by Ozer Goker
CVSS 7.2
Smoothwall Express 3.1-SP4 - XSS
Smoothwall Express 3.1-SP4-polar-x86_64-update9 contains multiple cross-site scripting vulnerabilities in the proxy.cgi endpoint that allow attackers to inject malicious scripts through parameters including CACHE_SIZE, MAX_SIZE, MIN_SIZE, MAX_OUTGOING_SIZE, and MAX_INCOMING_SIZE. Attackers can submit POST requests with script payloads to store or reflect arbitrary JavaScript code that executes in users' browsers when the proxy configuration page is accessed.
by Ozer Goker
CVSS 6.1
MyBB 1.0 - XSS
In the Ban List plugin 1.0 for MyBB, any forum user with mod privileges can ban users and input an XSS payload into the ban reason, which is executed on the bans.php page.
by 0xB9
CVSS 5.4
IP-Tools 2.5 - 'Log to file' Local Buffer Overflow (SEH) (Egghunter)
by Juan Prescotto
IP-Tools 2.5 - 'Log to file' Local Buffer Overflow (SEH) (Egghunter)
by Juan Prescotto
Avast Anti-Virus < 19.1.2360 - Local Credentials Disclosure
by Nathu Nandwani
NUUO NVRmini - RCE
upgrade_handle.php on NUUO NVRmini devices allows Remote Command Execution via shell metacharacters in the uploaddir parameter for a writeuploaddir command.
by Metasploit
CVSS 9.8
Adobe Flash Player DeleteRangeTimelineOperation Type-Confusion
Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in May 2016.
by Metasploit
CVSS 9.8
AVEVA Software, LLC InduSoft Web Studio <8.1 SP3 & InTouch Edge HMI...
AVEVA Software, LLC InduSoft Web Studio prior to Version 8.1 SP3 and InTouch Edge HMI (formerly InTouch Machine Edition) prior to Version 2017 Update. An unauthenticated remote user could use a specially crafted database connection configuration file to execute an arbitrary process on the server machine.
by Jacob Baines
CVSS 7.5
CentOS-WebPanel.com <0.9.8.763 - XSS
CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter.
by DKM
CVSS 4.8
Evince CBT File Command Injection
backend/comics/comics-document.c (aka the comic book backend) in GNOME Evince before 3.24.1 allows remote attackers to execute arbitrary commands via a .cbt file that is a TAR archive containing a filename beginning with a "--" command-line option substring, as demonstrated by a --checkpoint-action=exec=bash at the beginning of the filename.
by Metasploit
CVSS 7.8
Coship Wireless Router 4.0.0.x/5.0.0.x - WiFi Password Reset
by Adithyan AK
AirDroid <4.2.1.6 - DoS
The AirDroid application through 4.2.1.6 for Android allows remote attackers to cause a denial of service (service crash) via many simultaneous sdctl/comm/lite_auth/ requests.
by s4vitar
CVSS 7.5
osCommerce 2.3.4.1 - SQL Injection
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the currency parameter. Attackers can send GET requests to shopping_cart.php with malicious currency values using boolean-based SQL injection payloads to extract sensitive database information.
by Mehmet EMIROGLU
CVSS 8.2
osCommerce 2.3.4.1 - SQL Injection
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products_id parameter. Attackers can modify the products_id value in product_info.php requests and append boolean-based SQL injection payloads to extract sensitive database information.
by Mehmet EMIROGLU
CVSS 8.2
osCommerce 2.3.4.1 - SQL Injection
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the reviews_id parameter. Attackers can send GET requests to product_reviews_write.php with malicious reviews_id values using boolean-based SQL injection payloads to extract sensitive database information.
by Mehmet EMIROGLU
CVSS 8.2
River Past Audio Converter 7.7.16 - Buffer Overflow (SEH)
by Matteo Malvica
By Source