Exploitdb Exploits
50,076 exploits tracked across all sources.
D-Link DSL-2760U Firmware < 1.12 - Authenticated Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl.
by XLabs Security
CVSS 5.4
D-Link DSL-2760U Firmware < 1.12 - Authenticated Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DSL-2760U Gateway (Rev. E1) allow remote authenticated users to inject arbitrary web script or HTML via the (1) ntpServer1 parameter to sntpcfg.cgi, username parameter to (2) ddnsmngr.cmd or (3) todmngr.tod, (4) TodUrlAdd parameter to urlfilter.cmd, (5) appName parameter to scprttrg.cmd, (6) fltName in an add action or (7) rmLst parameter in a remove action to scoutflt.cmd, (8) groupName parameter to portmapcfg.cmd, (9) snmpRoCommunity parameter to snmpconfig.cgi, (10) fltName parameter to scinflt.cmd, (11) PolicyName in an add action or (12) rmLst parameter in a remove action to prmngr.cmd, (13) ippName parameter to ippcfg.cmd, (14) smbNetBiosName or (15) smbDirName parameter to samba.cgi, or (16) wlSsid parameter to wlcfg.wl.
by XLabs Security
CVSS 5.4
Manage Engine Asset Explorer 6.1.0 Build: 6110 - Cross-Site Request Forgery
by Kaustubh G. Padwad
Adobe Flash Player NetConnection Type Confusion
Adobe Flash Player before 13.0.0.277 and 14.x through 17.x before 17.0.0.134 on Windows and OS X and before 11.2.202.451 on Linux allows attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-0334.
by Metasploit
Adobe Flash Player domainMemory ByteArray Use After Free
Double free vulnerability in Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-0346.
by Metasploit
Synametrics Technologies Xeams <4.5 Build 5755 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and earlier allow remote attackers to hijack the authentication of administrators for requests that create an (1) SMTP domain or a (2) user via a request to /FrontController; or conduct cross-site scripting (XSS) attacks via the (3) domainname parameter to /FrontController, when creating a new SMTP domain configuration; the (4) txtRecipient parameter to /FrontController, when creating a new forwarder; the (5) popFetchServer, (6) popFetchUser, or (7) popFetchRecipient parameter to /FrontController, when creating a new POP3 Fetcher account; or the (8) Smtp HELO domain in the Advanced Server Configuration.
by Marlow Tannhauser
WordPress Plugin Yet Another Related Posts 4.2.4 - Cross-Site Request Forgery
by Evex
WordPress Plugin Ultimate Profile Builder 2.3.3 - Cross-Site Request Forgery
by Kaustubh G. Padwad
WordPress Plugin N-Media Website Contact Form with File Upload 1.5 - Local File Inclusion
by T3N38R15
WordPress Plugin ClickBank Ads 1.7 - Cross-Site Request Forgery
by Kaustubh G. Padwad
WordPress Plugin Ad Inserter 1.5.2 - Cross-Site Request Forgery
by Kaustubh G. Padwad
Synametrics SynaMan Syncrify SynTail - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567
by Marlow Tannhauser
CVSS 8.8
Synametrics SynaMan Syncrify SynTail - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567
by Marlow Tannhauser
CVSS 8.8
Synametrics SynaMan Syncrify SynTail - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567
by Marlow Tannhauser
CVSS 8.8
ThemePunch Slider Revolution <3.0.96 & Showbiz Pro <1.7.1 - RCE
The ThemePunch Slider Revolution (revslider) plugin before 3.0.96 for WordPress and Showbiz Pro plugin 1.7.1 and earlier for Wordpress does not properly restrict access to administrator AJAX functionality, which allows remote attackers to (1) upload and execute arbitrary files via an update_plugin action; (2) delete arbitrary sliders via a delete_slider action; and (3) create, (4) update, (5) import, or (6) export arbitrary sliders via unspecified vectors.
by Metasploit
MacKeeper - URL Handler Remote Code Execution
by Braden Thomas
Alienvault OSSIM/USM 4.14/4.15/5.0 - Multiple Vulnerabilities
by Peter Lapp
Novell ZENworks Configuration Management < 11.3.2 - Remote Code Execution via UploadServlet uid Parameter
Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324.
by Metasploit
freshmail-newsletter < 1.6 - SQL Injection via FM_form Shortcode
The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring.
by Felipe Molina
CVSS 8.8
IBM WebSphere Portal 6.1.0.0-6.1.0.6 CF27, 6.1.5.0-6.1.5.3 CF27, 7.0.0-7.0.0.2 CF28 - Authenticated Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, and 7.0.0 through 7.0.0.2 CF28 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
by Filippo Roncari
SonicWALL Remote Access Firmware < 7.5.1.0-38sv - Cross-Site Request Forgery via Bookmark Creation
Cross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks via a crafted request to cgi-bin/editBookmark.
by Veit Hailperin
By Source