Text Exploits
31,346 exploits tracked across all sources.
Postie < 1.9.40 - XSS
The Postie plugin 1.9.40 for WordPress allows XSS, as demonstrated by a certain payload with jaVasCript:/* at the beginning and a crafted SVG element.
by V1n1v131r4
CVSS 5.4
Rukovoditel Project Management CRM 2.5.2 - 'reports_id' SQL Injection
by Fatih Çelik
Rukovoditel Project Management CRM 2.5.2 - 'filters' SQL Injection
by Fatih Çelik
Rukovoditel Project Management CRM 2.5.2 - 'entities_id' SQL Injection
by Fatih Çelik
Citrix ADC (NetScaler) Directory Traversal Scanner
An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway 10.5, 11.1, 12.0, 12.1, and 13.0. They allow Directory Traversal.
by Dhiraj Mishra
CVSS 9.8
Jenkins Gitlab Hook < 1.4.2 - XSS
Jenkins Gitlab Hook Plugin 1.4.2 and earlier does not escape project names in the build_now endpoint, resulting in a reflected XSS vulnerability.
by Ai Ho
CVSS 6.1
Online Book Store 1.0 - 'bookisbn' SQL Injection
by Ertebat Gostar Co
Redir 3.3 - Buffer Overflow
Redir 3.3 contains a stack overflow vulnerability in the doproxyconnect() function that allows attackers to crash the application by sending oversized input. Attackers can exploit the sprintf() buffer without proper length checking to overwrite memory and cause a segmentation fault, resulting in program termination.
by hieubl
CVSS 7.5
VPN Unlimited 6.1 - Code Injection
VPN Unlimited 6.1 contains an unquoted service path vulnerability that allows local attackers to inject malicious executables into the service binary path. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\VPN Unlimited\' to replace the service executable and gain elevated system privileges.
by Amin Rawah
CVSS 7.8
WeChat - Memory Corruption in CAudioJBM::InputAudioFrameToJBM
by Google Security Research
Android - Privilege Escalation
In calc_vm_may_flags of ashmem.c, there is a possible arbitrary write to shared memory due to a permissions bypass. This could lead to local escalation of privilege by corrupting memory shared between processes, with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-142938932
by Google Security Research
CVSS 5.5
Advanced System Repair Pro 1.9.1.7 - Insecure File Permissions
by ZwX
Digi AnywhereUSB 14 - XSS
Digi AnywhereUSB 14 allows XSS via a link for the Digi Page.
by Raspina Net Pars Group
CVSS 6.1
ASTPP 4.0.1 - Info Disclosure
ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database information from the /database_backup/ directory.
by Fabien AUNAY
CVSS 7.5
Totalav 2020 - Privilege Escalation
TotalAV 2020 4.14.31 has a quarantine flaw that allows privilege escalation. Exploitation uses an NTFS directory junction to restore a malicious DLL from quarantine into the system32 folder.
by Kusol Watchara-Apanukorn
CVSS 7.8
MSN Password Recovery 1.30 - Info Disclosure
MSN Password Recovery 1.30 contains an XML external entity injection vulnerability that allows attackers to read local system files through crafted XML input. Attackers can exploit the 'Favorites' tab by injecting a malicious XML file that references external entities to retrieve sensitive system configuration information.
by ZwX
CVSS 6.2
ASTPP 4.0.1 - XSS, Command Injection
ASTPP 4.0.1 contains multiple vulnerabilities including cross-site scripting and command injection in SIP device configuration and plugin management interfaces. Attackers can exploit these flaws to inject system commands, hijack administrator sessions, and potentially execute arbitrary code with root permissions through cron task manipulation.
by Fabien AUNAY
CVSS 9.8
Codologic Codoforum - XSS
Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content.
by Vyshnav nk
CVSS 4.8
Jetbrains Teamcity - Path Traversal
An issue was discovered in JetBrains TeamCity 2018.2.4. It had a possible remote code execution issue. This was fixed in TeamCity 2019.1.
by hantwister
CVSS 9.8
Cisco DCNM - Privilege Escalation
A vulnerability in the application environment of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to gain unauthorized access to the JBoss Enterprise Application Platform (JBoss EAP) on an affected device. The vulnerability is due to an incorrect configuration of the authentication settings on the JBoss EAP. An attacker could exploit this vulnerability by authenticating with a specific low-privilege account. A successful exploit could allow the attacker to gain unauthorized access to the JBoss EAP, which should be limited to internal system accounts.
by hantwister
CVSS 6.3
AnyDesk 5.4.0 - Path Traversal
AnyDesk 5.4.0 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially inject malicious executables. Attackers can exploit the unquoted binary path to place malicious files in service executable locations, potentially gaining elevated system privileges.
by SajjadBnd
CVSS 7.8
By Source