Text Exploits
31,346 exploits tracked across all sources.
Zendesk SweetHawk Survey 1.6 - XSS
Zendesk SweetHawk Survey 1.6 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through support ticket submissions. Attackers can insert XSS payloads like script tags into ticket text that automatically execute when survey pages are loaded by other users.
by MTK
CVSS 6.4
OpenBSD Dynamic Loader chpass Privilege Escalation
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.
by Qualys Corporation
CVSS 7.8
Linux kernel <5.4.2 - Privilege Escalation
In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to the loopback interface. This occurs because IORING_OP_SENDMSG operations, although requested in the context of an unprivileged user, are sometimes performed by a kernel worker thread without considering that context.
by Google Security Research
CVSS 7.8
Dlink Dir-615 Firmware - XSS
On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field.
by Sanyam Chawla
CVSS 4.8
D-Link DIR-615 - Privilege Escalation
On D-Link DIR-615 devices, a normal user is able to create a root(admin) user from the D-Link portal.
by Sanyam Chawla
CVSS 6.5
Roxy Fileman 1.4.5 - Path Traversal
Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file and writing the file to the Startup folder (because an incomplete blacklist of file extensions allows Windows shortcut files to be uploaded).
by Patrik Lantz
CVSS 7.5
TVT Nvms-1000 Firmware - Path Traversal
TVT NVMS-1000 devices allow GET /.. Directory Traversal
by numan türle
CVSS 7.5
Bullwark Momentum Series JAWS 1.0 - Path Traversal
Bullwark Momentum Series JAWS 1.0 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP request paths. Attackers can exploit the vulnerability by sending crafted GET requests with multiple '../' sequences to read sensitive files like /etc/passwd outside the web root directory.
by numan türle
CVSS 7.5
Windows AppXSVC - Privilege Escalation
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1483.
by Gabor Seljan
CVSS 7.8
Adobe Acrobat and Reader <2019.021.20056 - RCE
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .
by Google Security Research
CVSS 9.8
Apache Olingo < 4.6.0 - XXE
The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attacks.
by Compass Security
CVSS 5.5
INIM Electronics Smartliving SmartLAN/G/SI <=6.x - Info Disclosure
INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving device models.
by LiquidWorm
CVSS 7.5
Smartliving SmartLAN/G/SI <=6.x - SSRF
Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewalls and perform network enumeration through arbitrary HTTP requests.
by LiquidWorm
CVSS 5.3
SmartLiving SmartLAN <=6.x - Command Injection
SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system() function call to execute arbitrary system commands with root privileges using default credentials.
by LiquidWorm
CVSS 8.8
Inim Smartliving 505 Firmware < 6.0 - Hard-coded Credentials
Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system.
by LiquidWorm
CVSS 9.8
PRO-7070 1.0 - Auth Bypass
PRO-7070 Hazır Profesyonel Web Sitesi version 1.0 contains an authentication bypass vulnerability in the administration panel login page. Attackers can bypass authentication by using '=' 'or' as both username and password to gain unauthorized access to the administrative interface.
by Ahmet Ümit BAYRAM
CVSS 7.5
Snipe-IT 4.7.5 - XSS
Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory is viewed by other users.
by Metin Yunus Kandemir
CVSS 6.4
Oracle Siebel Sales 8.1 - Persistent Cross-Site Scripting
by omurugur
NETGATE Data Backup 3.0.620 - Code Injection
NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific directory locations.
by ZwX
CVSS 7.8
Amiti Antivirus <25.0.640 - Code Injection
Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges by placing executable files in specific directory locations.
by ZwX
CVSS 7.8
OwnCloud 8.1.8 - Info Disclosure
OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter to retrieve comprehensive user information.
by Daniel Moreno
CVSS 9.8
Microsoft Visual Basic 2010 Express - XML External Entity Injection
by ZwX
Online Clinic Management System 2.2 - HTML Injection
by Cemal Cihad ÇİFTÇİ
Cisco Wireless Lan Controller Software - Improper Input Validation
A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially crafted URLs. An attacker could exploit this vulnerability by authenticating with low privileges to an affected controller and submitting the crafted URL to the web interface of the affected device. Conversely, an unauthenticated attacker could exploit this vulnerability by persuading a user of the web interface to click the crafted URL. A successful exploit could allow the attacker to cause an unexpected restart of the device, resulting in a DoS condition.
by SecuNinja
CVSS 6.5
Microsoft Windows Media Center 2002 - XML External Entity MotW Bypass
by hyp3rlinx
By Source