Text Exploits
31,386 exploits tracked across all sources.
XEROX WorkCentre 6655 Printer - Cross-Site Request Forgery (Add Admin)
by Ismail Tasdelen
phpMyChat-Plus 1.98 - 'pmc_username' Reflected Cross-Site Scripting
by Chris Inzinga
Deutsche Bahn Ticket Vending Machine Local Kiosk - Privilege Escalation
by Vulnerability-Lab
Tautulli 2.1.9 - Cross-Site Request Forgery (ShutDown)
by Ismail Tasdelen
macOS 10.14.6 (18G87) - Kernel Use-After-Free due to Race Condition in wait_for_namespace_event()
by Google Security Research
Xerox AltaLink C8035 Printer - Cross-Site Request Forgery (Add Admin)
by Ismail Tasdelen
Telerik UI ASP.NET AJAX RadAsyncUpload Deserialization
Progress Telerik UI for ASP.NET AJAX through 2019.3.1023 contains a .NET deserialization vulnerability in the RadAsyncUpload function. This is exploitable when the encryption keys are known due to the presence of CVE-2017-11317 or CVE-2017-11357, or other means. Exploitation can result in remote code execution. (As of 2020.1.114, a default setting prevents the exploit. In 2019.3.1023, but not earlier versions, a non-default setting can prevent exploitation.)
by Bishop Fox
CVSS 9.8
Rumpus FTP Web File Manager 8.2.9.1 - XSS
A Reflected Cross Site Scripting was discovered in the Login page of Rumpus FTP Web File Manager 8.2.9.1. An attacker can exploit it by sending a crafted link to end users and can execute arbitrary Javascripts
by Harshit Shukla
CVSS 6.1
Zendesk App SweetHawk Survey 1.6 - Stored Cross-Site Scripting via Support Ticket Submission
Zendesk SweetHawk Survey 1.6 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through support ticket submissions. Attackers can insert XSS payloads like script tags into ticket text that automatically execute when survey pages are loaded by other users.
by MTK
CVSS 6.4
OpenBSD Dynamic Loader chpass Privilege Escalation
OpenBSD through 6.6 allows local users to escalate to root because a check for LD_LIBRARY_PATH in setuid programs can be defeated by setting a very small RLIMIT_DATA resource limit. When executing chpass or passwd (which are setuid root), _dl_setup_env in ld.so tries to strip LD_LIBRARY_PATH from the environment, but fails when it cannot allocate memory. Thus, the attacker is able to execute their own library code as root.
by Qualys Corporation
CVSS 7.8
Linux kernel <5.4.2 - Privilege Escalation
In the Linux kernel before 5.4.2, the io_uring feature leads to requests that inadvertently have UID 0 and full capabilities, aka CID-181e448d8709. This is related to fs/io-wq.c, fs/io_uring.c, and net/socket.c. For example, an attacker can bypass intended restrictions on adding an IPv4 address to the loopback interface. This occurs because IORING_OP_SENDMSG operations, although requested in the context of an unprivileged user, are sometimes performed by a kernel worker thread without considering that context.
by Google Security Research
CVSS 7.8
D-Link DIR-615 Firmware - Stored Cross-Site Scripting via User Account Name Field
On D-Link DIR-615 devices, the User Account Configuration page is vulnerable to blind XSS via the name field.
by Sanyam Chawla
CVSS 4.8
D-Link DIR-615 - Privilege Escalation
On D-Link DIR-615 devices, a normal user is able to create a root(admin) user from the D-Link portal.
by Sanyam Chawla
CVSS 6.5
Roxy Fileman 1.4.5 - Path Traversal
Roxy Fileman 1.4.5 for .NET is vulnerable to path traversal. A remote attacker can write uploaded files to arbitrary locations via the RENAMEFILE action. This can be leveraged for code execution by uploading a specially crafted Windows shortcut file and writing the file to the Startup folder (because an incomplete blacklist of file extensions allows Windows shortcut files to be uploaded).
by Patrik Lantz
CVSS 7.5
TVT NVMS-1000 Firmware - Path Traversal via GET Request
TVT NVMS-1000 devices allow GET /.. Directory Traversal
by numan türle
CVSS 7.5
Bullwark Momentum Series JAWS 1.0 - Path Traversal
Bullwark Momentum Series JAWS 1.0 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP request paths. Attackers can exploit the vulnerability by sending crafted GET requests with multiple '../' sequences to read sensitive files like /etc/passwd outside the web root directory.
by numan türle
CVSS 7.5
Windows AppXSVC - Privilege Escalation
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1483.
by Gabor Seljan
CVSS 7.8
Adobe Acrobat and Reader <2019.021.20056 - RCE
Adobe Acrobat and Reader versions , 2019.021.20056 and earlier, 2017.011.30152 and earlier, 2017.011.30155 and earlier version, 2017.011.30152 and earlier, and 2015.006.30505 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .
by Google Security Research
CVSS 9.8
Apache Olingo 4.0.0-4.6.0 - XML External Entity Injection via XML Content Type Deserialization
The XML content type entity deserializer in Apache Olingo versions 4.0.0 to 4.6.0 is not configured to deny the resolution of external entities. Request with content type "application/xml", which trigger the deserialization of entities, can be used to trigger XXE attacks.
by Compass Security
CVSS 5.5
INIM Electronics Smartliving SmartLAN/G/SI <=6.x - Info Disclosure
INIM Electronics Smartliving SmartLAN/G/SI <=6.x contains hard-coded credentials in its Linux distribution image that cannot be changed through normal device operations. Attackers can exploit these persistent credentials to log in and gain unauthorized system access across multiple SmartLiving device models.
by LiquidWorm
CVSS 7.5
Smartliving SmartLAN/G/SI <=6.x - SSRF
Smartliving SmartLAN/G/SI <=6.x contains an unauthenticated server-side request forgery vulnerability in the GetImage functionality through the 'host' parameter. Attackers can exploit the onvif.cgi endpoint by specifying external domains to bypass firewalls and perform network enumeration through arbitrary HTTP requests.
by LiquidWorm
CVSS 5.3
SmartLiving SmartLAN <=6.x - Command Injection
SmartLiving SmartLAN <=6.x contains an authenticated remote command injection vulnerability in the web.cgi binary through the 'par' POST parameter with the 'testemail' module. Attackers can exploit the unsanitized parameter and system() function call to execute arbitrary system commands with root privileges using default credentials.
by LiquidWorm
CVSS 8.8
By Source