Text Exploits
31,386 exploits tracked across all sources.
Trend Micro ATTK <1.62.0.1218 - RCE
Trend Micro Anti-Threat Toolkit (ATTK) versions 1.62.0.1218 and below have a vulnerability that may allow an attacker to place malicious files in the same directory, potentially leading to arbitrary remote code execution (RCE) when executed.
by hyp3rlinx
CVSS 7.8
Adobe Acrobat and Reader DC < 15.006.30504, 15.008.20082-19.021.20047 - Heap Overflow
Adobe Acrobat and Reader versions , 2019.012.20040 and earlier, 2017.011.30148 and earlier, 2017.011.30148 and earlier, 2015.006.30503 and earlier, and 2015.006.30503 and earlier have a heap overflow vulnerability. Successful exploitation could lead to arbitrary code execution .
by Google Security Research
CVSS 9.8
Oracle Solaris 11 - Privilege Escalation in XScreenSaver
Vulnerability in the Oracle Solaris product of Oracle Systems (component: XScreenSaver). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle Solaris. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
by Marco Ivaldi
CVSS 8.8
WordPress Soliloquy Lite 2.5.6 Persistent Cross-Site Scripting
WordPress Soliloquy Lite 2.5.6 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by inserting script tags in the post title field. Attackers can submit POST requests to the post editing endpoint with script payloads in the post_title parameter, which are stored and executed when users preview the post.
by Unk9vvN
CVSS 5.4
WordPress Popup Builder 3.49 Persistent Cross-Site Scripting
WordPress Popup Builder 3.49 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by breaking out of option tags in the post_title parameter. Attackers can submit crafted POST requests to the post.php endpoint with script payloads in the post_title field that execute when pages or posts display popup selections.
by Unk9vvN
CVSS 5.4
WorkgroupMail 7.5.1 - Code Injection
WorkgroupMail 7.5.1 contains an unquoted service path vulnerability in its Windows service configuration that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
by cakes
CVSS 7.8
BlackMoon FTP Server 3.1.2.1731 - Privilege Escalation
BlackMoon FTP Server 3.1.2.1731 contains an unquoted service path vulnerability that allows local users to potentially execute code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to insert malicious code that would execute with LocalSystem account permissions during service startup.
by Debashis Pal
CVSS 7.8
Web Companion versions 5.1.1035.1047 - 'WCAssistantService' Unquoted Service Path
by Debashis Pal
WordPress Plugin FooGallery 1.8.12 - Persistent Cross-Site Scripting
by Unk9vvN
Zilab Remote Console Server 3.2.9 - Privilege Escalation
Zilab Remote Console Server 3.2.9 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path in the service configuration to inject malicious executables that will be run with LocalSystem permissions.
by cakes
CVSS 7.8
Mikogo <5.2.2.150317 - Code Injection
Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations.
by cakes
CVSS 7.8
NCH Express Accounts Accounting v7.02 - XSS
In NCH Express Accounts Accounting v7.02, persistent cross site scripting (XSS) exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject arbitrary JavaScript.
by Debashis Pal
CVSS 5.4
Lavasoft 2.3.4.7 - 'LavasoftTcpService' Unquoted Service Path
by Luis MedinaL
ActiveFax Server <6.92 Build 0316 - Code Injection
ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxServiceNT service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated administrative privileges.
by cakes
CVSS 7.8
NCH Express Invoice 7.12 - Authenticated Stored Cross-Site Scripting via Invoices/Items/Customers Fields
In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parameter to inject arbitrary JavaScript.
by Debashis Pal
CVSS 5.4
Ubisoft Uplay 92.0.0.6280 - Insecure Default Permissions
Ubisoft Uplay 92.0.0.6280 has Insecure Permissions.
by Kusol Watchara-Apanukorn
CVSS 7.8
Kirona DRS 5.5.3.5 - Info Disclosure
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database information such as database version, table name, column name, etc.
by Ramikan
CVSS 5.3
National Instruments Circuit Design Suite 14.0 - Local Privilege Escalation
by Ivan Marmolejo
Intelbras Router WRN150 1.0.18 - Persistent Cross-Site Scripting
by Prof. Joas Antonio
Windows 7 and Windows Server 2008 - Elevation of Privilege in Win32k Kernel-Mode Driver
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1362.
by Google Security Research
CVSS 7.8
Windows 10, 8.1, RT 8.1, Server 2012, 2016, 2019 - Denial of Service via Memory Object Handling
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1346.
by Google Security Research
CVSS 6.5
By Source