Text Exploits
31,346 exploits tracked across all sources.
Windows - Privilege Escalation
An elevation of privilege vulnerability exists when Windows improperly handles calls to Advanced Local Procedure Call (ALPC).
An attacker who successfully exploited this vulnerability could run arbitrary code in the security context of the local system. An attacker could then install programs; view, change, or delete data; or create new accounts with full user rights.
To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control over an affected system.
The update addresses the vulnerability by correcting how Windows handles calls to ALPC.
by Google Security Research
CVSS 7.8
Windows Common Log File System - Privilege Escalation
An elevation of privilege vulnerability exists when the Windows Common Log File System (CLFS) driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context.
To exploit the vulnerability, an attacker would first have to log on to the system, and then run a specially crafted application to take control over the affected system.
The security update addresses the vulnerability by correcting how CLFS handles objects in memory.
by Google Security Research
CVSS 7.0
Seeddms < 5.1.11 - Unrestricted File Upload
SeedDMS before 5.1.11 allows Remote Command Execution (RCE) because of unvalidated file upload of PHP scripts, a different vulnerability than CVE-2018-12940.
by Nimit Jain
CVSS 7.5
Seeddms < 5.1.11 - XSS
out/out.UsrMgr.php in SeedDMS before 5.1.11 allows Stored Cross-Site Scripting (XSS) via the name field.
by Nimit Jain
CVSS 5.4
Seeddms - XSS
out/out.GroupMgr.php in SeedDMS 5.1.11 has Stored XSS by making a new group with a JavaScript payload as the "GROUP" Name.
by Nimit Jain
CVSS 6.1
Origin 10.5.36 - RCE
The client in Electronic Arts (EA) Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices communication.
by Metin Yunus Kandemir
CVSS 7.8
Electronic Arts Origin <10.5.39 - Code Injection
An issue was discovered in Electronic Arts Origin before 10.5.39. Due to improper sanitization of the origin:// and origin2:// URI schemes, it is possible to inject additional arguments into the Origin process and ultimately leverage code execution by loading a backdoored Qt plugin remotely via the platformpluginpath argument supplied with a Windows network share.
by Dominik Penner
CVSS 8.8
Sahipro Sahi Pro < 8.0.0 - SQL Injection
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions.
by Goutham Madhwaraj
CVSS 9.8
Sahipro Sahi Pro < 8.0.0 - XSS
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. The logs web interface is vulnerable to stored XSS.
by Goutham Madhwaraj
CVSS 5.4
Sahipro Sahi Pro < 8.0.0 - Path Traversal
An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files.
by Goutham Madhwaraj
CVSS 7.5
Cylan Clever Dog Smart Camera Panoram... - Hard-coded Credentials
On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the network can login remotely to the camera and gain root access. The device ships with a hardcoded 12345678 password for the root account, accessible from a TELNET login prompt.
by Alex Akinbi
CVSS 9.8
Cylan Clever Dog Smart Camera Panoram... - Missing Authentication
On Shenzhen Cylan Clever Dog Smart Camera DOG-2W and DOG-2W-V4 devices, an attacker on the local network has unauthenticated access to the internal SD card via the HTTP service on port 8000. The HTTP web server on the camera allows anyone to view or download the video archive recorded and saved on the external memory card attached to the device.
by Alex Akinbi
CVSS 5.5
Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)
by Gushmazuko
Hosting Controller HC10 10.14 - DoS
The HC.Server service in Hosting Controller HC10 10.14 allows an Invalid Pointer Write DoS.
by hyp3rlinx
CVSS 7.5
Thunderbird <60.7.1 - Use After Free
A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird < 60.7.1.
by X41 D-Sec GmbH
CVSS 7.5
Thunderbird <60.7.1 - Buffer Overflow
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
by X41 D-Sec GmbH
CVSS 9.8
Thunderbird <60.7.1 - Buffer Overflow
A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
by X41 D-Sec GmbH
CVSS 9.8
Thunderbird <60.7.1 - Buffer Overflow
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
by X41 D-Sec GmbH
CVSS 9.8
Pivotal Software Spring Security Oauth < 2.0.17 - Open Redirect
Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the "redirect_uri" parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and uses the DefaultRedirectResolver in the AuthorizationEndpoint. This vulnerability does not expose applications that: Act in the role of an Authorization Server and uses a different RedirectResolver implementation other than DefaultRedirectResolver, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).
by Riemann
CVSS 6.5
Pronestor Health Monitoring - Incorrect Permission Assignment
The Pronestor PNHM (aka Health Monitoring or HealthMonitor) add-in before 8.1.13.0 for Outlook has "BUILTIN\Users:(I)(F)" permissions for the "%PROGRAMFILES(X86)%\proNestor\Outlook add-in for Pronestor\PronestorHealthMonitor.exe" file, which allows local users to gain privileges via a Trojan horse PronestorHealthMonitor.exe file.
by PovlTekstTV
CVSS 7.3
Sitecore Experience Platform < 9.1.1 - Insecure Deserialization
Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 293863. An authenticated user with necessary permissions is able to remotely execute OS commands by sending a crafted serialized object.
by Jarad Kopf
CVSS 8.8
WordPress Plugin Insert or Embed Articulate Content into WordPress - Remote Code Execution
by xulchibalraa
Phpmyadmin < 4.9.0 - CSRF
An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim.
by Riemann
CVSS 6.5
Liferay Portal < 6.0.6 - XSS
In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call <liferay-ui:captcha url="<%= url %>" /> or <liferay-captcha:captcha url="<%= url %>" />. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable.
by Valerio Brussani
CVSS 4.7
UliCMS 2019.2-2019.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitrary web script or HTML via the go parameter to admin/index.php, the go parameter to /admin/index.php?register=register, or the error parameter to admin/index.php?action=favicon.
by Unk9vvN
CVSS 6.1
By Source