Text Exploits
31,386 exploits tracked across all sources.
Thunderbird <60.7.1 - Use After Free
A flaw in Thunderbird's implementation of iCal causes a type confusion in icaltimezone_get_vtimezone_properties when processing certain email messages, resulting in a crash. This vulnerability affects Thunderbird < 60.7.1.
by X41 D-Sec GmbH
CVSS 7.5
Thunderbird <60.7.1 - Buffer Overflow
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in parser_get_next_char when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
by X41 D-Sec GmbH
CVSS 9.8
Thunderbird <60.7.1 - Buffer Overflow
A flaw in Thunderbird's implementation of iCal causes a stack buffer overflow in icalrecur_add_bydayrules when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
by X41 D-Sec GmbH
CVSS 9.8
Thunderbird <60.7.1 - Buffer Overflow
A flaw in Thunderbird's implementation of iCal causes a heap buffer overflow in icalmemory_strdup_and_dequote when processing certain email messages, resulting in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.7.1.
by X41 D-Sec GmbH
CVSS 9.8
Spring Security OAuth < 2.0.17 - Open Redirect via Authorization Endpoint
Spring Security OAuth, versions 2.3 prior to 2.3.5, and 2.2 prior to 2.2.4, and 2.1 prior to 2.1.4, and 2.0 prior to 2.0.17, and older unsupported versions could be susceptible to an open redirector attack that can leak an authorization code. A malicious user or attacker can craft a request to the authorization endpoint using the authorization code grant type, and specify a manipulated redirection URI via the "redirect_uri" parameter. This can cause the authorization server to redirect the resource owner user-agent to a URI under the control of the attacker with the leaked authorization code. This vulnerability exposes applications that meet all of the following requirements: Act in the role of an Authorization Server (e.g. @EnableAuthorizationServer) and uses the DefaultRedirectResolver in the AuthorizationEndpoint. This vulnerability does not expose applications that: Act in the role of an Authorization Server and uses a different RedirectResolver implementation other than DefaultRedirectResolver, act in the role of a Resource Server only (e.g. @EnableResourceServer), act in the role of a Client only (e.g. @EnableOAuthClient).
by Riemann
CVSS 6.5
Pronestor Health Monitoring < 8.1.12.0 - Privilege Escalation via Trojan Horse Executable
The Pronestor PNHM (aka Health Monitoring or HealthMonitor) add-in before 8.1.13.0 for Outlook has "BUILTIN\Users:(I)(F)" permissions for the "%PROGRAMFILES(X86)%\proNestor\Outlook add-in for Pronestor\PronestorHealthMonitor.exe" file, which allows local users to gain privileges via a Trojan horse PronestorHealthMonitor.exe file.
by PovlTekstTV
CVSS 7.3
Sitecore Experience Platform < 9.1.1 - Authenticated Remote Code Execution via Deserialization
Sitecore Experience Platform (XP) prior to 9.1.1 is vulnerable to remote code execution via deserialization, aka TFS # 293863. An authenticated user with necessary permissions is able to remotely execute OS commands by sending a crafted serialized object.
by Jarad Kopf
CVSS 8.8
WordPress Plugin Insert or Embed Articulate Content into WordPress - Remote Code Execution
by xulchibalraa
phpMyAdmin < 4.9.0 - Cross-Site Request Forgery
An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim.
by Riemann
CVSS 6.5
Liferay Portal < 7.1 CE GA4 - Cross-Site Scripting via SimpleCaptcha URL Parameter
In Liferay Portal before 7.1 CE GA4, an XSS vulnerability exists in the SimpleCaptcha API when custom code passes unsanitized input into the "url" parameter of the JSP taglib call <liferay-ui:captcha url="<%= url %>" /> or <liferay-captcha:captcha url="<%= url %>" />. Liferay Portal out-of-the-box behavior with no customizations is not vulnerable.
by Valerio Brussani
CVSS 4.7
UliCMS 2019.1-2019.2 - Cross-Site Scripting via Admin Index Parameters
Multiple cross-site scripting (XSS) vulnerabilities in UliCMS 2019.2 and 2019.1 allow remote attackers to inject arbitrary web script or HTML via the go parameter to admin/index.php, the go parameter to /admin/index.php?register=register, or the error parameter to admin/index.php?action=favicon.
by Unk9vvN
CVSS 6.1
Windows AppX Deployment Service - Privilege Escalation
An elevation of privilege vulnerability exists when Windows AppX Deployment Service (AppXSVC) improperly handles hard links, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-0730, CVE-2019-0731, CVE-2019-0796, CVE-2019-0805, CVE-2019-0836.
by SandboxEscaper
CVSS 7.8
Supra Smart Cloud TV Remote File Inclusion
Supra Smart Cloud TV allows remote file inclusion in the openLiveURL function, which allows a local attacker to broadcast fake video without any authentication via a /remote/media_control?action=setUri&uri= URI.
by Dhiraj Mishra
CVSS 5.5
Exim 4.87 - 4.91 Local Privilege Escalation
A flaw was found in Exim versions 4.87 to 4.91 (inclusive). Improper validation of recipient address in deliver_message() function in /src/deliver.c may lead to remote command execution.
by Qualys Corporation
CVSS 9.8
IceWarp Mail Server <= 10.4.4 - Local File Inclusion via Webmail Calendar Minimizer
IceWarp Mail Server through 10.4.4 is prone to a local file inclusion vulnerability via webmail/calendar/minimizer/index.php?style=..%5c directory traversal.
by JameelNabbo
CVSS 7.5
ManageEngine ServiceDesk Plus 9.3 - Stored Cross-Site Scripting via SolutionSearch.do searchText Parameter
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SolutionSearch.do searchText parameter.
by Vingroup
CVSS 6.1
Zoho ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting via SiteLookup.do Search Field
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SiteLookup.do search field.
by Vingroup
CVSS 6.1
ManageEngine ServiceDesk Plus 9.3 - Cross-Site Scripting via SearchN.do userConfigID Parameter
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the SearchN.do userConfigID parameter.
by Vingroup
CVSS 6.1
Zoho ManageEngine ServiceDesk Plus 9.3 - Stored Cross-Site Scripting via PurchaseRequest.do serviceRequestId Parameter
An issue was discovered in Zoho ManageEngine ServiceDesk Plus 9.3. There is XSS via the PurchaseRequest.do serviceRequestId parameter.
by Vingroup
CVSS 6.1
10web Form Maker < 1.13.3 - SQL Injection via Submissioc Parameter
In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a crafted value of the /models/Submissioc parameter.
by Daniele Scanu
CVSS 9.8
Quest KACE Systems Management Appliance < 9.0.270 - Unauthenticated Privilege Escalation via CORS Misconfiguration
The Quest Kace K1000 Appliance, versions prior to 9.0.270, allows a remote attacker to exploit the misconfigured Cross-Origin Resource Sharing (CORS) mechanism. An unauthenticated, remote attacker could exploit this vulnerability to perform sensitive actions such as adding a new administrator account or changing the appliance’s settings. A malicious internal user could also gain administrator privileges of this appliance and use it to visit a malicious link that exploits this vulnerability. This could cause the application to perform sensitive actions such as adding a new administrator account or changing the appliance’s settings. An unauthenticated, remote attacker could add an administrator-level account or change the appliance's settings.
by SlidingWindow
CVSS 8.8
AUO Solar Data Recorder < 1.3.0 - Incorrect Access Control
by Luca.Chiou
pfSense 2.4.4-p3 - Stored Cross-Site Scripting via ACME Account Name or Description Field
In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via an acme_accountkeys_edit.php action. The vulnerability occurs due to input validation errors.
by Chi Tran
CVSS 6.1
Thunderbird <60.7-Firefox <67-Firefox ESR <60.7 - Code Injection
A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. *Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all supported releases.*. This vulnerability affects Thunderbird < 60.7, Firefox < 67, and Firefox ESR < 60.7.
by Google Security Research
CVSS 5.9
Thunderbird <60.6, Firefox ESR <60.6, Firefox <66 - Memory Corruption
The IonMonkey just-in-time (JIT) compiler can leak an internal JS_OPTIMIZED_OUT magic value to the running script during a bailout. This magic value can then be used by JavaScript to achieve memory corruption, which results in a potentially exploitable crash. This vulnerability affects Thunderbird < 60.6, Firefox ESR < 60.6, and Firefox < 66.
by Google Security Research
CVSS 9.8
By Source