Text Exploits
31,346 exploits tracked across all sources.
Google Chrome < M72 - RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free
by Google Security Research
Google Chrome < M72 - PaymentRequest Service Use-After-Free
by Google Security Research
Google Chrome < M72 - FileWriterImpl Use-After-Free
by Google Security Research
macOS XNU - Copy-on-Write Behavior Bypass via Mount of User-Owned Filesystem Image
by Google Security Research
Linux Kernel < 4.19.25 - Out-of-Bounds Write
In the Linux kernel before 4.20.12, net/ipv4/netfilter/nf_nat_snmp_basic_main.c in the SNMP NAT module has insufficient ASN.1 length checks (aka an array index error), making out-of-bounds read and write operations possible, leading to an OOPS or local privilege escalation. This affects snmp_version and snmp_helper.
by Google Security Research
CVSS 7.8
J2store < 3.3.7 - SQL Injection
SQL injection vulnerability in the J2Store plugin 3.x before 3.3.7 for Joomla! allows remote attackers to execute arbitrary SQL commands via the product_option[] parameter.
by Andrei Conache
CVSS 9.8
Webkitgtk < 2.23.90 - Memory Corruption
The UIProcess subsystem in WebKit, as used in WebKitGTK through 2.23.90 and WebKitGTK+ through 2.22.6 and other products, does not prevent the script dialog size from exceeding the web view size, which allows remote attackers to cause a denial of service (Buffer Overflow) or possibly have unspecified other impact, related to UIProcess/API/gtk/WebKitScriptDialogGtk.cpp, UIProcess/API/gtk/WebKitScriptDialogImpl.cpp, and UIProcess/API/gtk/WebKitWebViewGtk.cpp, as demonstrated by GNOME Web (aka Epiphany).
by Dhiraj Mishra
CVSS 9.8
Advance Gift Shop Pro Script 2.0.3 SQL Injection via search
Advance Gift Shop Pro Script 2.0.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the search parameter. Attackers can submit crafted SQL payloads in the 's' parameter of search requests to extract sensitive database information including version details and other data.
by Mr Winst0n
CVSS 8.2
News Website Script 2.0.5 SQL Injection via index.php
News Website Script 2.0.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the news ID parameter. Attackers can send GET requests to index.php/show/news/ with malicious SQL statements to extract sensitive database information.
by Mr Winst0n
CVSS 8.2
ZZZCMS zzzphp <V1.6.1 - RCE
An issue was discovered in ZZZCMS zzzphp V1.6.1. In the inc/zzz_template.php file, the parserIfLabel() function's filtering is not strict, resulting in PHP code execution, as demonstrated by the if:assert substring.
by Yang Chenglong
CVSS 7.2
PHP Ecommerce Script 2.0.6 - Cross-Site Scripting / SQL Injection
by Mr Winst0n
Drupal < 8.5.11 - Insecure Deserialization
Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core RESTful Web Services (rest) module enabled and allows PATCH or POST requests, or the site has another web services module enabled, like JSON:API in Drupal 8, or Services or RESTful Web Services in Drupal 7. (Note: The Drupal 7 Services module itself does not require an update at this time, but you should apply other contributed updates associated with this advisory if Services is in use.)
by Charles Fol
CVSS 8.1
Microfocus Filr - Path Traversal
A path traversal vulnerability in the web application component of Micro Focus Filr 3.x allows a remote attacker authenticated as a low privilege user to download arbitrary files from the Filr server. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
by SecureAuth
CVSS 6.5
Quest NetVault Backup 11.3.0.12 - SQL Injection
This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Quest NetVault Backup 11.3.0.12. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of NVBUPhaseStatus Acknowledge method requests. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to execute code in the context of the underlying database. Was ZDI-CAN-4228.
by Chris Anastasio
CVSS 9.8
Microfocus Filr - Improper Privilege Management
A local privilege escalation vulnerability in the famtd component of Micro Focus Filr 3.0 allows a local attacker authenticated as a low privilege user to escalate to root. This vulnerability affects all versions of Filr 3.x prior to Security Update 6.
by SecureAuth
CVSS 7.8
Teracue ENC-400 <2.56 - Info Disclosure
An issue was discovered on Teracue ENC-400 devices with firmware 2.56 and below. While the web interface requires authentication before it can be interacted with, a large portion of the HTTP endpoints are missing authentication. An attacker is able to view these pages before being authenticated, and some of these pages may disclose sensitive information.
by Stephen Shkardoon
CVSS 7.5
C4G BLIS 3.4 SQL Injection via users_select.php
C4G Basic Laboratory Information System 3.4 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through the site parameter. Attackers can send GET requests to the users_select.php endpoint with crafted SQL payloads to extract sensitive database information including patient records and system credentials.
by Carlos Avila
CVSS 8.2
Memu Play 6.0.7 Privilege Escalation via Insecure File Permissions
Memu Play 6.0.7 contains an insecure file permissions vulnerability that allows low-privilege users to escalate privileges by replacing the MemuService.exe executable. Attackers can rename and overwrite MemuService.exe in the installation directory with a malicious executable, which executes with system-level privileges when the service restarts after a computer reboot.
by Alejandra Sánchez
CVSS 9.8
MikroTik RouterOS <6.43.12-6.42.12 - RCE
MikroTik RouterOS before 6.43.12 (stable) and 6.42.12 (long-term) is vulnerable to an intermediary vulnerability. The software will execute user defined network requests to both WAN and LAN clients. A remote unauthenticated attacker can use this vulnerability to bypass the router's firewall or for general network scanning activities.
by Jacob Baines
CVSS 7.5
Digitaldruid Hoteldruid - XSS
HotelDruid 2.3.0 has XSS affecting the nsextt, cambia1, mese_fine, origine, and anno parameters in creaprezzi.php, tabella3.php, personalizza.php, and visualizza_tabelle.php.
by Mehmet EMIROGLU
CVSS 6.1
Apple Iphone OS < 12.1.3 - Memory Corruption
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.1.3, macOS Mojave 10.14.3, tvOS 12.1.2, watchOS 5.1.3. A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution.
by Google Security Research
CVSS 8.8
MatrixSSL < 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates
by Google Security Research
MatrixSSL < 4.0.2 - Stack Buffer Overflow Verifying x.509 Certificates
by Google Security Research
By Source