Text Exploits
31,386 exploits tracked across all sources.
ChakraCore - Remote Code Execution via Memory Corruption
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0567, CVE-2019-0568.
by Google Security Research
CVSS 7.5
ChakraCore - Remote Code Execution via Memory Corruption in Scripting Engine
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0568.
by Google Security Research
CVSS 7.5
Ajaxplorer < 5.0.3 - Unrestricted File Upload
Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format parameter of a move operation.
by _jazz______
Joomla! < 3.9.2 - Stored Cross-Site Scripting in Global Configuration Text Filter Settings
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS.
by Praveen Sutar
CVSS 4.8
Microsoft Windows CONTACT - Remote Code Execution
by hyp3rlinx
Check Point ZoneAlarm 8.8.1.110 - Local Privilege Escalation
by Chris Anastasio
Oracle Reports Developer 12.2.1.3 - Info Disclosure
Vulnerability in the Oracle Reports Developer component of Oracle Fusion Middleware (subcomponent: Valid Session). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
by Mohamed M.Fouad
CVSS 6.1
GL.iNet GL-AR300M-Lite Firmware 2.27 - Directory Traversal via storage_cgi
Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences.
by Pasquale Turi
CVSS 8.8
GL.iNet GL-AR300M-Lite Firmware 2.27 - Path Traversal via download_file
download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files.
by Pasquale Turi
CVSS 6.5
GL.iNet GL-AR300M-Lite Firmware 2.27 - Remote Code Execution via login_cgi
Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.
by Pasquale Turi
CVSS 8.8
Microsoft XmlDocument - Privilege Escalation
An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft XmlDocument Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 7.8
Windows Runtime - Privilege Escalation
An elevation of privilege vulnerability exists when the Windows Runtime improperly handles objects in memory, aka "Windows Runtime Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 7.8
Mitel Connect ONSITE <R1711-PREM - RCE
A vulnerability in the conferencing component of Mitel Connect ONSITE, versions R1711-PREM and earlier, and Mitel ST 14.2, release GA28 and earlier, could allow an unauthenticated attacker to inject PHP code using specially crafted requests to the vsethost.php page. Successful exploit could allow an attacker to execute arbitrary PHP code within the context of the application.
by twosevenzero
CVSS 9.8
GL.iNet GL-AR300M-Lite Firmware 2.27 - Remote Command Injection via firmware_cgi
Command injection vulnerability in firmware_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.
by Pasquale Turi
CVSS 8.8
ownDMS 4.7 SQL Injection via pdfstream.php imagestream.php
ownDMS 4.7 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the IMG parameter. Attackers can send GET requests to pdfstream.php, imagestream.php, or anyfilestream.php with crafted SQL payloads in the IMG parameter to extract sensitive database information including version and database names.
by Ihsan Sencan
CVSS 8.2
1Password 6.8 for Android - Denial of Service via OpenYolo Activity Export
The 1Password application 6.8 for Android is affected by a Denial Of Service vulnerability. By starting the activity com.agilebits.onepassword.filling.openyolo.OpenYoloDeleteActivity or com.agilebits.onepassword.filling.openyolo.OpenYoloRetrieveActivity from an external application (since they are exported), it is possible to crash the 1Password instance.
by Valerio Brussani
CVSS 5.9
Across DR-810 ROM-0 Unauthenticated File Disclosure
Across DR-810 contains an unauthenticated file disclosure vulnerability that allows remote attackers to download the rom-0 backup file containing sensitive information by sending a simple GET request. Attackers can access the rom-0 endpoint without authentication to retrieve and decompress the backup file, exposing router passwords and other sensitive configuration data.
by SajjadBnd
CVSS 7.5
i-doit CMDB 1.12 Arbitrary File Download via file_manager Parameter
i-doit CMDB 1.12 contains an arbitrary file download vulnerability that allows authenticated attackers to download sensitive files by manipulating the file parameter in index.php. Attackers can send GET requests to index.php with file_manager=image and supply arbitrary file paths like src/config.inc.php to retrieve configuration files and sensitive system data.
by Ihsan Sencan
CVSS 6.5
i-doit CMDB 1.12 SQL Injection via objGroupID Parameter
i-doit CMDB 1.12 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the objGroupID parameter. Attackers can send GET requests with crafted SQL payloads in the objGroupID parameter to extract sensitive database information including usernames, database names, and version details.
by Ihsan Sencan
CVSS 8.2
HealthNode Hospital Management System 1.0 - SQL Injection
SQL Injection exists in HealthNode Hospital Management System 1.0 via the id parameter to dashboard/Patient/info.php or dashboard/Patient/patientdetails.php.
by Ihsan Sencan
CVSS 9.8
Live Call Support Application 1.5 - Cross-Site Request Forgery in server.php
CSRF exists in server.php in Live Call Support Application 1.5 for adding an admin account.
by Ihsan Sencan
CVSS 8.8
Twilio WEB To Fax Machine System 1.0 - SQL Injection
SQL Injection exists in Twilio WEB To Fax Machine System 1.0 via the email or password parameter to login_check.php, or the id parameter to add_email.php or edit_content.php.
by Ihsan Sencan
CVSS 9.8
By Source