Text Exploits
31,346 exploits tracked across all sources.
Micro Focus Fortify SSC <18.10 - RCE
A potential Remote Unauthorized Access in Micro Focus Fortify Software Security Center (SSC), versions 17.10, 17.20, 18.10 this exploitation could allow Remote Unauthorized Access
by alt3kx
CVSS 6.5
Linux - 'userfaultfd' Bypasses tmpfs File Permissions
by Google Security Research
ThinkPHP 5.0.23 Remote Code Execution via invokefunction
ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to execute system commands with application privileges.
by VulnSpy
CVSS 9.8
McAfee True Key <5.1.230.7 - Privilege Escalation
Authentication Abuse vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute unauthorized commands via specially crafted malware.
by Google Security Research
CVSS 7.8
Mcafee True Key < 5.1.230.7 - Incorrect Permission Assignment
Weak Directory Permission Vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
by Google Security Research
CVSS 7.2
Juniper Junos - Out-of-Bounds Write
Insufficient validation of environment variables in the telnet client supplied in Junos OS can lead to stack-based buffer overflows, which can be exploited to bypass veriexec restrictions on Junos OS. A stack-based overflow is present in the handling of environment variables when connecting via the telnet client to remote telnet servers. This issue only affects the telnet client — accessible from the CLI or shell — in Junos OS. Inbound telnet services are not affected by this issue. This issue affects: Juniper Networks Junos OS: 12.3 versions prior to 12.3R12-S13; 12.3X48 versions prior to 12.3X48-D80; 14.1X53 versions prior to 14.1X53-D130, 14.1X53-D49; 15.1 versions prior to 15.1F6-S12, 15.1R7-S4; 15.1X49 versions prior to 15.1X49-D170; 15.1X53 versions prior to 15.1X53-D237, 15.1X53-D496, 15.1X53-D591, 15.1X53-D69; 16.1 versions prior to 16.1R3-S11, 16.1R7-S4; 16.2 versions prior to 16.2R2-S9; 17.1 versions prior to 17.1R3; 17.2 versions prior to 17.2R1-S8, 17.2R2-S7, 17.2R3-S1; 17.3 versions prior to 17.3R3-S4; 17.4 versions prior to 17.4R1-S6, 17.4R2-S3, 17.4R3; 18.1 versions prior to 18.1R2-S4, 18.1R3-S3; 18.2 versions prior to 18.2R1-S5, 18.2R2-S2, 18.2R3; 18.2X75 versions prior to 18.2X75-D40; 18.3 versions prior to 18.3R1-S3, 18.3R2; 18.4 versions prior to 18.4R1-S2, 18.4R2.
by Hacker Fantastic
CVSS 7.8
ZTE Zxhn H168n Firmware - Missing Authentication
ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper access control vulnerability, which may allow an unauthorized user to gain unauthorized access.
by Usman Saeed
CVSS 6.5
HotelDruid HotelDruid <2.3.0 - SQL Injection
HotelDruid HotelDruid 2.3.0 version 2.3.0 and earlier contains a SQL Injection vulnerability in "id_utente_mod" parameter in gestione_utenti.php file that can result in An attacker can dump all the database records of backend webserver. This attack appear to be exploitable via the attack can be done by anyone via specially crafted sql query passed to the "id_utente_mod=1" parameter.
by Sainadh Jamalpur
CVSS 9.8
PrinterOn Enterprise 4.1.4 - Info Disclosure
PrinterOn Enterprise 4.1.4 allows Arbitrary File Deletion.
by bzyo
CVSS 6.5
Mcafee True Key < 5.1.230.7 - Privilege Escalation
Privilege Escalation vulnerability in Microsoft Windows client in McAfee True Key (TK) 5.1.230.7 and earlier allows local users to execute arbitrary code via specially crafted malware.
by Google Security Research
CVSS 7.5
WordPress Plugin AutoSuggest 0.24 - 'wpas_keys' SQL Injection
by Kaimi
Tourism Website Blog - Remote Code Execution / SQL Injection
by Ihsan Sencan
DomainMOD <4.11.01 - XSS
DomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field.
by Mohammed Abdul Raheem
CVSS 4.8
Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery
by Ihsan Sencan
Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery
by Ihsan Sencan
Adobe Coldfusion - Unrestricted File Upload
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.
by Vahagn Vardanyan
CVSS 9.8
Apple Iphone OS < 12.1.1 - Improper Input Validation
A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
by Google Security Research
CVSS 7.8
ZTE Zxhn H168n Firmware - Authentication Bypass
ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations.
by Usman Saeed
CVSS 6.5
Tp-link Archer C1200 Firmware - XSS
TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI.
by Usman Saeed
CVSS 6.1
Huawei B315s-22 <21.318.01.00.26 - Info Disclosure
Huawei B315s-22 products with software of 21.318.01.00.26 have an information leak vulnerability. Unauthenticated adjacent attackers may exploit this vulnerability to obtain device information.
by Usman Saeed
CVSS 6.5
DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting
by Mohammed Abdul Raheem
Adiscon LogAnalyzer <4.1.7 - XSS
login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field.
by Gustavo Sorondo
CVSS 6.1
By Source