Text Exploits
31,346 exploits tracked across all sources.
RICOH MP C1803 JPN - XSS
On the RICOH MP C1803 JPN printer, HTML Injection and Stored XSS vulnerabilities have been discovered in the area of adding addresses via the entryNameIn parameter to /web/entry/en/address/adrsSetUserWizard.cgi.
by Ismail Tasdelen
CVSS 6.1
AirTies Air 5453 <1.0.0.18 - XSS
AirTies Air 5453 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
by Ismail Tasdelen
CVSS 6.1
OPAC EasyWeb Five <5.7 - SQL Injection
An issue was discovered in OPAC EasyWeb Five 5.7. There is SQL injection via the w2001/index.php?scelta=campi biblio parameter.
by Dino Barlattani
CVSS 9.8
ADD Clicking MLM Software <1.0 - SQL Injection
SQL injection exists in ADD Clicking MLM Software 1.0, Binary MLM Software 1.0, Level MLM Software 1.0, Singleleg MLM Software 1.0, Autopool MLM Software 1.0, Investment MLM Software 1.0, Bidding MLM Software 1.0, Moneyorder MLM Software 1.0, Repurchase MLM Software 1.0, and Gift MLM Software 1.0 via the member/readmsg.php msg_id parameter, the member/tree.php pid parameter, or the member/downline.php m_id parameter.
by Ihsan Sencan
CVSS 9.8
Scriptzee Hotel Booking Engine 1.0 - SQL Injection
SQL injection exists in Scriptzee Hotel Booking Engine 1.0 via the hotels h_room_type parameter.
by Ihsan Sencan
CVSS 9.8
Scriptzee Education Website 1.0 - SQL Injection
SQL injection exists in Scriptzee Education Website 1.0 via the college_list.html subject, city, or country parameter.
by Ihsan Sencan
CVSS 9.8
WUZHI CMS 2.0 - XSS
XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter.
by Renzi
CVSS 6.1
Flippa Marketplace Clone 1.0 - 'date_started' SQL Injection
by Ihsan Sencan
ManageEngine AssetExplorer 6.2.0 - Cross-Site Scripting
by Ismail Tasdelen
Billion ADSL Router 400G 20151105641 - Cross-Site Scripting
by cakes
PCProtect Anti-Virus <4.8.35 - Privilege Escalation
PCProtect Anti-Virus v4.8.35 has "Everyone: (F)" permission for %PROGRAMFILES(X86)%\PCProtect, which allows local users to gain privileges by replacing an executable file with a Trojan horse.
by Hashim Jawad
CVSS 7.8
Microsoft Edge - Privilege Escalation
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8469.
by Google Security Research
CVSS 7.4
Windows - Privilege Escalation
An elevation of privilege vulnerability exists when Windows, allowing a sandbox escape, aka "Windows Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2008, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 4.7
Rausoft ID.prove <2.95 - SQL Injection
An issue was discovered in Rausoft ID.prove 2.95. The login page allows SQL injection via Microsoft SQL Server stacked queries in the Username POST parameter. Hypothetically, an attacker can utilize master..xp_cmdshell for the further privilege elevation.
by Ilya Timchenko
CVSS 9.8
iWay Data Quality Suite Web Console 10.6.1.ga - XML External Entity Injection
by Sureshbabu Narvaneni
Microsoft Edge - Privilege Escalation
An elevation of privilege vulnerability exists in Microsoft Edge that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft Edge Elevation of Privilege Vulnerability." This affects Microsoft Edge. This CVE ID is unique from CVE-2018-8463.
by Google Security Research
CVSS 7.4
Alcatel OSPREY3_MINI - Privilege Escalation
The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the "Web Connecton\EE40\BackgroundService" directory.
by Osanda Malith Jayathissa
CVSS 7.8
ManageEngine Desktop Central 10.0.271 - Cross-Site Scripting
by Ismail Tasdelen
Linux kernel <4.18.8 - Use After Free
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
by Google Security Research
CVSS 7.8
Dutch Auction Factory 2.0.2 - SQL Injection
SQL Injection exists in the Dutch Auction Factory 2.0.2 component for Joomla! via the filter_order_Dir or filter_order parameter.
by Ihsan Sencan
CVSS 9.8
Super Cms Blog Pro 1.0 - SQL Injection
SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter.
by Ihsan Sencan
CVSS 9.8
By Source