Text Exploits
31,386 exploits tracked across all sources.
Microsoft SQL Server Management Studio <18 - Info Disclosure
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing malicious XML content containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8532.
by hyp3rlinx
CVSS 5.5
Microsoft SQL Server Management Studio <18.0 - Info Disclosure
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XMLA file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8527, CVE-2018-8533.
by hyp3rlinx
CVSS 5.5
Microsoft SQL Server Management Studio <18.0 - Info Disclosure
An information disclosure vulnerability exists in Microsoft SQL Server Management Studio (SSMS) when parsing a malicious XEL file containing a reference to an external entity, aka "SQL Server Management Studio Information Disclosure Vulnerability." This affects SQL Server Management Studio 17.9, SQL Server Management Studio 18.0. This CVE ID is unique from CVE-2018-8532, CVE-2018-8533.
by hyp3rlinx
CVSS 5.5
Blueimp jQuery-File-Upload <=9.22.0 - File Upload
Unauthenticated arbitrary file upload vulnerability in Blueimp jQuery-File-Upload <= v9.22.0
by Larry W. Cashdollar
CVSS 9.8
Episerver Ektron CMS < 9.0 SP3 CU 31 / 9.1 < SP3 CU 45 / 9.2 < SP2 CU 22 - Unauthenticated Privilege Escalation
Episerver Ektron CMS before 9.0 SP3 Site CU 31, 9.1 before SP3 Site CU 45, or 9.2 before SP2 Site CU 22 allows remote attackers to call aspx pages via the "activateuser.aspx" page, even if a page is located under the /WorkArea/ path, which is forbidden (normally available exclusively for local admins).
by alt3kx
CVSS 9.8
WhatsApp - RTP Processing Heap Corruption
by Google Security Research
WikidForum 2.20 - SQL Injection via rpc.php parent_post_id or num_records Parameter
WikidForum 2.20 has SQL Injection via the rpc.php parent_post_id or num_records parameter, or the index.php?action=search select_sort parameter.
by seccops
CVSS 9.8
Seqrite End Point Security <7.4 - Privilege Escalation
Seqrite End Point Security v7.4 has "Everyone: (F)" permission for %PROGRAMFILES%\Seqrite\Seqrite, which allows local users to gain privileges by replacing an executable file with a Trojan horse.
by Hashim Jawad
CVSS 7.8
Artifex Ghostscript < 9.25 - Sandbox Protection Bypass via Error Handler Setup
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a sandbox protection mechanism via vectors involving errorhandler setup. NOTE: this issue exists because of an incomplete fix for CVE-2018-17183.
by Google Security Research
CVSS 8.6
net-snmp < 5.7.2 - Denial of Service and Possible Remote Code Execution via Crafted SNMP PDU
The snmp_pdu_parse function in snmp_api.c in net-snmp 5.7.2 and earlier does not remove the varBind variable in a netsnmp_variable_list item when parsing of the SNMP PDU fails, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet.
by Magnus Klaaborg Stubman
CVSS 7.5
Net-SNMP < 5.8 - Authenticated Denial of Service via Crafted UDP Packet
_set_key in agent/helpers/table_container.c in Net-SNMP before 5.8 has a NULL Pointer Exception bug that can be used by an authenticated attacker to remotely cause the instance to crash via a crafted UDP packet, resulting in Denial of Service.
by Magnus Klaaborg Stubman
CVSS 6.5
Android - Memory Corruption in sdcardfs inode Operations
In sdcardfs_create and sdcardfs_mkdir of inode.c, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android Versions: Android kernel Android ID: A-111641492 References: N/A
by Google Security Research
CVSS 7.8
FLIR thermal traffic cameras - Info Disclosure
FLIR thermal traffic cameras contain an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve video streams by accessing specific endpoints like /live.mjpeg, /snapshot.jpg, and RTSP streaming URLs without authentication.
by LiquidWorm
CVSS 7.5
Chamilo LMS 1.11.8 - 'firstname' Cross-Site Scripting
by cakes
D-Link Central WiFi Manager <1.03r0100-Beta1 - RCE
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. An unrestricted file upload vulnerability in the onUploadLogPic endpoint allows remote authenticated users to execute arbitrary PHP code.
by Core Security
CVSS 8.8
D-Link Central WiFi Manager <1.03r0100-Beta1 - XSS
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'username' parameter of the addUser endpoint is vulnerable to stored XSS.
by Core Security
CVSS 6.1
D-Link Central WiFi Manager <1.03r0100-Beta1 - RCE
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. They expose an FTP server that serves by default on port 9000 and has hardcoded credentials (admin, admin). Taking advantage of this, a remote unauthenticated attacker could execute arbitrary PHP code by uploading any file in the web root directory and then accessing it via a request.
by Core Security
CVSS 9.8
D-Link Central WiFi Manager <1.03r0100-Beta1 - XSS
An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. The 'sitename' parameter of the UpdateSite endpoint is vulnerable to stored XSS.
by Core Security
CVSS 6.1
Malicious Git HTTP Server For CVE-2018-17456
Git before 2.14.5, 2.15.x before 2.15.3, 2.16.x before 2.16.5, 2.17.x before 2.17.2, 2.18.x before 2.18.1, and 2.19.x before 2.19.1 allows remote code execution during processing of a recursive "git clone" of a superproject if a .gitmodules file has a URL field beginning with a '-' character.
by Junio C Hamano
CVSS 9.8
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Request Forgery (Add Admin)
by cakes
LayerBB 1.1.1 and 1.1.3 - SQL Injection via search.php search_query Parameter
LayerBB 1.1.1 and 1.1.3 has SQL Injection via the search.php search_query parameter.
by Ihsan Sencan
CVSS 9.8
Zechat 1.5 SQL Injection via uname Parameter
Zechat 1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the uname parameter. Attackers can send crafted requests to profile.php with UNION-based SQL injection payloads to retrieve table names, column names, and sensitive data from the information_schema database.
by Ihsan Sencan
CVSS 8.2
AirTies Air 5343v2 1.0.0.18 - Cross-Site Scripting via top.html productboardtype Parameter
AirTies Air 5343v2 devices with software 1.0.0.18 have XSS via the top.html productboardtype parameter.
by Ismail Tasdelen
CVSS 6.1
By Source