Text Exploits
31,386 exploits tracked across all sources.
Alcatel OSPREY3_MINI - Privilege Escalation
The installer for the Alcatel OSPREY3_MINI Modem component on EE EE40VB 4G mobile broadband modems with firmware before EE40_00_02.00_45 sets weak permissions (Everyone:Full Control) for the "Web Connecton\EE40" and "Web Connecton\EE40\BackgroundService" directories, which allows local users to gain privileges, as demonstrated by inserting a Trojan horse ServiceManager.exe file into the "Web Connecton\EE40\BackgroundService" directory.
by Osanda Malith Jayathissa
CVSS 7.8
ManageEngine Desktop Central 10.0.271 - Cross-Site Scripting
by Ismail Tasdelen
Linux kernel <4.18.8 - Use After Free
An issue was discovered in the Linux kernel through 4.18.8. The vmacache_flush_all function in mm/vmacache.c mishandles sequence number overflows. An attacker can trigger a use-after-free (and possibly gain privileges) via certain thread creation, map, unmap, invalidation, and dereference operations.
by Google Security Research
CVSS 7.8
Joomla Responsive Portfolio 1.6.1 SQL Injection via filter parameters
Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can inject malicious SQL code via the filter_type_id, filter_pid_id, and filter_search parameters in POST requests to extract sensitive database information including credentials and server details.
by AkkuS
CVSS 7.1
Joomla Component eXtroForms 2.1.5 SQL Injection via filter parameters
Joomla Component eXtroForms 2.1.5 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through the filter_type_id, filter_pid_id, and filter_search parameters. Attackers can submit POST requests to the extroformfield view with malicious SQL payloads to extract sensitive database information and server data.
by AkkuS
CVSS 7.1
Dutch Auction Factory 2.0.2 - SQL Injection
SQL Injection exists in the Dutch Auction Factory 2.0.2 component for Joomla! via the filter_order_Dir or filter_order parameter.
by Ihsan Sencan
CVSS 9.8
Super Cms Blog Pro 1.0 - SQL Injection
SQL Injection exists in authors_post.php in Super Cms Blog Pro 1.0 via the author parameter.
by Ihsan Sencan
CVSS 9.8
Joomla! Timetable Schedule <3.6.8 - SQL Injection
SQL Injection exists in the Timetable Schedule 3.6.8 component for Joomla! via the eid parameter.
by Ihsan Sencan
CVSS 9.8
Swap Factory 2.2.1 - SQL Injection via filter_order_Dir or filter_order Parameter
SQL Injection exists in the Swap Factory 2.2.1 component for Joomla! via the filter_order_Dir or filter_order parameter.
by Ihsan Sencan
CVSS 9.8
Social Factory 3.8.3 - SQL Injection
SQL Injection exists in the Social Factory 3.8.3 component for Joomla! via the radius[lat], radius[lng], or radius[radius] parameter.
by Ihsan Sencan
CVSS 9.8
Joomla! Reverse Auction Factory 4.3.8 - SQL Injection
SQL Injection exists in the Reverse Auction Factory 4.3.8 component for Joomla! via the filter_order_Dir, cat, or filter_letter parameter.
by Ihsan Sencan
CVSS 9.8
Raffle Factory 3.5.2 - SQL Injection
SQL Injection exists in the Raffle Factory 3.5.2 component for Joomla! via the filter_order_Dir or filter_order parameter.
by Ihsan Sencan
CVSS 9.8
Questions 1.4.3 - SQL Injection via Term Userid Users or Groups Parameter
SQL Injection exists in the Questions 1.4.3 component for Joomla! via the term, userid, users, or groups parameter.
by Ihsan Sencan
CVSS 9.8
Penny Auction Factory 2.0.4 - SQL Injection
SQL Injection exists in the Penny Auction Factory 2.0.4 component for Joomla! via the filter_order_Dir or filter_order parameter.
by Ihsan Sencan
CVSS 9.8
Music Collection 3.0.3 - SQL Injection
SQL Injection exists in the Music Collection 3.0.3 component for Joomla! via the id parameter.
by Ihsan Sencan
CVSS 9.8
Jobs Factory 2.0.4 - SQL Injection via filter_letter Parameter
SQL Injection exists in the Jobs Factory 2.0.4 component for Joomla! via the filter_letter parameter.
by Ihsan Sencan
CVSS 9.8
Collection Factory 4.1.9 - SQL Injection via filter_order or filter_order_Dir Parameter
SQL Injection exists in the Collection Factory 4.1.9 component for Joomla! via the filter_order or filter_order_Dir parameter.
by Ihsan Sencan
CVSS 9.8
Article Factory Manager 4.3.9 - SQL Injection
SQL Injection exists in the Article Factory Manager 4.3.9 component for Joomla! via the start_date, m_start_date, or m_end_date parameter.
by Ihsan Sencan
CVSS 9.8
AlphaIndex Dictionaries <1.0 - SQL Injection
SQL Injection exists in the AlphaIndex Dictionaries 1.0 component for Joomla! via the letter parameter.
by Ihsan Sencan
CVSS 9.8
RICOH MP C6503 Plus Printer - Cross-Site Scripting
by Ismail Tasdelen
Auction Factory 4.5.5 - SQL Injection
SQL Injection exists in the Auction Factory 4.5.5 component for Joomla! via the filter_order_Dir or filter_order parameter.
by Ihsan Sencan
CVSS 9.8
Micro Deal Factory 2.4.0 - SQL Injection
SQL Injection exists in the Micro Deal Factory 2.4.0 component for Joomla! via the id parameter, or the PATH_INFO to mydeals/ or listdeals/.
by Ihsan Sencan
CVSS 9.8
By Source