Text Exploits
31,386 exploits tracked across all sources.
MyBB Last User's Threads in Profile Plugin 1.2 Persistent XSS
MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by crafting thread subjects with script tags. Attackers can create threads with script payloads in the subject field that execute when users visit the attacker's profile page.
by 0xB9
CVSS 7.2
Site Editor < 1.1.1 - Local File Inclusion via ajax_path Parameter
A Local File Inclusion vulnerability in the Site Editor plugin through 1.1.1 for WordPress allows remote attackers to retrieve arbitrary files via the ajax_path parameter to editor/extensions/pagebuilder/includes/ajax_shortcode_pattern.php, aka absolute path traversal.
by Nicolas Buzy-Debat
CVSS 7.5
Windows Desktop Bridge VFS - Privilege Escalation
The Desktop Bridge Virtual File System (VFS) in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how file paths are managed, aka "Windows Desktop Bridge VFS Elevation of Privilege Vulnerability".
by Google Security Research
CVSS 7.8
Windows Desktop Bridge - Privilege Escalation
The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka "Windows Desktop Bridge Elevation of Privilege Vulnerability". This CVE is unique from CVE-2018-0880.
by Google Security Research
CVSS 7.0
Soyket Chowdhury Vehicle Sales Management System 2017-07-30 - RCE
Soyket Chowdhury Vehicle Sales Management System version 2017-07-30 is vulnerable to multiple SQL Injecting in login/vehicle.php, login/profile.php, login/Actions.php, login/manage_employee.php, and login/sell.php scripts resulting in the expose of user's login credentials, SQL Injection and Stored XSS vulnerability, which leads to remote code executing.
by Sing
CVSS 9.8
Coship RT3052 4.0.0.48 - Stored Cross-Site Scripting via SSID Field
Coship RT3052 4.0.0.48 devices allow XSS via a crafted SSID field on the "Wireless Setting - Basic" screen.
by Sayan Chatterjee
CVSS 6.1
Contec Smart Home 4.15 - Unauthenticated User Management via new_user.php
Contec Smart Home 4.15 devices do not require authentication for new_user.php, edit_user.php, delete_user.php, and user.php, as demonstrated by changing the admin password and then obtaining control over doors.
by Z3ro0ne
CVSS 9.8
Duplicator 1.2.32 - Cross-Site Scripting via JSON Parameter in Installer
Cross-site scripting (XSS) vulnerability in installer/build/view.step4.php of the SnapCreek Duplicator plugin 1.2.32 for WordPress allows remote attackers to inject arbitrary JavaScript or HTML via the json parameter.
by Stefan Broeder
CVSS 6.1
SecurEnvoy SecurMail <9.2.501 - Path Traversal
Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via a .. (dot dot) in the option2 parameter in an attachment action to secmail/getmessage.exe.
by SEC Consult
CVSS 6.5
SecurEnvoy SecurMail <9.2.501 - Path Traversal
Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read e-mail messages to arbitrary recipients via a .. (dot dot) in the filename parameter to secupload2/upload.aspx.
by SEC Consult
CVSS 8.1
SecurEnvoy SecurMail <9.2.501 - Info Disclosure
SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via the option1 parameter in a reply action to secmail/getmessage.exe.
by SEC Consult
CVSS 6.5
SecurEnvoy SecurMail <9.2.501 - XSS
Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via the mailboxid parameter to secmail/getmessage.exe.
by SEC Consult
CVSS 6.1
SecurEnvoy SecurMail <9.2.501 - RCE
SecurEnvoy SecurMail before 9.2.501 allows remote attackers to spoof transmission of arbitrary e-mail messages, resend e-mail messages to arbitrary recipients, or modify arbitrary message bodies and attachments by leveraging missing authentication and authorization.
by SEC Consult
CVSS 9.1
SecurEnvoy SecurMail <9.2.501 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in SecurEnvoy SecurMail before 9.2.501 allow remote attackers to hijack the authentication of arbitrary users for requests that (1) delete e-mail messages via a delete action in a request to secmail/getmessage.exe or (2) spoof arbitrary users and reply to their messages via a request to secserver/securectrl.exe.
by SEC Consult
CVSS 6.5
Tuleap < 9.18 - SQL Injection in Tracker Functionality
A SQL injection vulnerability in the tracker functionality of Enalean Tuleap software engineering platform before 9.18 allows attackers to execute arbitrary SQL commands.
by Cristiano Maruti
CVSS 9.8
SecurEnvoy SecurMail <9.2.501 - XSS
Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via an HTML-formatted e-mail message.
by SEC Consult
CVSS 6.1
ACL Analytics 11.x - 13.0.0.579 Arbitrary Code Execution
ACL Analytics versions 11.x through 13.0.0.579 contain an arbitrary code execution vulnerability that allows attackers to execute arbitrary commands by leveraging the EXECUTE function. Attackers can use bitsadmin to download malicious PowerShell scripts and execute them with system privileges to establish reverse shells and gain complete system control.
by Clutchisback1
CVSS 9.8
Prisma Industriale Checkweigher PrismaWEB 1.21 - Use of Hard-coded Credentials
Prisma Industriale Checkweigher PrismaWEB 1.21 allows remote attackers to discover the hardcoded prisma password for the prismaweb account by reading user/scripts/login_par.js.
by LiquidWorm
CVSS 9.8
DEWESoft X3 SP1 - Unauthenticated Remote Code Execution via RunExeFile.exe TCP Port 1999
RunExeFile.exe in the installer for DEWESoft X3 SP1 (64-bit) devices does not require authentication for sessions on TCP port 1999, which allows remote attackers to execute arbitrary code or access internal commands, as demonstrated by a RUN command that launches a .EXE file located at an arbitrary external URL, or a "SETFIREWALL Off" command.
by hyp3rlinx
CVSS 9.8
Textpattern < 4.6.2 - SQL Injection via qty Parameter
An issue was discovered in Textpattern CMS 4.6.2 and earlier. It is possible to inject SQL code in the variable "qty" on the page index.php.
by Manuel García Cárdenas
CVSS 9.8
Sony Playstation 4 (PS4) 4.55 < 5.50 - WebKit Code Execution (PoC)
by qwertyoruiop
WebLog Expert Web Server Enterprise 9.4 - Incorrect Permission Assignment for Critical Resource
\ProgramData\WebLog Expert\WebServer\WebServer.cfg in WebLog Expert Web Server Enterprise 9.4 has weak permissions (BUILTIN\Users:(ID)C), which allows local users to set a cleartext password and login as admin.
by hyp3rlinx
CVSS 7.8
Bacula-web < 8.0.0-rc2 - SQL Injection
Bacula-web before 8.0.0-rc2 is affected by multiple SQL Injection vulnerabilities that could allow an attacker to access the Bacula database and, depending on configuration, escalate privileges on the server.
by Gustavo Sorondo
CVSS 9.8
Redaxo CMS Addon MyEvents 2.2.1 SQL Injection via event_add.php
Redaxo CMS Addon MyEvents 2.2.1 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the myevents_id parameter. Attackers can send GET requests to the event_add.php page with malicious myevents_id values to extract or modify sensitive database information.
by h0n1gsp3cht
CVSS 7.1
antsle antman <0.9.1a - Auth Bypass
antsle antman before 0.9.1a allows remote attackers to bypass authentication via invalid characters in the username and password parameters, as demonstrated by a username=>&password=%0a string to the /login URI. This allows obtaining root permissions within the web management console, because the login process uses Java's ProcessBuilder class and a bash script called antsle-auth with insufficient input validation.
by Joshua Bowser
CVSS 9.8
By Source