Text Exploits
31,364 exploits tracked across all sources.
Comdev Jomestate Pro < 3.7 - SQL Injection
SQL Injection exists in the JomEstate PRO through 3.7 component for Joomla! via the id parameter in a task=detailed action.
by Ihsan Sencan
CVSS 9.8
JGive 2.0.9 - SQL Injection
SQL Injection exists in the JGive 2.0.9 component for Joomla! via the filter_org_ind_type or campaign_countries parameter.
by Ihsan Sencan
CVSS 9.8
Joombooking JB Bus - SQL Injection
SQL Injection exists in the JB Bus 2.3 component for Joomla! via the order_number parameter.
by Ihsan Sencan
CVSS 9.8
Techjoomla Invitex - SQL Injection
SQL Injection exists in the InviteX 3.0.5 component for Joomla! via the invite_type parameter in a view=invites action.
by Ihsan Sencan
CVSS 9.8
Google Map Landkarten < 4.2.3 - SQL Injection
SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action.
by Ihsan Sencan
CVSS 9.8
Gallery WD 1.3.6 - SQL Injection
SQL Injection exists in the Gallery WD 1.3.6 component for Joomla! via the tag_id parameter or gallery_id parameter.
by Ihsan Sencan
CVSS 9.8
Joomla! Form Maker 3.6.12 - SQL Injection
SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798.
by Ihsan Sencan
CVSS 9.8
Joomla! File Download Tracker 3.0 - SQL Injection
SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter.
by Ihsan Sencan
CVSS 9.8
Fastball - SQL Injection
SQL Injection exists in the Fastball 2.5 component for Joomla! via the season parameter in a view=player action.
by Ihsan Sencan
CVSS 9.8
Dthdevelopment DT Register - SQL Injection
SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request.
by Ihsan Sencan
CVSS 9.8
ccNewsletter 2.x - Joomla! - SQL Injection
SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099.
by Ihsan Sencan
CVSS 9.8
AllVideos Reloaded <1.2.x - SQL Injection
SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter.
by Ihsan Sencan
CVSS 9.8
Joomla! - SQL Injection
SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request.
by Ihsan Sencan
CVSS 9.8
Advertisement Board 3.1.0 - Joomla! - SQL Injection
SQL Injection exists in the Advertisement Board 3.1.0 component for Joomla! via a task=show_rss_categories&catname= request.
by Ihsan Sencan
CVSS 9.8
Oracle Primavera P6 <16.1 - Info Disclosure
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2 and 16.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
by Marios Nicolaides
CVSS 5.4
Jboss-remoting - Infinite Loop
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.
by Frank Spierings
CVSS 7.5
Epic MyChart - XPath Injection
XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp. NOTE: this was originally reported as a SQL injection vulnerability, but this may be inaccurate.
by Shayan S
CVSS 7.5
Microsoft Edge < 1.7.6 - Out-of-Bounds Write
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.
by Google Security Research
CVSS 7.5
Pdfium - Pattern Shading Integer Overflows
by Google Security Research
Pdfium - Out-of-Bounds Read with Shading Pattern Backed by Pattern Colorspace
by Google Security Research
Dell Emc Isilon Onefs < 7.2.1.6 - Path Traversal
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges.
by Core Security
CVSS 6.7
Dell Emc Isilon Onefs < 8.0.0.6 - Incorrect Permission Assignment
In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges.
by Core Security
CVSS 6.7
Dell Emc Isilon < 8.0.0.6 - XSS
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
by Core Security
CVSS 4.8
Dell Emc Isilon < 8.0.0.6 - XSS
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job Operations Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
by Core Security
CVSS 4.8
Dell EMC Isilon - XSS
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
by Core Security
CVSS 4.8
By Source