Text Exploits
31,386 exploits tracked across all sources.
Trend Micro Email Encryption Gateway 5.5 - Arbitrary File Write
An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems.
by Core Security
CVSS 9.8
Trend Micro Email Encryption Gateway 5.5 - Insecure Update via HTTP
An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with certain types of update data.
by Core Security
CVSS 6.5
Parallels Remote Application Server 15.5 - Path Traversal
by Nicolas Markitanis
Armadito 0.12.7.2 - Info Disclosure
An issue was discovered in armadito-windows-driver/src/communication.c in Armadito 0.12.7.2. Malware with filenames containing pure UTF-16 characters can bypass detection. The user-mode service will fail to open the file for scanning after the conversion is done from Unicode to ANSI. This happens because characters that cannot be converted from Unicode are replaced with '?' characters.
by Souhail Hammou
CVSS 3.3
Proclaim 9.1.1 - Unauthenticated Sensitive Information Exposure via Backup File Download
Backup Download exists in the Proclaim 9.1.1 component for Joomla! via a direct request for a .sql file under backup/.
by Ihsan Sencan
CVSS 7.5
Proclaim 9.1.1 - Arbitrary File Upload via Mediafileform Action
Arbitrary File Upload exists in the Proclaim 9.1.1 component for Joomla! via a mediafileform action.
by Ihsan Sencan
CVSS 9.8
PrayerCenter 3.0.2 - SQL Injection via Session ID Parameter
SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.
by Ihsan Sencan
CVSS 9.8
OS Property Real Estate 3.12.7 - SQL Injection via Cooling System, Heating System, or Laundry Parameter
SQL Injection exists in the OS Property Real Estate 3.12.7 component for Joomla! via the cooling_system1, heating_system1, or laundry parameter.
by Ihsan Sencan
CVSS 9.8
Ek Rishta 2.9 - SQL Injection via Gender, Age, Religion, Mother Tongue, Caste, or Country Parameter
SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter.
by Ihsan Sencan
CVSS 9.8
CW Tags 2.0.6 - SQL Injection via Searchtext Array Parameter
SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter.
by Ihsan Sencan
CVSS 9.8
belitsoft checklist SQL Injection via title_search, tag_search, name_search, description_search, or filter_order
SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter.
by Ihsan Sencan
CVSS 9.8
alexandria_book_library 3.1.2 - SQL Injection via Letter Parameter
SQL Injection exists in the Alexandria Book Library 3.1.2 component for Joomla! via the letter parameter.
by Ihsan Sencan
CVSS 9.8
Trend Micro Email Encryption Gateway 5.5 - SQL Injection via Search Configuration Script
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 search configuration script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.
by Core Security
CVSS 6.8
Windows Storage Services - Privilege Escalation
Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Storage Services Elevation of Privilege Vulnerability".
by Google Security Research
CVSS 7.0
Windows 10 <1709 - Privilege Escalation
The Named Pipe File System in Windows 10 version 1709 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Named Pipe File System handles objects, aka "Named Pipe File System Elevation of Privilege Vulnerability".
by Google Security Research
CVSS 7.0
Windows 10 and Windows Server 2016 - Elevation of Privilege via NTFS Reparse Point Handling
NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way NTFS handles objects, aka "Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability".
by Google Security Research
CVSS 7.0
Windows 10 and Windows Server 2016 - Elevation of Privilege via AppContainer Impersonation
AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way constrained impersonations are handled, aka "Windows AppContainer Elevation Of Privilege Vulnerability".
by Google Security Research
CVSS 7.0
μTorrent (uTorrent) Classic/Web - JSON-RPC Remote Code Execution / Information Disclosure
by Google Security Research
October CMS < 1.0.431 - Stored Cross-Site Scripting via Add Posts Page
October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page.
by Samrat Das
CVSS 6.1
symfony/twig < 2.4.4 - Server-Side Template Injection via search_key Parameter
Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it
by JameelNabbo
CVSS 9.8
Microsoft Edge - 'UnmapViewOfFile' ACG Bypass
by Google Security Research
TV - Video Subscription - Authentication Bypass SQL Injection
by L0RD
PHIMS - Hospital Management Information System - 'Password' SQL Injection
by L0RD
By Source