Text Exploits
31,386 exploits tracked across all sources.
Posty Readymade Classifieds Script 1.0 - SQL Injection
Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request.
by Ihsan Sencan
CVSS 9.8
Abyss Web Server < 2.11.6 - Heap Memory Corruption
by hyp3rlinx
Artica Web Proxy <3.06.112911 - XSS
Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php.
by hyp3rlinx
CVSS 9.0
mistserver < 2.13 - Unauthenticated Stored Cross-Site Scripting via Failed Authentication Alert
Cross-site scripting (XSS) vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts.
by hyp3rlinx
CVSS 6.1
Axis Communications MPQT/PACS - Heap Overflow / Information Leakage
by bashis
qemu < 2.11 - Stack-based Buffer Overflow in NBD Server Export Name Handling
A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.
by Eric Blake
CVSS 8.3
WooCommerce < 3.2.6 - Directory Traversal via Email Template URI
The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code
by Fu2x2000
CVSS 7.5
Diving Log < 6.0.9 - XML External Entity Injection via Subsurface Import
XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import.
by Trent Gordon
CVSS 5.5
Exim 4.88-4.89 - Denial of Service via BDAT Command Handling
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.
by meh
CVSS 7.5
ZTE ZXDSL 831CII Firmware - Unauthenticated Configuration Modification via connoppp.cgi
connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request.
by Ibad Shah
CVSS 7.5
Microsoft Office CVE-2017-11882
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.
by embedi
CVSS 7.8
Windows - Privilege Escalation
Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability".
by Google Security Research
CVSS 5.3
Icon Time Systems RTC-1000 v2.5.7458 - XSS
A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name) field for the employee details page (/employee.html) that is then reflected in multiple pages where that field data is utilized, resulting in session hijacking and possible elevation of privileges.
by Keith Thome
CVSS 5.4
Zeta Components Mail < 1.8.2 - Remote Code Execution via Crafted Email Address in Return Path
The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php."
by MalwareBenchmark
CVSS 8.1
LanSweeper < 6.0.100.94 - Cross-Site Scripting via Calendar Description Parameter
LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx.
by Miguel Mendez Z
CVSS 6.1
CommuniGate Pro < 6.2.1 - Stored Cross-Site Scripting via Calendar Invitation or Directory Name
The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a crafted Outlook.com calendar (aka Hotmail Calendar) invitation, (3) e-mail granting access to a directory that has JavaScript in its name, (4) JavaScript in a note name, (5) JavaScript in a task name, or (6) HTML e-mail that is mishandled in the Inbox component.
by Boumediene KADDOUR
CVSS 6.1
psftpd 10.0.4 Build 729 - Log Injection via CSV Escape Bypass
The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by attackers to hide data in the Graphical User Interface (GUI) view and create arbitrary entries to a certain extent. Special characters such as '"' and ',' and '\r' are not escaped and can be used to add new entries to the log.
by X41 D-Sec GmbH
CVSS 5.3
PSFTPd 10.0.4 Build 729 - Unauthenticated Use-After-Free via Crafted SSH Identification String
A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. This issue could be triggered prior to authentication. The PSFTPd server did not automatically restart, which enabled attackers to perform a very effective DoS attack against this service. By sending a crafted SSH identification / version string to the server, a NULL pointer dereference could be caused, apparently because of a race condition in the window message handling, performing the cleanup for invalid connections. This incorrect cleanup code has a use-after-free.
by X41 D-Sec GmbH
CVSS 5.9
Kirby Panel <2.3.3, <2.4.2, <2.5.7 - XSS
A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file.
by Ishaq Mohammed
CVSS 5.4
MyBB < 1.8.12 - Remote Code Execution via Installer Configuration File Write
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.
by Pabstersac
CVSS 9.8
MyBB < 1.8.12 - Cross-Site Scripting in Installer
The installer in MyBB before 1.8.13 has XSS.
by Pabstersac
CVSS 5.4
Zoho ManageEngine Applications Manager <13 - SQL Injection
Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request.
by Cody Sixteen
CVSS 8.8
Zoho ManageEngine Applications Manager <13 - SQL Injection
Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter.
by Cody Sixteen
CVSS 9.8
By Source