Text Exploits
31,364 exploits tracked across all sources.
Mozilla Firefox < 55.0 - Improper Input Validation
If a long user name is used in a username/password combination in a site URL (such as " http://UserName:[email protected]"), the resulting modal prompt will hang in a non-responsive state or crash, causing a denial of service. This vulnerability affects Firefox < 55.
by Amit Sangra
CVSS 7.5
Microsoft Game Definition File Editor 6.3.9600 - XML External Entity Injection
by hyp3rlinx
Afian AB FileRun 2017.03.18 - Multiple Vulnerabilities
by SEC Consult
Xen < 4.9.0 - Denial of Service
An issue was discovered in Xen through 4.9.x allowing x86 PV guest OS users to cause a denial of service (unbounded recursion, stack consumption, and hypervisor crash) or possibly gain privileges via crafted page-table stacking.
by Google Security Research
CVSS 8.8
Apache Solr < 5.5.4 - XXE
Remote code execution occurs in Apache Solr before 7.1 with Apache Lucene before 7.1 by exploiting XXE in conjunction with use of a Config API add-listener command to reach the RunExecutableListener class. Elasticsearch, although it uses Lucene, is NOT vulnerable to this. Note that the XML external entity expansion vulnerability occurs in the XML Query Parser which is available, by default, for any query request with parameters deftype=xmlparser and can be exploited to upload malicious data to the /upload request handler or as Blind XXE using ftp wrapper in order to read arbitrary local files from the Solr server. Note also that the second vulnerability relates to remote code execution using the RunExecutableListener available on all affected versions of Solr.
by Michael Stepankin & Olga Barinova
CVSS 9.8
Microsoft Windows <10.0 - Privilege Escalation
The Microsoft Device Guard on Microsoft Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows a security feature bypass by the way it handles Windows PowerShell sessions, aka "Microsoft Windows Security Feature Bypass".
by Google Security Research
CVSS 6.7
Squid Analysis Report Generator 2.3.10 - Remote Code Execution
by Pavel Suprunyuk
Apple iOS <11, tvOS <11 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 11 is affected. tvOS before 11 is affected. The issue involves the "Wi-Fi" component. It might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic that leverages a race condition.
by Google Security Research
CVSS 8.1
By Source