Text Exploits
31,364 exploits tracked across all sources.
3cx - Path Traversal
In the 3CX Phone System 15.5.3554.1, the Management Console typically listens to port 5001 and is prone to a directory traversal attack: "/api/RecordingList/DownloadRecord?file=" and "/api/SupportInfo?file=" are the vulnerable parameters. An attacker must be authenticated to exploit this issue to access sensitive information to aid in subsequent attacks.
by Jens Regel
CVSS 6.5
Webmin < 1.850 - XSS
Webmin before 1.860 has XSS with resultant remote code execution. Under the 'Others/File Manager' menu, there is a 'Download from remote URL' option to download a file from a remote server. After setting up a malicious server, one can wait for a file download request and then send an XSS payload that will lead to Remote Code Execution, as demonstrated by an OS command in the value attribute of a name='cmd' input element.
by hyp3rlinx
CVSS 6.1
Logitech Media Server - XSS
DOM Based Cross Site Scripting (XSS) exists in Logitech Media Server 7.7.1, 7.7.2, 7.7.3, 7.7.5, 7.7.6, 7.9.0, and 7.9.1 via a crafted URI.
by Thiago Sena
CVSS 6.1
TYPO3 Extension Restler 1.7.0 - Local File Disclosure
by CrashBandicot
phpMyFAQ <2.9.8 - XSS
Cross-site scripting (XSS) vulnerability in phpMyFAQ through 2.9.8 allows remote attackers to inject arbitrary web script or HTML via the "Title of your FAQ" field in the Configuration Module.
by Ishaq Mohammed
CVSS 6.1
Alienvault Unified Security Management < 5.4.2 - CSRF
AlienVault USM v5.4.2 and earlier offers authenticated users the functionality of exporting generated reports via the "/ossim/report/wizard_email.php" script. Besides offering an export via a local download, the script also offers the possibility to send out any report via email to a given address (either in PDF or XLS format). Since there is no anti-CSRF token protecting this functionality, it is vulnerable to Cross-Site Request Forgery attacks.
by Julien Ahrens
CVSS 5.7
Softwarepublico E-sic - SQL Injection
SQL Injection exists in E-Sic 1.0 via the f parameter to esiclivre/restrito/inc/buscacep.php (aka the zip code search script).
by Elber Tavares
CVSS 9.8
Softwarepublico E-sic - XSS
XSS exists in the E-Sic 1.0 /cadastro/index.php URI (aka the requester's registration area) via the nome parameter.
by Elber Tavares
CVSS 6.1
Softwarepublico E-sic - SQL Injection
An authentication bypass exists in the E-Sic 1.0 /index (aka login) URI via '=''or' values for the username and password.
by Elber Tavares
CVSS 9.8
Softwarepublico E-sic - SQL Injection
SQL Injection exists in the E-Sic 1.0 password reset parameter (aka the cpfcnpj parameter to the /reset URI).
by Elber Tavares
CVSS 8.8
Softwarepublico E-sic - SQL Injection
E-Sic 1.0 allows SQL injection via the q parameter to esiclivre/restrito/inc/lkpcep.php (aka the search private area).
by Guilherme Assmann
CVSS 9.8
October < 1.0.426 - XSS
Cross-Site Scripting exists in OctoberCMS 1.0.425 (aka Build 425), allowing a least privileged user to upload an SVG file containing malicious code as the Avatar for the profile. When this is opened by the Admin, it causes JavaScript execution in the context of the Admin account.
by Ishaq Mohammed
CVSS 5.4
Tp-link Tl-mr3220 Firmware - XSS
Cross-site scripting (XSS) vulnerability in the Wireless MAC Filtering page in TP-LINK TL-MR3220 wireless routers allows remote attackers to inject arbitrary web script or HTML via the Description field.
by Thiago Sena
CVSS 6.1
Dreambox WebControl 2.0.0 - Cross-Site Scripting
There is XSS in the BouquetEditor WebPlugin for Dream Multimedia Dreambox devices, as demonstrated by the "Name des Bouquets" field, or the file parameter to the /file URI.
by Thiago Sena
CVSS 6.1
Trend Micro Data Loss Prevention Virtual Appliance 5.2 - Path Traversal
by Leonardo Duarte
Complain Management System - Hard-Coded Credentials / Blind SQL injection
by havysec
GNU Binutils - Out-of-Bounds Read
decode_line_info in dwarf2.c in the Binary File Descriptor (BFD) library (aka libbfd), as distributed in GNU Binutils 2.29, mishandles a length calculation, which allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted ELF file, related to read_1_byte.
by Agostino Sarubbo
CVSS 5.5
Microsoft Windows - Privilege Escalation
The kernel-mode drivers in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-3308, CVE-2016-3310, and CVE-2016-3311.
by siberas
CVSS 7.8
EPESI <1.8.2 - XSS
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Phonecall Notes Title parameter.
by Zeeshan Shaikh
CVSS 5.4
EPESI <1.8.2 - XSS
In EPESI 1.8.2 rev20170830, there is Stored XSS in the Tasks Description parameter.
by Zeeshan Shaikh
CVSS 5.4
Google Chrome <62.0.3202.62 - XSS
Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted MHTML page.
by Anton Lopanitsyn
CVSS 6.1
UCOPIA Wireless Appliance < 5.1 (Captive Portal) - Root Remote Code Execution
by agix
By Source