Text Exploits
31,386 exploits tracked across all sources.
MitraStar GPT-2541GNAC and DSL-100HN-T1 - Authenticated Privilege Escalation via Command Execution
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute.
by j0lama
CVSS 8.8
phpmyfaq < 2.9.8 - Stored Cross-Site Scripting via HTML Attachment
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment.
by Nikhil Mittal
CVSS 5.4
PHP Melody CMS 2.6.1 - SQL Injection via Playlist Parameter
In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.
by Venkat Rajgor
CVSS 9.8
phpmyfaq < 2.9.8 - Cross-Site Request Forgery in admin/stat.ratings.php
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.
by Nikhil Mittal
CVSS 8.8
Sophos HitmanPro < 3.7.20 - Local Privilege Escalation via Malformed IOCTL Call
A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate privileges via a malformed IOCTL call.
by cbayet
CVSS 7.8
KeystoneJS < 4.0.0-beta.7 - CSV Injection via CSV Export
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export.
by Ishaq Mohammed
CVSS 8.8
KeystoneJS < 4.0.0 - Stored Cross-Site Scripting via Contact Us Feature
A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature.
by Ishaq Mohammed
CVSS 6.1
Mura CMS < 6.1 - XML External Entity Injection via RSS Feed Parser
tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature.
by Anthony Cole
CVSS 6.5
By Source