Text Exploits
31,386 exploits tracked across all sources.
IBM Domino 8.5.x-8.5.3 FP6 IF6 and 9.x-9.0.1 FP3 IF1 - Local Privilege Escalation
Notes System Diagnostic (NSD) in IBM Domino 8.5.x before 8.5.3 FP6 IF6 and 9.x before 9.0.1 FP3 IF1 allows local users to obtain the System privilege via unspecified vectors, aka SPR TCHL9SST8V.
by ParagonSec
Participants Database < 1.7.5.10 - Cross-Site Scripting
The Participants Database plugin before 1.7.5.10 for WordPress has XSS.
by Benjamin Lim
CVSS 6.1
OpenJPEG < 2.2.0 - Heap-Based Buffer Overflow in opj_mqc_byteout
Heap-based buffer overflow vulnerability in the opj_mqc_byteout function in mqc.c in OpenJPEG before 2.2.0 allows remote attackers to cause a denial of service (application crash) via a crafted bmp file.
by Ke Liu
CVSS 6.5
Linux Kernel - Elevation of Privilege via Motorola Bootloader
An elevation of privilege vulnerability in the Motorola bootloader could enable a local malicious application to execute arbitrary code within the context of the bootloader. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device. Product: Android. Versions: Kernel-3.10, Kernel-3.18. Android ID: A-33840490.
by Roee Hay
CVSS 7.8
Progress Sitefinity CMS <10.1 - XSS
Progress Sitefinity CMS before 10.1 allows XSS via /Pages Parameter : Page Title, /Content/News Parameter : News Title, /Content/List Parameter : List Title, /Content/Documents/LibraryDocuments/incident-request-attachments Parameter : Document Title, /Content/Images/LibraryImages/newsimages Parameter : Image Title, /Content/links Parameter : Link Title, /Content/links Parameter : Link Title, or /Content/Videos/LibraryVideos/default-video-library Parameter : Video Title.
by Pralhad Chaskar
CVSS 6.1
Huge-IT Video Gallery v1.0.9 - SQL Injection
Unauthenticated SQL Injection in Huge-IT Video Gallery v1.0.9 for Joomla
by Larry W. Cashdollar
CVSS 9.8
Huge-IT Catalog <1.0.7 - SQL Injection
Unauthenticated SQL Injection in Huge-IT Catalog v1.0.7 for Joomla
by Larry W. Cashdollar
CVSS 9.8
Huge-IT Portfolio Gallery Plugin <1.0.6 - SQL Injection
Unauthenticated SQL Injection in Huge-IT Portfolio Gallery Plugin v1.0.6
by Larry W. Cashdollar
CVSS 9.8
Joomla! Component Quiz Deluxe 3.7.4 SQL Injection
Joomla! Component Quiz Deluxe 3.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL commands through the ajaxaction.flag_question task. Attackers can inject malicious SQL code via the stu_quiz_id or flag_quest parameters to manipulate database queries and extract sensitive information.
by Ihsan Sencan
CVSS 8.2
Rapid7 Metasploit < 4.14.1 - Cross-Site Request Forgery via Logout Function
The web UI in Rapid7 Metasploit before 4.14.1-20170828 allows logout CSRF, aka R7-2017-22.
by Dhiraj Mishra
CVSS 6.5
Joomla! Component Joomanager 2.0.0 - 'com_Joomanager' Arbitrary File Download (PoC)
by Ihsan Sencan
User Login and Management - Multiple Vulnerabilities
by Ali BawazeEer
D-Link DIR-600 B1 v2.x - Unauthenticated Path Traversal via __show_info.php REQUIRE_FILE Parameter
D-Link DIR-600 Rev Bx devices with v2.x firmware allow remote attackers to read passwords via a model/__show_info.php?REQUIRE_FILE= absolute path traversal attack, as demonstrated by discovering the admin password.
by Jithin D Kurup
CVSS 9.8
WYSIWYG HTML Editor PRO 1.0 - Arbitrary File Download
by Ihsan Sencan
Schools Alert Management Script - Authentication Bypass
by Ali BawazeEer
PHP Appointment Booking Script - Authentication Bypass
by Ali BawazeEer
Login-Reg Members Management PHP 1.0 - Arbitrary File Upload
by Ihsan Sencan
By Source