Text Exploits
31,386 exploits tracked across all sources.
NethServer 7.3.1611 - Cross-Site Request Forgery / Cross-Site Scripting
by LiquidWorm
Apple <10.3.2, <10.2.1, <3.2.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Zimperium zLabs Team
CVSS 7.8
Apple <10.3.2, <10.2.1, <3.2.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Zimperium zLabs Team
CVSS 7.8
Apple <10.3.2, <10.2.1, <3.2.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Zimperium zLabs Team
CVSS 7.8
Apple <10.3.2, <10.2.1, <3.2.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Zimperium zLabs Team
CVSS 7.8
Apple <10.3.2, <10.2.1, <3.2.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Zimperium zLabs Team
CVSS 7.8
Apple <10.3.2, <10.2.1, <3.2.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Zimperium zLabs Team
CVSS 7.8
Apple <10.3.2, <10.12.5, <10.2.1, <3.2.2 - RCE
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "IOSurface" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
by Zimperium zLabs Team
CVSS 7.0
Apple <10.3.2, <10.2.1, <3.2.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Zimperium zLabs Team
CVSS 7.8
Joomla OSDownloads 1.7.4 SQL Injection via item view
Joomla OSDownloads 1.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_osdownloads&view=item&id=[SQL] to extract sensitive database information including credentials and configuration data.
by Ihsan Sencan
CVSS 8.2
Joomla! Component RPC Responsive Portfolio 1.6.1 SQL Injection
Joomla! Component RPC Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_pofos&view=pofo&id=[SQL] to extract sensitive database information.
by Ihsan Sencan
CVSS 8.2
Joomla! Component Photo Contest 1.0.2 - SQL Injection
by Ihsan Sencan
Joomla! Component Bargain Product VM3 1.0 SQL Injection
Joomla! Component Bargain Product VM3 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id parameter. Attackers can supply crafted SQL statements in GET requests to the brainy and alice views to extract sensitive database information.
by Ihsan Sencan
CVSS 8.2
Joomla! Component Price Alert 3.0.2 SQL Injection
Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the product_id parameter to extract sensitive database information including credentials and configuration data.
by Ihsan Sencan
CVSS 8.2
libgig 4.0.0 - Denial of Service via Crafted GIG File
The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file.
by qflb.wu
CVSS 6.5
libgig 4.0.0 - Denial of Service via Crafted GIG File
The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
by qflb.wu
CVSS 6.5
libgig 4.0.0 - Denial of Service via Crafted GIG File
The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted gig file.
by qflb.wu
CVSS 6.5
libgig 4.0.0 - Denial of Service via Crafted GIG File
The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
by qflb.wu
CVSS 6.5
libgig 4.0.0 - Denial of Service via Crafted GIG File
The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file.
by qflb.wu
CVSS 6.5
ALC WebCTRL <6.5 - Code Injection
An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges.
by LiquidWorm
CVSS 7.0
By Source