Text Exploits
31,329 exploits tracked across all sources.
AdvanDate iCupid Dating Software 12.2 - SQL Injection
by Ihsan Sencan
Quali CloudShell <8 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Name or (2) Description parameter to RM/Reservation/ReserveNew; the (3) Description parameter to RM/Topology/Update; the (4) Name, (5) Description, (6) ExecutionBatches[0].Name, (7) ExecutionBatches[0].Description, or (8) Labels parameter to SnQ/JobTemplate/Edit; or (9) Alias or (10) Description parameter to RM/AbstractTemplate/AddOrUpdateAbstractTemplate.
by Benjamin Lee
CVSS 5.4
Microsoft Xamarin.ios < 10.11 - Incorrect Permission Assignment
The Xamarin.iOS update component on systems running macOS allows an attacker to run arbitrary code as root, aka "Xamarin.iOS Elevation Of Privilege Vulnerability."
by Securify
CVSS 7.8
Red-gate Sql Monitor < 3.5 - SQL Injection
In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an account with SQL admin privileges, then code execution on the operating system can result in full system compromise (if Microsoft SQL Server is running with local administrator privileges).
by Paul Taylor
CVSS 9.8
Piwigo Plugin User Tag 0.9.0 - Cross-Site Scripting
by Touhid M.Shaikh
Webfile Explorer - SQL Injection
http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is: Arbitrary File Download (remote). The component is: $file = $_GET['id'] in download.php. The attack vector is: http://speicher.example.com/envato/codecanyon/demo/web-file-explorer/download.php?id=WebExplorer/../config.php.
by Ihsan Sencan
CVSS 7.5
Symantec Message Gateway < 10.6.3-2 - CSRF
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. A CSRF attack attempts to exploit the trust that a specific website has in a user's browser.
by Dhiraj Mishra
CVSS 8.8
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Server-Side Request Forgery
by LiquidWorm
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Directory Traversal
by LiquidWorm
WildMIDI 0.4.2 - DoS
The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
by qflb.wu
CVSS 6.5
WildMIDI 0.4.2 - DoS
The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
by qflb.wu
CVSS 7.5
WildMIDI 0.4.2 - DoS
The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
by qflb.wu
CVSS 7.5
Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) (2)
by SensePost
WildMIDI 0.4.2 - DoS
The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
by qflb.wu
CVSS 6.5
WordPress Plugin Easy Modal 2.0.17 - SQL Injection
by defensecode
Oracle VM VirtualBox <5.1.24 - RCE
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
by Google Security Research
CVSS 8.8
Oracle VM VirtualBox <5.1.24 - RCE
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
by Google Security Research
CVSS 8.8
By Source