Text Exploits
31,386 exploits tracked across all sources.
NoviWare < 400.2.6 - Unauthenticated Stack-Based Buffer Overflow via Packet Data Unserialization
Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because there is a stack-based buffer overflow during unserialization of packet data.
by François Goichon
CVSS 9.8
Adobe Flash Player <26.0.0.137 - RCE
Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
AdvanDate iCupid Dating Software 12.2 - SQL Injection
by Ihsan Sencan
Quali CloudShell < 7.1.0.6508 - Authenticated Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Name or (2) Description parameter to RM/Reservation/ReserveNew; the (3) Description parameter to RM/Topology/Update; the (4) Name, (5) Description, (6) ExecutionBatches[0].Name, (7) ExecutionBatches[0].Description, or (8) Labels parameter to SnQ/JobTemplate/Edit; or (9) Alias or (10) Description parameter to RM/AbstractTemplate/AddOrUpdateAbstractTemplate.
by Benjamin Lee
CVSS 5.4
Xamarin.iOS - Elevation of Privilege via Update Component
The Xamarin.iOS update component on systems running macOS allows an attacker to run arbitrary code as root, aka "Xamarin.iOS Elevation Of Privilege Vulnerability."
by Securify
CVSS 7.8
Redgate SQL Monitor < 3.10 and 4.x < 4.2 - Unauthenticated SQL Injection
In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an account with SQL admin privileges, then code execution on the operating system can result in full system compromise (if Microsoft SQL Server is running with local administrator privileges).
by Paul Taylor
CVSS 9.8
Piwigo Plugin User Tag 0.9.0 - Cross-Site Scripting
by Touhid M.Shaikh
WebFile Explorer 1.0 - SQL Injection and Arbitrary File Download via download.php id Parameter
http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is: Arbitrary File Download (remote). The component is: $file = $_GET['id'] in download.php. The attack vector is: http://speicher.example.com/envato/codecanyon/demo/web-file-explorer/download.php?id=WebExplorer/../config.php.
by Ihsan Sencan
CVSS 7.5
Symantec Messaging Gateway < 10.6.3-267 - Cross-Site Request Forgery
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. A CSRF attack attempts to exploit the trust that a specific website has in a user's browser.
by Dhiraj Mishra
CVSS 8.8
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Server-Side Request Forgery
by LiquidWorm
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Directory Traversal
by LiquidWorm
WildMIDI 0.4.2 - Denial of Service via Crafted MIDI File
The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
by qflb.wu
CVSS 6.5
WildMIDI 0.4.2 - Denial of Service via Crafted MIDI File
The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
by qflb.wu
CVSS 7.5
WildMIDI 0.4.2 - Denial of Service via Crafted MIDI File
The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
by qflb.wu
CVSS 7.5
Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) (2)
by SensePost
By Source