Text Exploits
31,329 exploits tracked across all sources.
SoundTouch 1.9.2 - DoS
The TDStretch::processSamples function in source/SoundTouch/TDStretch.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted wav file.
by qflb.wu
CVSS 5.5
Fortinet Fortios < 5.6.0 - XSS
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to Execute unauthorized code or commands via the action input during the activation of a FortiToken.
by patryk_bogdan
CVSS 6.1
Fortinet Fortios - XSS
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.4.0 through 5.4.4 and 5.6.0 allows attackers to execute unauthorized code or commands via the filter input in "Applications" under FortiView.
by patryk_bogdan
CVSS 5.4
SoundTouch 1.9.2 - DoS
The TDStretchSSE::calcCrossCorr function in source/SoundTouch/sse_optimized.cpp in SoundTouch 1.9.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted wav file.
by qflb.wu
CVSS 5.5
libjpeg-turbo 1.5.1 - DoS
The fill_input_buffer function in jdatasrc.c in libjpeg-turbo 1.5.1 allows remote attackers to cause a denial of service (invalid memory access and application crash) or possibly have unspecified other impact via a crafted jpg file. NOTE: Maintainer asserts the issue is due to a bug in downstream code caused by misuse of the libjpeg API
by qflb.wu
CVSS 8.8
LAME 3.99.5 - DoS
The unpack_read_samples function in frontend/get_audio.c in LAME 3.99.5 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted wav file.
by qflb.wu
CVSS 5.5
Fortinet Fortios < 5.6.0 - XSS
A Cross-Site Scripting vulnerability in Fortinet FortiOS versions 5.6.0 and earlier allows attackers to execute unauthorized code or commands via the Replacement Message HTML for SSL-VPN.
by patryk_bogdan
CVSS 6.1
Joomla! Component CCNewsLetter 2.1.9 - 'sbid' SQL Injection
by Shahab Shamsi
GNU Libiberty - Integer Overflow
Integer overflow in the string_appends function in cplus-dem.c in libiberty allows remote attackers to execute arbitrary code via a crafted executable, which triggers a buffer overflow.
by Marcel Böhme
CVSS 7.8
WordPress Plugin Ads Pro < 3.4 - Cross-Site Scripting / SQL Injection
by 8bitsec
Friends in War Make or Break 1.7 - Authentication Bypass
by Adam
WebKit JSC - 'ObjectPatternNode::appendEntry' Stack Use-After-Free
by Google Security Research
REDDOXX Appliance Build 2032 / 2.0.625 - Remote Command Execution
by RedTeam Pentesting
REDDOXX Appliance Build 2032 / 2.0.625 - Arbitrary File Disclosure
by RedTeam Pentesting
WordPress Examapp Plugin 1.0 - SQL Injection
The examapp plugin 1.0 for WordPress has SQL injection via the wp-admin/admin.php?page=examapp_UserResult id parameter.
by 8bitsec
CVSS 8.8
WordPress examapp <1.0 - XSS
The examapp plugin 1.0 for WordPress has XSS via exam input text fields.
by 8bitsec
CVSS 5.4
Joomla! Component JoomRecipe 1.0.4 - 'search_author' SQL Injection
by Teng
VACRON VIG-US731VE 1.0.18-09-B727 IP Camera - Authentication Bypass
by Viktoras
Virtual Postage (VPA) - Man In The Middle Remote Code Execution
by intern0t
By Source