Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-8871 EXPLOITDB MEDIUM text
libcroco 0.6.12 - Denial of Service via Crafted CSS File
The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.
by qflb.wu
CVSS 6.5
CVE-2017-7180 EXPLOITDB HIGH text
Net Monitor for Employees Pro <5.3.4 - Auth Bypass
Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privileges to write to program.exe in a protected directory, such as the %SYSTEMDRIVE% directory, and thus the issue is not interpreted as a direct privilege escalation. However, the local attacker might have the goal of executing program.exe even though program.exe is a blocked application.
by Saeid Atabaki
CVSS 7.3
CVE-2017-9516 EXPLOITDB MEDIUM text
Craft CMS < 2.6.2982 - Stored Cross-Site Scripting via SVG File Upload
Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file.
by Ahsan Tahir
CVSS 5.4
EIP-2026-114411 EXPLOITDB text
Xavier 2.4 - SQL Injection
by Vulnerability-Lab
EIP-2026-111785 EXPLOITDB text
Robert 0.5 - Multiple Vulnerabilities
by Cyril Vallicari
EIP-2026-107483 EXPLOITDB text
Grav CMS 1.4.2 Admin Plugin - Cross-Site Scripting
by Ahsan Tahir
CVE-2017-6542 EXPLOITDB CRITICAL text VERIFIED
PuTTY < 0.68 - Buffer Overflow via SSH Agent Protocol Message
The ssh_agent_channel_data function in PuTTY before 0.68 allows remote attackers to have unspecified impact via a large length value in an agent protocol message and leveraging the ability to connect to the Unix-domain socket representing the forwarded agent connection, which trigger a buffer overflow.
by Tim Kosse
CVSS 9.8
CVE-2017-5991 EXPLOITDB HIGH text VERIFIED
Artifex MuPDF < 1.11 - NULL Pointer Dereference in pdf_run_xobject
An issue was discovered in Artifex MuPDF before 1912de5f08e90af1d9d0a9791f58ba3afdb9d465. The pdf_run_xobject function in pdf-op-run.c encounters a NULL pointer dereference during a Fitz fz_paint_pixmap_with_mask painting operation. Versions 1.11 and later are unaffected.
by Kamil Frankowicz
CVSS 7.5
CVE-2017-8840 EXPLOITDB MEDIUM text
Peplink Balance Firmware - Unauthenticated Sensitive Information Exposure via HASync Debug Endpoint
Debug information disclosure exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. A direct request to cgi-bin/HASync/hasync.cgi?debug=1 shows Master LAN Address, Serial Number, HA Group ID, Virtual IP, and Submitted syncid.
by X41 D-Sec GmbH
CVSS 5.3
CVE-2017-8839 EXPLOITDB MEDIUM text
Peplink Balance 305 380 580 710 1350 2500 Firmware - Cross-Site Scripting via orig_url Parameter
XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is guest/preview.cgi.
by X41 D-Sec GmbH
CVSS 6.1
CVE-2017-8838 EXPLOITDB MEDIUM text
Peplink Balance 305 380 580 710 1350 2500 Firmware - Cross-Site Scripting via syncid Parameter
XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The affected script is cgi-bin/HASync/hasync.cgi.
by X41 D-Sec GmbH
CVSS 6.1
CVE-2017-8837 EXPLOITDB CRITICAL text
Peplink Balance Firmware Cleartext Password Storage in /etc/waipass and /etc/roapass
Cleartext password storage exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The files in question are /etc/waipass and /etc/roapass. In case one of these devices is compromised, the attacker can gain access to passwords and abuse them to compromise further systems.
by X41 D-Sec GmbH
CVSS 9.8
CVE-2017-8836 EXPLOITDB HIGH text
Peplink Balance 305, 380, 580, 710, 1350, and 2500 Firmware - Cross-Site Request Forgery in Administrative CGI Scripts
CSRF exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The CGI scripts in the administrative interface are affected. This allows an attacker to execute commands, if a logged in user visits a malicious website. This can for example be used to change the credentials of the administrative webinterface.
by X41 D-Sec GmbH
CVSS 8.8
CVE-2017-8835 EXPLOITDB CRITICAL text
Peplink Balance 305, 380, 580, 710, 1350, and 2500 Firmware < 7.0.1-build2093 - SQL Injection via bauth Cookie
SQL injection exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. An attack vector is the bauth cookie to cgi-bin/MANGA/admin.cgi. One impact is enumeration of user accounts by observing whether a session ID can be retrieved from the sessions database.
by X41 D-Sec GmbH
CVSS 9.8
EIP-2026-114125 EXPLOITDB text VERIFIED
WordPress Plugin Tribulant Newsletters 4.6.4.2 - File Disclosure / Cross-Site Scripting
by defensecode
CVE-2017-2536 EXPLOITDB HIGH text
Safari < 10.1.1 - Remote Code Execution via WebKit Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. tvOS before 10.2.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site.
by saelo
CVSS 8.8
CVE-2017-8841 EXPLOITDB HIGH text
Peplink Balance 305 380 580 710 1350 2500 Firmware - Arbitrary File Deletion via upfile.path Parameter
Arbitrary file deletion exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. The attack methodology is absolute path traversal in cgi-bin/MANGA/firmware_process.cgi via the upfile.path parameter.
by X41 D-Sec GmbH
CVSS 8.1
CVE-2017-9413 EXPLOITDB HIGH text
Subsonic 6.1.1 - Cross-Site Request Forgery in Podcast Feature
Multiple cross-site request forgery (CSRF) vulnerabilities in the Podcast feature in Subsonic 6.1.1 allow remote attackers to hijack the authentication of users for requests that (1) subscribe to a podcast via the add parameter to podcastReceiverAdmin.view or (2) update Internet Radio Settings via the urlRedirectCustomUrl parameter to networkSettings.view. NOTE: These vulnerabilities can be exploited to conduct server-side request forgery (SSRF) attacks.
by hyp3rlinx
CVSS 8.8
CVE-2017-9414 EXPLOITDB HIGH text VERIFIED
Subsonic 6.1.1 - Cross-Site Request Forgery in Podcast Subscription
Cross-site request forgery (CSRF) vulnerability in the Subscribe to Podcast feature in Subsonic 6.1.1 allows remote attackers to hijack the authentication of unspecified victims for requests that conduct cross-site scripting (XSS) attacks or possibly have unspecified other impact via the name parameter to playerSettings.view.
by hyp3rlinx
CVSS 8.8
CVE-2017-9415 EXPLOITDB HIGH text
subsonic 6.1.1 - Cross-Site Request Forgery via userSettings.view
Cross-site request forgery (CSRF) vulnerability in subsonic 6.1.1 allows remote attackers with knowledge of the target username to hijack the authentication of users for requests that change passwords via a crafted request to userSettings.view.
by hyp3rlinx
CVSS 7.5
CVE-2017-9355 EXPLOITDB HIGH text VERIFIED
Subsonic 6.1.1 - Server-Side Request Forgery via Import Playlist Feature
XML external entity (XXE) vulnerability in the import playlist feature in Subsonic 6.1.1 might allow remote attackers to conduct server-side request forgery (SSRF) attacks via a crafted XSPF playlist file.
by hyp3rlinx
CVSS 7.4
EIP-2026-117744 EXPLOITDB text
Parallels Desktop - Virtual Machine Escape
by Mohammad Reza Espargham
CVE-2017-3141 EXPLOITDB HIGH text
BIND 9.2.6-P2-9.11.1 - Privilege Escalation via Unquoted Service Path
The BIND installer on Windows uses an unquoted service path which can enable a local user to achieve privilege escalation if the host file system permissions allow this. Affects BIND 9.2.6-P2->9.2.9, 9.3.2-P1->9.3.6, 9.4.0->9.8.8, 9.9.0->9.9.10, 9.10.0->9.10.5, 9.11.0->9.11.1, 9.9.3-S1->9.9.10-S1, 9.10.5-S1.
by hyp3rlinx
CVSS 7.2
CVE-2017-9353 EXPLOITDB HIGH text VERIFIED
Wireshark 2.2.0-2.2.6 - Denial of Service in IPv6 Dissector
In Wireshark 2.2.0 to 2.2.6, the IPv6 dissector could crash. This was addressed in epan/dissectors/packet-ipv6.c by validating an IPv6 address.
by OSS-Fuzz
CVSS 7.5
CVE-2017-9347 EXPLOITDB HIGH text VERIFIED
Wireshark 2.2.0-2.2.6 - Use After Free
In Wireshark 2.2.0 to 2.2.6, the ROS dissector could crash with a NULL pointer dereference. This was addressed in epan/dissectors/asn1/ros/packet-ros-template.c by validating an OID.
by OSS-Fuzz
CVSS 7.5