Text Exploits
31,329 exploits tracked across all sources.
Moxa MXView 2.8 - DoS
Moxa MXView 2.8 allows remote attackers to cause a Denial of Service by sending overly long junk payload for the MXView client login credentials.
by hyp3rlinx
CVSS 7.5
Intellinet NFC-30ir IP Camera <LM.1.6.16.05 - Path Traversal
Directory traversal vulnerability in the web-based management site on the Intellinet NFC-30ir IP Camera with firmware LM.1.6.16.05 allows remote attackers to read arbitrary files via a request to a vendor-supplied CGI script that is used to read HTML text file, but that does not do any URI/path sanitization.
by Dimitri Fousekis
CVSS 4.9
Qnap Qts < 4.2.4 - OS Command Injection
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and obtain sensitive information via unspecified vectors.
by Harry Sintonen
CVSS 9.8
Qnap Qts < 4.2.4 - OS Command Injection
QNAP QTS before 4.2.4 Build 20170313 allows attackers to gain administrator privileges and execute arbitrary commands via unspecified vectors.
by Harry Sintonen
CVSS 9.8
WordPress Plugin WHIZZ < 1.1.1 - Cross-Site Request Forgery
by Zhiyang Zeng
Intellinet NFC-30ir IP Camera - RCE
Intellinet NFC-30ir IP Camera has a vendor backdoor that can allow a remote attacker access to a vendor-supplied CGI script in the web directory.
by Dimitri Fousekis
CVSS 9.8
Dlink Dwr-116 Firmware - Path Traversal
Directory traversal vulnerability in the web interface on the D-Link DWR-116 device with firmware before V1.05b09 allows remote attackers to read arbitrary files via a .. (dot dot) in a "GET /uir/" request.
by Patryk Bogdan
CVSS 7.5
Qnap Qts < 4.2.4 - OS Command Injection
QNAP QTS before 4.2.4 Build 20170313 allows attackers to execute arbitrary commands via unspecified vectors.
by Harry Sintonen
CVSS 9.8
Cesanta Mongoose <6.7 - DoS
Use-after-free vulnerability in the mg_http_multipart_wait_for_boundary function in mongoose.c in Cesanta Mongoose Embedded Web Server Library 6.7 and earlier and Mongoose OS 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a multipart/form-data POST request without a MIME boundary string.
by Compass Security
CVSS 7.5
HelpDEZk 1.1.1 - CSRF
HelpDEZk 1.1.1 has CSRF in admin/home#/person/ with an impact of obtaining admin privileges.
by rungga_reksya
CVSS 8.8
Spiceworks Inventory <7.5 - Path Traversal
The Spiceworks TFTP Server, as distributed with Spiceworks Inventory 7.5, allows remote attackers to access the Spiceworks data\configurations directory by leveraging the unauthenticated nature of the TFTP service for all clients who can reach UDP port 69, as demonstrated by a WRQ (aka Write request) operation for a configuration file or an executable file.
by hyp3rlinx
CVSS 9.8
HelpDEZk 1.1.1 - CSRF
HelpDEZk 1.1.1 has CSRF in admin/home#/logos/ with an impact of remote execution of arbitrary PHP code.
by rungga_reksya
CVSS 8.8
By Source