Text Exploits
31,386 exploits tracked across all sources.
Gemalto SmartDiag Diagnosis Tool v2.5 - Buffer Overflow
Gemalto SmartDiag Diagnosis Tool v2.5 has a stack-based Buffer Overflow with SEH Overwrite via long "Register a new card" input fields. There may be a risk of local code execution with untrusted input to SmartDiag.exe or SymDiag.exe.
by Majid Alqabandi
CVSS 7.8
Xen 64bit PV Guest - pagetable use-after-type-change Breakout
by Google Security Research
WordPress Plugin WebDorado Gallery 1.3.29 - SQL Injection
by defensecode
Jenkins < 2.56 and < 2.46.1 - Unauthenticated Remote Code Execution via Java Deserialization
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default.
by SecuriTeam
CVSS 9.8
Sitecore CMS 8.2 - Cross-Site Scripting / Arbitrary File Disclosure
by Usman Saeed
Serviio PRO 1.8 Local Privilege Escalation via Unquoted Path
Serviio PRO 1.8 contains an unquoted search path vulnerability in the Windows service that allows local users to execute arbitrary code with elevated privileges by placing malicious executables in the system root path. Additionally, improper directory permissions with full access for the Users group allow authenticated users to replace the executable file with arbitrary binaries, enabling privilege escalation during service startup or system reboot.
by LiquidWorm
CVSS 7.8
WordPress <= 4.7.4 - Unauthenticated Weak Password Recovery Mechanism via Host Header Manipulation
WordPress through 4.7.4 relies on the Host HTTP header for a password-reset e-mail message, which makes it easier for remote attackers to reset arbitrary passwords by making a crafted wp-login.php?action=lostpassword request and then arranging for this message to bounce or be resent, leading to transmission of the reset key to a mailbox on an attacker-controlled SMTP server. This is related to problematic use of the SERVER_NAME variable in wp-includes/pluggable.php in conjunction with the PHP mail function. Exploitation is not achievable in all cases because it requires at least one of the following: (1) the attacker can prevent the victim from receiving any e-mail messages for an extended period of time (such as 5 days), (2) the victim's e-mail system sends an autoresponse containing the original message, or (3) the victim manually composes a reply containing the original message.
by Dawid Golunski
CVSS 5.9
Zyxel P-660HW-61 Firmware < 3.40(PE.11)C0 Router - Local File Inclusion
by ReverseBrain
HideMyAss Pro VPN Client for OS X 2.2.7.0 - Local Privilege Escalation
by Han Sahin
HideMyAss Pro VPN Client for macOS 3.x - Local Privilege Escalation
by Han Sahin
admidio 3.2.8 - Cross-Site Request Forgery in Members Function Module
admidio 3.2.8 has CSRF in adm_program/modules/members/members_function.php with an impact of deleting arbitrary user accounts.
by Faiz Ahmed Zaidi
CVSS 4.5
Revive Ad Server 4.0.1 - Cross-Site Scripting / Cross-Site Request Forgery
by Cyril Vallicari
KittyCatfish 2.2 Plugin for WordPress SQL Injection
KittyCatfish 2.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to read database contents by exploiting an unescaped GET parameter. Attackers can inject SQL code through the 'kc_ad' parameter in base.css.php or kittycatfish.php to extract sensitive database information using boolean-based blind or time-based blind techniques.
by TAD GROUP
CVSS 8.2
Wow Viral Signups 2.1 WordPress Plugin SQL Injection
Wow Viral Signups 2.1 WordPress plugin contains an SQL injection vulnerability that allows unauthenticated attackers to extract database information by exploiting the unescaped 'idsignup' POST parameter. Attackers can send crafted requests to the admin-ajax.php endpoint with malicious SQL payloads in the 'idsignup' parameter to read arbitrary data from the database.
by TAD GROUP
CVSS 8.2
Wow Forms WordPress Plugin 2.1 SQL Injection
Wow Forms WordPress Plugin version 2.1 contains an SQL injection vulnerability that allows unauthenticated attackers to read arbitrary database information by exploiting an unescaped POST parameter. Attackers can inject SQL code through the 'mwpformid' parameter in requests to the admin-ajax.php endpoint with the 'send_mwp_form' action to extract sensitive database contents.
by TAD GROUP
CVSS 8.2
HPE OpenCall Media Platform < 3.4.2 - Remote Code Execution
A Remote Code Execution vulnerability in HPE OpenCall Media Platform (OCMP) was found. The vulnerability impacts OCMP versions prior to 3.4.2 RP201 (for OCMP 3.x), all versions prior to 4.4.7 RP702 (for OCMP 4.x).
by Paolo Stagno
CVSS 6.1
Oracle PeopleSoft Products <8.56 - Info Disclosure
Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.54 and 8.55. Easily "exploitable" vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).
by ERPScan
CVSS 6.5
Dolby DAX2/DAX3 - Privilege Escalation
The Dolby DAX2 and DAX3 API services are vulnerable to a privilege escalation vulnerability that allows a normal user to get arbitrary system privileges, because these services have .NET code for DCOM. This affects Dolby Audio X2 (DAX2) 1.0, 1.0.1, 1.1, 1.1.1, 1.2, 1.3, 1.3.1, 1.3.2, 1.4, 1.4.1, 1.4.2, 1.4.3, and 1.4.4 and Dolby Audio X3 (DAX3) 1.0 and 1.1. An example affected driver is Realtek Audio Driver 6.0.1.7898 on a Lenovo P50.
by Google Security Research
CVSS 7.8
FlySpray 1.0-rc4 - Cross-Site Scripting / Cross-Site Request Forgery
by Cyril Vallicari
By Source