Text Exploits
31,386 exploits tracked across all sources.
Oracle E- Business Suite <12.2.5 - Info Disclosure
Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality and integrity via unknown vectors.
by SecuriTeam
CVSS 6.5
AXIS Communications <5.80.x - Code Injection
AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."
by Orwelllabs
CVSS 7.5
AXIS Communications Firmware - Cross-Site Request Forgery via admin/pwdgrp.cgi vaconfig.cgi and admin/local_del.cgi
AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi.
by Orwelllabs
CVSS 8.8
Windows DVD Maker - Information Disclosure via Crafted .msdvd File Parsing
Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise a target system, aka "Windows DVD Maker Cross-Site Request Forgery Vulnerability."
by hyp3rlinx
CVSS 5.5
Cerberus FTP Server <8.0.10.3 - Buffer Overflow
Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command.
by Nassim Asrir
CVSS 9.8
PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Local Privilege Escalation
by ReWolf
Microsoft Windows Uniscribe - Remote Code Execution via Crafted Website
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability."
by Hossein Lotfi
CVSS 8.8
Joomla! Component Vik Appointments 1.5 - SQL Injection
by Ihsan Sencan
Adobe Flash Player < 24.0.0.186 - Use-After-Free in ActionScript MovieClip
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
Adobe Flash Player < 24.0.0.186 - Memory Corruption via SWF Metadata Parsing
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to the parsing of SWF metadata. Successful exploitation could lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
Adobe Flash Player < 24.0.0.186 - Remote Code Execution via Flash Video Container Processing
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing the Flash Video container file format. Successful exploitation could lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
Adobe Flash Player < 24.0.0.186 - Remote Code Execution via Texture Compression
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability related to texture compression. Successful exploitation could lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
Adobe Flash Player <= 24.0.0.186 - Remote Code Execution via Adobe Texture Format Parsing
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when parsing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
Sitecore Experience Platform 8.1 - XSS
Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or Description parameter. This is fixed in 8.2 Update-2.
by Pralhad Chaskar
CVSS 6.1
apng_disassembler < 2.8 - Buffer Overflow via Malformed IHDR Chunk
Buffer overflow in APNGDis 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted image containing a malformed image size descriptor in the IHDR chunk.
by Alwin Peppels
CVSS 5.5
apng_disassembler < 2.8 - Buffer Overflow via Chunk Size Descriptor
Buffer overflow in APNGDis 2.8 and earlier allows a remote attackers to cause denial of service and possibly execute arbitrary code via a crafted image containing a malformed chunk size descriptor.
by Alwin Peppels
CVSS 5.5
Joomla! Component Simple Membership 3.3.3 - 'userId' SQL Injection
by Ihsan Sencan
Joomla! Component Advertisement Board 3.0.4 - 'id' SQL Injection
by Ihsan Sencan
apng_disassembler < 2.8 - Buffer Overflow via Malformed IHDR Chunk
Buffer overflow in APNGDis 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted image containing a malformed image size descriptor in the IHDR chunk.
by Alwin Peppels
CVSS 5.5
apng_disassembler < 2.8 - Remote Code Execution via Crafted Filename
Buffer overflow in APNGDis 2.8 and below allows a remote attacker to execute arbitrary code via a crafted filename.
by Alwin Peppels
CVSS 7.8
apng_disassembler < 2.8 - Buffer Overflow via Chunk Size Descriptor
Buffer overflow in APNGDis 2.8 and earlier allows a remote attackers to cause denial of service and possibly execute arbitrary code via a crafted image containing a malformed chunk size descriptor.
by Alwin Peppels
CVSS 5.5
By Source