Text Exploits
31,329 exploits tracked across all sources.
Php Classified OLX Clone Script - 'category' SQL Injection
by Ihsan Sencan
Joomla! Component StreetGuessr Game 1.0 - SQL Injection
by Ihsan Sencan
Joomla! Component Recipe Manager 2.2 - 'id' SQL Injection
by Ihsan Sencan
Joomla! Component Guesser 1.0.4 - 'type' SQL Injection
by Ihsan Sencan
Aruba Airwave <8.2.3.1 - XXE
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to an XML external entities (XXE). XXEs are a way to permit XML parsers to access storage that exist on external systems. If an unprivileged user is permitted to control the contents of XML files, XXE can be used as an attack vector. Because the XML parser has access to the local filesystem and runs with the permissions of the web server, it can access any file that is readable by the web server and copy it to an external system of the attacker's choosing. This could include files that contain passwords, which could then lead to privilege escalation.
by SEC Consult
CVSS 8.8
Aruba Airwave <8.2.3.1 - XSS
Aruba Airwave all versions up to, but not including, 8.2.3.1 is vulnerable to a reflected cross-site scripting (XSS). The vulnerability is present in the VisualRF component of AirWave. By exploiting this vulnerability, an attacker who can trick a logged-in AirWave administrative user into clicking a link could obtain sensitive information, such as session cookies or passwords. The vulnerability requires that an administrative users click on the malicious link while currently logged into AirWave in the same browser.
by SEC Consult
CVSS 6.1
WordPress Plugin User Login Log 2.2.1 - Cross-Site Scripting
by Axel Koolhaas
WordPress Plugin NewStatPress 1.2.4 - Cross-Site Scripting
by Han Sahin
Dlink Dsl-2730u Firmware - CSRF
Cross Site Request Forgery (CSRF) on D-Link DSL-2730U C1 IN_1.00 devices allows remote attackers to change the DNS or firewall configuration or any password.
by B GOVIND
CVSS 8.8
Cisco AnyConnect - Privilege Escalation
A vulnerability in the Start Before Logon (SBL) module of Cisco AnyConnect Secure Mobility Client Software for Windows could allow an unauthenticated, local attacker to open Internet Explorer with the privileges of the SYSTEM user. The vulnerability is due to insufficient implementation of the access controls. An attacker could exploit this vulnerability by opening the Internet Explorer browser. An exploit could allow the attacker to use Internet Explorer with the privileges of the SYSTEM user. This may allow the attacker to execute privileged commands on the targeted system. This vulnerability affects versions prior to released versions 4.4.00243 and later and 4.3.05017 and later. Cisco Bug IDs: CSCvc43976.
by Pcchillin
CVSS 7.8
Sophos Web Appliance <4.3.1.2 - Session Fixation
In Sophos Web Appliance (SWA) before 4.3.1.2, Session Fixation could occur, aka NSWA-1310.
by SlidingWindow
CVSS 8.1
Wepresent Wipg-1500 Firmware - Hard-coded Credentials
The WePresent WiPG-1500 device with firmware 1.0.3.7 has a manufacturer account that has a hardcoded username / password. Once the device is set to DEBUG mode, an attacker can connect to the device using the telnet protocol and log into the device with the 'abarco' hardcoded manufacturer account. This account is not documented, nor is the DEBUG feature or the use of telnetd on port tcp/5885.
by Quentin Olagne
CVSS 8.1
Joomla! Component Intranet Attendance Track 2.6.5 - SQL Injection
by Ihsan Sencan
Joomla! Component Appointments for JomSocial 3.8.1 - SQL Injection
by Ihsan Sencan
By Source