Text Exploits
31,329 exploits tracked across all sources.
Dell SonicWALL Secure Mobile Access SMA 8.1 - Cross-Site Scripting / Cross-Site Request Forgery
by LiquidWorm
Dell SonicWALL Global Management System GMS 8.1 - Blind SQL Injection
by LiquidWorm
aWeb Cart Watching System <2.6.1 - SQL Injection
SQL injection vulnerability in the "aWeb Cart Watching System for Virtuemart" extension before 2.6.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via vectors involving categorysearch and smartSearch.
by qemm
CVSS 9.8
WordPress Plugin Simply Poll 1.4.1 - SQL Injection
by TAD GROUP
WampServer 3.0.6 - Privilege Escalation
WampServer 3.0.6 installs two services called 'wampapache' and 'wampmysqld' with weak file permissions, running with SYSTEM privileges. This could potentially allow an authorized but non-privileged local user to execute arbitrary code with elevated privileges on the system. To properly exploit this vulnerability, the local attacker must insert an executable file called mysqld.exe or httpd.exe and replace the original files. The next time the service starts, the malicious file will get executed as SYSTEM. NOTE: the vendor disputes the relevance of this report, taking the position that a configuration in which "'someone' (an attacker) is able to replace files on a PC" is not "the fault of WampServer.
by Heliand Dema
CVSS 7.5
Shutter <0.93.1 - Command Injection
/usr/bin/shutter in Shutter through 0.93.1 allows user-assisted remote attackers to execute arbitrary commands via a crafted image name that is mishandled during a "Run a plugin" action.
by Prajith
CVSS 7.8
ARI Framework module/Asterisk Recording Interface (ARI) <2.9.0.9, <...
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary code via the ari_auth cookie, related to the PHP unserialize function, as exploited in the wild in September 2014.
by inj3ctor3
OpenSSH <7.4 - RCE
Untrusted search path vulnerability in ssh-agent.c in ssh-agent in OpenSSH before 7.4 allows remote attackers to execute arbitrary local PKCS#11 modules by leveraging control over a forwarded agent-socket.
by Google Security Research
CVSS 7.3
OpenSSH <7.4 - Privilege Escalation
sshd in OpenSSH before 7.4, when privilege separation is not used, creates forwarded Unix-domain sockets as root, which might allow local users to gain privileges via unspecified vectors, related to serverloop.c.
by Google Security Research
CVSS 7.0
Apple Iphone OS < 10.1.1 - Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Google Security Research
CVSS 7.8
Google Android - Access Control
An elevation of privilege vulnerability in Wi-Fi could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0. Android ID: A-31856351.
by Google Security Research
CVSS 7.8
WordPress Plugin 404 Redirection Manager 1.0 - SQL Injection
by Ahmed Sherif
Apple Iphone OS < 10.1.1 - Use After Free
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app.
by Google Security Research
CVSS 7.8
Apple Iphone OS < 10.1.1 - Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. watchOS before 3.1.3 is affected. The issue involves the "Kernel" component. It allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors.
by Google Security Research
CVSS 7.8
WordPress Plugin WP Support Plus Responsive Ticket System 7.1.3 - SQL Injection
by Lenon Leite
WordPress Plugin WP Private Messages 1.0.1 - SQL Injection (1)
by Lenon Leite
WHMCompleteSolution (WHMCS) Addon VMPanel 2.7.4 - SQL Injection
by ZwX
Apple Iphone OS < 10.1.1 - Access Control
An issue was discovered in certain Apple products. iOS before 10.2 is affected. macOS before 10.12.2 is affected. The issue involves the "Power Management" component. It allows local users to gain privileges via unspecified vectors related to Mach port name references.
by Google Security Research
CVSS 7.8
Apport < 2.20.3 - Path Traversal
An issue was discovered in Apport before 2.20.4. There is a path traversal issue in the Apport crash file "Package" and "SourcePackage" fields. These fields are used to build a path to the package specific hook files in the /usr/share/apport/package-hooks/ directory. An attacker can exploit this path traversal to execute arbitrary Python files from the local system.
by Donncha OCearbhaill
CVSS 7.8
Apport < 2.20.3 - Code Injection
An issue was discovered in Apport before 2.20.4. In apport/ui.py, Apport reads the CrashDB field and it then evaluates the field as Python code if it begins with a "{". This allows remote attackers to execute arbitrary Python code.
by Donncha OCearbhaill
CVSS 7.8
Adobe Animate < 15.2.1.95 - Memory Corruption
Adobe Animate versions 15.2.1.95 and earlier have an exploitable memory corruption vulnerability. Successful exploitation could lead to arbitrary code execution.
by hyp3rlinx
CVSS 9.8
Debian jessie <1.0.9.8.4, Debian unstable <1.4~beta2, Ubuntu 14.04 ...
The apt package in Debian jessie before 1.0.9.8.4, in Debian unstable before 1.4~beta2, in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17, in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2, and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.
by Google Security Research
CVSS 5.9
Apport < 2.20.3 - Improper Access Control
An issue was discovered in Apport before 2.20.4. A malicious Apport crash file can contain a restart command in `RespawnCommand` or `ProcCmdline` fields. This command will be executed if a user clicks the Relaunch button on the Apport prompt from the malicious crash file. The fix is to only show the Relaunch button on Apport crash files generated by local systems. The Relaunch button will be hidden when crash files are opened directly in Apport-GTK.
by Donncha OCearbhaill
CVSS 6.5
By Source