Text Exploits
31,386 exploits tracked across all sources.
ECommerce-Multi-Vendor Software - Arbitrary File Upload
by Ihsan Sencan
Adobe Flash Player < 24.0.0.186 - Memory Corruption via Display List Concurrency Error
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution.
by COSIG
CVSS 8.8
Adobe Flash Player < 24.0.0.186 - Memory Corruption via Display List Concurrency Error
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution.
by COSIG
CVSS 8.8
WordPress Plugin WP Support Plus Responsive Ticket System 7.1.3 - Privilege Escalation
by Kacper Szurek
Huawei Flybox B660 - Cross-Site Request Forgery (1)
by Vulnerability-Lab
D-Link DIR-615 - Multiple Vulnerabilities
by Osanda Malith Jayathissa
Friends in War Make or Break 1.7 - 'imgid' SQL Injection
by v3n0m
Ansible < 2.1.4 and < 2.2.1 - Remote Code Execution via Client Fact Data
Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.
by Computest
CVSS 8.1
Advanced Desktop Locker 6.0.0 - Lock Screen Bypass
by Squnity
ManagEnegine ADManager Plus 6.5.40 - Multiple Vulnerabilities
by Mehmet Ince
Splunk 6.1.1 - Cross-Site Scripting via HTTP Referer Header
Cross-site scripting (XSS) vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. NOTE: this vulnerability might exist because of a CVE-2010-2429 regression.
by justpentest
Google Android max86902 Driver - 'sysfs' Interfaces Race Condition
by Google Security Research
Microsoft Edge - Remote Code Execution via Chakra JavaScript Engine Type Confusion
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7200, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
by Brian Pak
CVSS 8.8
Microsoft Edge - Remote Code Execution via Chakra JavaScript Engine Memory Corruption
The Chakra JavaScript scripting engine in Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-7201, CVE-2016-7202, CVE-2016-7203, CVE-2016-7208, CVE-2016-7240, CVE-2016-7242, and CVE-2016-7243.
by Brian Pak
CVSS 8.8
Atlassian Confluence < 5.10.5 - Cross-Site Scripting via newFileName Parameter
Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.10.6 allows remote attackers to inject arbitrary web script or HTML via the newFileName parameter to pages/doeditattachment.action.
by Jodson Santos
CVSS 6.1
By Source