Text Exploits
31,386 exploits tracked across all sources.
Microsoft Windows Media Center 6.1.7600 - 'ehshell.exe' XML External Entity Injection
by hyp3rlinx
Microsoft Excel Starter 2010 - XML External Entity Injection
by hyp3rlinx
Microsoft Authorization Manager 6.1.7601 - 'azman' XML External Entity Injection
by hyp3rlinx
Broadcom BCM43xx Wi-Fi Firmware Broadpwn - Remote Code Execution
Broadcom BCM43xx Wi-Fi chips allow remote attackers to execute arbitrary code via unspecified vectors, aka the "Broadpwn" issue.
by 649
CVSS 9.8
WP Vault 0.8.6.6 Local File Inclusion via wpv-image Parameter
WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitive files like system configuration and credentials.
by Lenon Leite
CVSS 6.2
Microsoft Internet Explorer 9-11 - Remote Code Execution via Memory Corruption
Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0060, CVE-2016-0061, CVE-2016-0067, and CVE-2016-0072.
by Skylined
CVSS 8.8
Red Hat JBoss Enterprise Application Platform 4 and 5 - Remote Code Execution via JMX Servlet Deserialization
The JMX servlet in Red Hat JBoss Enterprise Application Platform (EAP) 4 and 5 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a crafted serialized Java object.
by Mediaservice.net Srl.
CVSS 8.8
Trend Micro IWSVA <6.5-CP-1737 - XSS
Multiple stored Cross-Site-Scripting (XSS) vulnerabilities in com.trend.iwss.gui.servlet.updateaccountadministration in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) version 6.5-SP2_Build_Linux_1707 and earlier allow authenticated, remote users with least privileges to inject arbitrary HTML/JavaScript code into web pages. This was resolved in Version 6.5 CP 1737.
by SlidingWindow
CVSS 5.4
Tenda/Dlink/Tplink TD-W8961ND - 'DHCP' Cross-Site Scripting
by Vulnerability-Lab
Microsoft Windows - Privilege Escalation
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
by IOactive
CVSS 7.8
SAP NetWeaver AS JAVA - 'BC-BMT-BPM-DSK' XML External Entity Injection
by ERPScan
Huawei UTPS <UTPS-V200R003B015D16SPC00C983 - Privilege Escalation
Huawei UTPS earlier than UTPS-V200R003B015D16SPC00C983 has an unquoted service path vulnerability which can lead to the truncation of UTPS service query paths. An attacker may put an executable file in the search path of the affected service and obtain elevated privileges after the executable file is executed.
by Dhruv Shah
CVSS 6.7
EasyPHP Devserver 16.1.1 - Cross-Site Request Forgery / Remote Command Execution
by hyp3rlinx
Linux kernel <4.5.2 - Privilege Escalation
The overlayfs implementation in the Linux kernel through 4.5.2 does not properly restrict the mount namespace, which allows local users to gain privileges by mounting an overlayfs filesystem on top of a FUSE filesystem, and then executing a crafted setuid program.
by halfdog
CVSS 7.8
Linux kernel <4.5.2 - Privilege Escalation
The overlayfs implementation in the Linux kernel through 4.5.2 does not properly maintain POSIX ACL xattr data, which allows local users to gain privileges by leveraging a group-writable setgid directory.
by halfdog
CVSS 7.8
AppFusions Doxygen for Atlassian Confluence 1.3.2 - Cross-Site Scripting
by Julien Ahrens
Crestron AirMedia <1.4.0.13 - Path Traversal
Directory traversal vulnerability in cgi-bin/login.cgi on Crestron AirMedia AM-100 devices with firmware before 1.4.0.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter.
by Zach Lanier
CVSS 7.5
WordPress Plugin Olimometer 2.56 - SQL Injection
by TAD GROUP
By Source