Text Exploits
31,332 exploits tracked across all sources.
Microsoft Windows Vista - Improper Input Validation
The Graphics component in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows attackers to execute arbitrary code via a crafted True Type font, aka "True Type Font Parsing Elevation of Privilege Vulnerability."
by Google Security Research
CVSS 9.8
Microsoft .net Framework - Information Disclosure
Graphics Device Interface (aka GDI or GDI+) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; Live Meeting 2007 Console; .NET Framework 3.0 SP2, 3.5, 3.5.1, 4.5.2, and 4.6; and Silverlight 5 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "True Type Font Parsing Information Disclosure Vulnerability."
by Google Security Research
CVSS 5.5
SPIP <3.1.2 - Authenticated RCE
The SPIP template composer/compiler in SPIP 3.1.2 and earlier allows remote authenticated users to execute arbitrary PHP code by uploading an HTML file with a crafted (1) INCLUDE or (2) INCLURE tag and then accessing it with a valider_xml action.
by Sysdream
CVSS 8.8
Spip < 3.1.2 - CSRF
Cross-site request forgery (CSRF) vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that execute the XML validator on a local file via a crafted valider_xml request. NOTE: this issue can be combined with CVE-2016-7998 to execute arbitrary PHP code.
by Sysdream
CVSS 8.8
Spip < 3.1.2 - Path Traversal
Directory traversal vulnerability in ecrire/exec/valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to enumerate the files on the system via the var_url parameter in a valider_xml action.
by Sysdream
CVSS 7.5
IObit Advanced SystemCare 10.0.2 Unquoted Service Path Privilege Escalation
IObit Advanced SystemCare 10.0.2 contains an unquoted service path vulnerability in the AdvancedSystemCareService10 service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the service path and trigger privilege escalation when the service restarts or the system reboots, executing code with LocalSystem privileges.
by Amir.ght
CVSS 7.8
Vembu StoreGrid 4.0 - Unquoted Service Path Privilege Escalation
by Joey Lane
Realtek High Definition Audio Driver 6.0.1.6730 - Unquoted Service Path Privilege Escalation
by Joey Lane
PDF Complete 4.1.12 Corporate Edition - Unquoted Service Path Privilege Escalation
by Joey Lane
Lenovo ThinkVantage Communications Utility 3.0.42.0 - Unquoted Service Path Privilege Escalation
by Joey Lane
Lenovo Slim USB Keyboard 1.09 - Unquoted Service Path Privilege Escalation
by Joey Lane
Lenovo RapidBoot HDD Accelerator 1.00.0802 - Unquoted Service Path Privilege Escalation
by Joey Lane
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed 15.1.0.0096 - Unquoted Service Path Privilege Escalation
by Joey Lane
Intel(R) Management Engine Components 8.0.1.1399 - Unquoted Service Path Privilege Escalation
by Joey Lane
Intel(R) PROSet/Wireless WiFi Software 15.01.1000.0927 - Unquoted Service Path Privilege Escalation
by Joey Lane
ManageEngine ServiceDesk Plus 9.2 Build 9207 - Unauthorized Information Disclosure
by p0z
Spy Emergency build 23.0.205 Unquoted Service Path Privilege Escalation
Spy Emergency build 23.0.205 contains an unquoted service path vulnerability in the SpyEmrgHealth and SpyEmrgSrv services that allows local attackers to escalate privileges by inserting malicious executables. Attackers can place executable files in the unquoted service path and trigger service restart or system reboot to execute code with LocalSystem privileges.
by Amir.ght
CVSS 7.8
Subrion CMS 4.0.5 - Cross-Site Request Forgery Bypass / Persistent Cross-Site Scripting
by Ahsan Tahir
PHP Telephone Directory - Multiple Vulnerabilities
by larrycompress
NETGATE Registry Cleaner build 16.0.205 Unquoted Service Path Privilege Escalation
NETGATE Registry Cleaner build 16.0.205 contains an unquoted service path vulnerability in the NGRegClnSrv service that allows local attackers to escalate privileges by exploiting the service binary path. Attackers can place a malicious executable in the unquoted path and trigger service restart or system reboot to execute code with LocalSystem privileges.
by Amir.ght
CVSS 7.8
Netgate AMITI Antivirus build 23.0.305 Unquoted Service Path Privilege Escalation
Netgate AMITI Antivirus build 23.0.305 contains an unquoted service path vulnerability in the AmitiAvSrv and AmitiAntivirusHealth services that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted service path and trigger service restart or system reboot to execute code with LocalSystem privileges.
by Amir.ght
CVSS 7.8
By Source