Text Exploits
31,330 exploits tracked across all sources.
WordPress Plugin Order Export Import for WooCommerce - Order Information Disclosure
by david-peltier
ShoreTel Connect ONSITE - Blind SQL Injection
by Iraklis Mathiopoulos
Kajona 4.7 - Cross-Site Scripting / Directory Traversal
by Curesec Research Team
MuM MapEdit 3.2.6.0 - Multiple Vulnerabilities
by Paul Baade & Sven Krewitt
Joomla! Component Portfolio Gallery 1.0.6 - SQL Injection
by Larry W. Cashdollar
Joomla! Component Catalog 1.0.7 - SQL Injection
by Larry W. Cashdollar
Google Android - getpidcon Usage binder Service Replacement Race Condition
by Google Security Research
Open-xchange OX Guard < 2.4.2 - XSS
An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later on using a specific URL, such script code might get executed. In case of injecting external websites, users might get lured into a phishing scheme. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
by Benjamin Daniel Mussler
CVSS 6.1
Open-xchange OX Guard < 2.4.2 - XSS
An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code can be provided as parameter to the OX Guard guest reader web application. This allows cross-site scripting attacks against arbitrary users since no prior authentication is needed. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.) in case the user has an active session on the same domain already.
by Benjamin Daniel Mussler
CVSS 6.1
Zapya Desktop 1.803 - 'ZapyaService.exe' Local Privilege Escalation
by Arash Khazaei
WinSMS 3.43 - Insecure File Permissions Privilege Escalation
by Tulpa
Multiple Icecream Apps - Insecure File Permissions Privilege Escalation
by Tulpa
Battle.Net 1.5.0.7963 - Insecure File Permissions Privilege Escalation
by Tulpa
Contrexx CMS egov Module 1.0.0 - SQL Injection
by hamidreza borghei
Open-xchange OX Guard < 2.4.2 - XSS
An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code which got injected to a mail with inline PGP signature gets executed when verifying the signature. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
by Benjamin Daniel Mussler
CVSS 6.1
Open-Xchange OX App Suite <7.8.2-rev5 - RCE
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment's location, will be presented to the user at the E-Mail App, depending on the invitation workflow. This code gets executed within the context of the user's current session. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
by Jakub A>>oczek
CVSS 6.1
Adobe Flash Player <18.0.0.366,19.x-22.x - Info Disclosure
Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to obtain sensitive information from process memory via unspecified vectors.
by Google Security Research
CVSS 7.5
Adobe Flash Player <22.0.0.209 - Use After Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.366 and 19.x through 22.x before 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-4173, CVE-2016-4174, CVE-2016-4222, CVE-2016-4226, CVE-2016-4227, CVE-2016-4228, CVE-2016-4229, CVE-2016-4230, and CVE-2016-4248.
by Google Security Research
CVSS 8.8
By Source