Text Exploits
31,386 exploits tracked across all sources.
SolarWinds Kiwi CatTools 3.11.0 - Unquoted Service Path Privilege Escalation
by Halil Dalabasmaz
VMware Workstation Pro and Player 12.x - Remote Code Execution via Cortado ThinPrint EMFSPOOL TrueType Fonts
VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allow guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via TrueType fonts embedded in EMFSPOOL.
by Google Security Research
CVSS 7.8
VMware Workstation Player 12.x - Remote Code Execution via JPEG 2000 Image
tpview.dll in VMware Workstation Pro 12.x before 12.5.0 and VMware Workstation Player 12.x before 12.5.0 on Windows, when Cortado ThinPrint virtual printing is enabled, allows guest OS users to execute arbitrary code on the host OS or cause a denial of service (host OS memory corruption) via a JPEG 2000 image.
by Google Security Research
CVSS 7.8
WordPress Plugin Order Export Import for WooCommerce - Order Information Disclosure
by david-peltier
ShoreTel Connect ONSITE - Blind SQL Injection
by Iraklis Mathiopoulos
Kajona 4.7 - Cross-Site Scripting / Directory Traversal
by Curesec Research Team
MuM MapEdit 3.2.6.0 - Multiple Vulnerabilities
by Paul Baade & Sven Krewitt
Joomla! Component Portfolio Gallery 1.0.6 - SQL Injection
by Larry W. Cashdollar
Joomla! Component Catalog 1.0.7 - SQL Injection
by Larry W. Cashdollar
Google Android - getpidcon Usage binder Service Replacement Race Condition
by Google Security Research
Open-Xchange OX Guard < 2.4.2 - Stored Cross-Site Scripting via PGP Public Key Name
An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code and references to external websites can be injected to the names of PGP public keys. When requesting that key later on using a specific URL, such script code might get executed. In case of injecting external websites, users might get lured into a phishing scheme. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
by Benjamin Daniel Mussler
CVSS 6.1
Open-Xchange OX Guard < 2.4.2 - Unauthenticated Stored Cross-Site Scripting via Guest Reader Parameter
An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code can be provided as parameter to the OX Guard guest reader web application. This allows cross-site scripting attacks against arbitrary users since no prior authentication is needed. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.) in case the user has an active session on the same domain already.
by Benjamin Daniel Mussler
CVSS 6.1
Zapya Desktop 1.803 - 'ZapyaService.exe' Local Privilege Escalation
by Arash Khazaei
WinSMS 3.43 - Insecure File Permissions Privilege Escalation
by Tulpa
Multiple Icecream Apps - Insecure File Permissions Privilege Escalation
by Tulpa
Battle.Net 1.5.0.7963 - Insecure File Permissions Privilege Escalation
by Tulpa
Contrexx CMS egov Module 1.0.0 - SQL Injection
by hamidreza borghei
Open-Xchange OX Guard < 2.4.2 - Stored Cross-Site Scripting via PGP Signature Verification
An issue was discovered in Open-Xchange OX Guard before 2.4.2-rev5. Script code which got injected to a mail with inline PGP signature gets executed when verifying the signature. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
by Benjamin Daniel Mussler
CVSS 6.1
Open-Xchange OX App Suite <7.8.2-rev5 - RCE
An issue was discovered in Open-Xchange OX App Suite before 7.8.2-rev5. JavaScript code can be used as part of ical attachments within scheduling E-Mails. This content, for example an appointment's location, will be presented to the user at the E-Mail App, depending on the invitation workflow. This code gets executed within the context of the user's current session. Malicious script code can be executed within a user's context. This can lead to session hijacking or triggering unwanted actions via the web interface (sending mail, deleting data etc.).
by Jakub A>>oczek
CVSS 6.1
By Source