Text Exploits
31,386 exploits tracked across all sources.
SIEMENS IP Cameras (Multiple Models) - Credential Disclosure / Configuration Download
by Todor Donev
MESSOA IP-Camera NIC990 - Authentication Bypass / Configuration Download
by Todor Donev
JVC IP-Camera VN-T216VPRU - Credentials Disclosure
by Yakir Wizman
C2S DVR Management IRDOME-II-C2S / IRBOX-II-C2S / DVR - Credentials Disclosure / Authentication Bypass
by Yakir Wizman
Qualiteam X-Cart < 4.1.3 - Remote Code Execution via cmpi.php Dynamic Variable Evaluation
Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter.
by GulfTech Security
Cisco ASA Authentication Bypass (EXTRABACON)
Buffer overflow in Cisco Adaptive Security Appliance (ASA) Software through 9.4.2.3 on ASA 5500, ASA 5500-X, ASA Services Module, ASA 1000V, ASAv, Firepower 9300 ASA Security Module, PIX, and FWSM devices allows remote authenticated users to execute arbitrary code via crafted IPv4 SNMP packets, aka Bug ID CSCva92151 or EXTRABACON.
by Shadow Brokers
CVSS 8.8
Honeywell IP-Camera HICC-1100PT - Credentials Disclosure
by Yakir Wizman
Microsoft Windows and Office Products - Remote Code Execution via Crafted Embedded Font
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Component RCE Vulnerability," a different vulnerability than CVE-2016-3304.
by Google Security Research
CVSS 7.8
Microsoft Windows and Office - Remote Code Execution via Crafted Embedded Font
The Windows font library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Office 2007 SP3, Office 2010 SP2, Word Viewer, Skype for Business 2016, Lync 2013 SP1, Lync 2010, Lync 2010 Attendee, and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Component RCE Vulnerability," a different vulnerability than CVE-2016-3303.
by Google Security Research
CVSS 7.8
Microsoft Windows and Office - Remote Code Execution via Crafted Embedded Font
The Windows font library in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; Office 2007 SP3; Office 2010 SP2; Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Lync 2010 Attendee; and Live Meeting 2007 Console allows remote attackers to execute arbitrary code via a crafted embedded font, aka "Windows Graphics Component RCE Vulnerability."
by Google Security Research
CVSS 7.8
SIEMENS IP-Camera CVMS2025-IR / CCMS2025 - Credentials Disclosure
by Yakir Wizman
WSO2 Identity Server 5.1.0 - Cross-Site Request Forgery in XACML Flow
Cross-site request forgery (CSRF) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 allows remote attackers to hijack the authentication of privileged users for requests that process XACML requests via an entitlement/eval-policy-submit.jsp request.
by hyp3rlinx
CVSS 8.8
Nagios Network Analyzer 2.2.0 - Multiple Vulnerabilities
by Security-Assessment.com
Nagios Log Server 1.4.1 - Multiple Vulnerabilities
by Security-Assessment.com
Nagios Incident Manager 2.0.0 - Multiple Vulnerabilities
by Security-Assessment.com
Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac - Remote Code Execution via Crafted File
Microsoft Word 2013 SP1, 2013 RT SP1, 2016, and 2016 for Mac allow remote attackers to execute arbitrary code via a crafted file, aka "Microsoft Office Memory Corruption Vulnerability."
by COSIG
CVSS 7.8
Pi-Hole Web Interface 2.8.1 - Persistent Cross-Site Scripting in Whitelist/Blacklist
by loneferret
WSO2 Identity Server 5.1.0 - Authenticated XML External Entity Injection via XACML Request
XML external entity (XXE) vulnerability in the XACML flow feature in WSO2 Identity Server 5.1.0 before WSO2-CARBON-PATCH-4.4.0-0231 allows remote authenticated users with access to XACML features to read arbitrary files, cause a denial of service, conduct server-side request forgery (SSRF) attacks, or have unspecified other impact via a crafted XACML request to entitlement/eval-policy-submit.jsp. NOTE: this issue can be combined with CVE-2016-4311 to exploit the vulnerability without credentials.
by hyp3rlinx
CVSS 7.5
WSO2 Carbon 4.4.5 - Stored Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) setName parameter to identity-mgt/challenges-mgt.jsp; the (2) webappType or (3) httpPort parameter to webapp-list/webapp_info.jsp; the (4) dsName or (5) description parameter to ndatasource/newdatasource.jsp; the (6) phase parameter to viewflows/handlers.jsp; or the (7) url parameter to ndatasource/validateconnection-ajaxprocessor.jsp.
by hyp3rlinx
CVSS 6.1
WSO2 Carbon 4.4.5 - Authenticated Path Traversal via LogViewer Admin Service LogFile Parameter
Directory traversal vulnerability in the LogViewer Admin Service in WSO2 Carbon 4.4.5 allows remote authenticated administrators to read arbitrary files via a .. (dot dot) in the logFile parameter to downloadgz-ajaxprocessor.jsp.
by hyp3rlinx
CVSS 4.9
WSO2 Carbon 4.4.5 - Cross-Site Request Forgery via Server Shutdown Action
Cross-site request forgery (CSRF) vulnerability in WSO2 Carbon 4.4.5 allows remote attackers to hijack the authentication of privileged users for requests that shutdown a server via a shutdown action to server-admin/proxy_ajaxprocessor.jsp.
by hyp3rlinx
CVSS 5.7
GitLab 8.2.0-8.6.7 Authenticated Privilege Escalation via Impersonate
The impersonate feature in Gitlab 8.7.0, 8.6.0 through 8.6.7, 8.5.0 through 8.5.11, 8.4.0 through 8.4.9, 8.3.0 through 8.3.8, and 8.2.0 through 8.2.4 allows remote authenticated users to "log in" as any other user via unspecified vectors.
by Kaimi
CVSS 8.8
By Source