Text Exploits
31,386 exploits tracked across all sources.
NETGEAR ReadyNAS Surveillance 1.1.1-1.4.1 - Remote Code Execution via NTPServer Parameter
handle_daylightsaving.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.0.0 through 3.0.0, NUUO Crystal 2.2.1 through 3.2.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the NTPServer parameter.
by Pedro Ribeiro
CVSS 9.8
NETGEAR ReadyNAS Surveillance 1.1.1-1.4.1 & NUUO NVRmini2/NVRsolo 1.7.5-3.0.0 - RCE via __debugging_center_utils___.php
__debugging_center_utils___.php in NUUO NVRmini 2 1.7.5 through 3.0.0, NUUO NVRsolo 1.7.5 through 3.0.0, and NETGEAR ReadyNAS Surveillance 1.1.1 through 1.4.1 allows remote attackers to execute arbitrary PHP code via the log parameter.
by Pedro Ribeiro
CVSS 9.8
NUUO NVRmini 2 & NVRsolo <3.0.0 - Info Disclosure
NUUO NVRmini 2 1.0.0 through 3.0.0 and NUUO NVRsolo 1.0.0 through 3.0.0 have hardcoded root credentials, which allows remote attackers to obtain administrative access via unspecified vectors.
by Pedro Ribeiro
CVSS 9.8
WordPress Plugin Count Per Day 3.5.4 - Persistent Cross-Site Scripting
by Julien Rentrop
NUUO NVRmini <3.0.0 - Buffer Overflow
Stack-based buffer overflow in cgi-bin/cgi_main in NUUO NVRmini 2 1.7.6 through 3.0.0 and NETGEAR ReadyNAS Surveillance 1.1.2 allows remote authenticated users to execute arbitrary code via the sn parameter to the transfer_license command.
by Pedro Ribeiro
CVSS 8.8
Wireshark 2.x < 2.0.5 - Denial of Service via CORBA IDL Dissector
The CORBA IDL dissectors in Wireshark 2.x before 2.0.5 on 64-bit Windows platforms do not properly interact with Visual C++ compiler options, which allows remote attackers to cause a denial of service (application crash) via a crafted packet.
by Igor
CVSS 5.9
Wireshark 2.x < 2.0.5 - Denial of Service via Crafted Packet in MMSE/WAP/WBXML/WSP Dissectors
epan/dissectors/packet-wap.c in Wireshark 2.x before 2.0.5 omits an overflow check in the tvb_get_guintvar function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted packet, related to the MMSE, WAP, WBXML, and WSP dissectors.
by Antti Levomäki
CVSS 5.9
Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4 - WSP Dissector Denial of Service
by Chris Benedict
Wireshark 1.12.0 < 1.12.12 / 2.0.0 < 2.0.4 - RLC Dissector Denial of Service
by Antti Levomäki
Wireshark 1.12.x < 1.12.13 and 2.x < 2.0.5 - Denial of Service via PacketBB Dissector
epan/dissectors/packet-packetbb.c in the PacketBB dissector in Wireshark 1.12.x before 1.12.13 and 2.x before 2.0.5 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted packet.
by Chris Benedict
CVSS 5.9
Wireshark 1.12.x < 1.12.13 - Denial of Service via NCP2222 Dissector NULL Pointer Dereference
epan/dissectors/packet-ncp2222.inc in the NDS dissector in Wireshark 1.12.x before 1.12.13 does not properly maintain a ptvc data structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted packet.
by Chris Benedict
CVSS 5.9
Open Upload 0.4.2 - Cross-Site Request Forgery (Add Admin)
by Vinesh Redkar
WordPress Plugin WP Live Chat Support 6.2.03 - Persistent Cross-Site Scripting
by Dennis Kerdijk & Erwin Kievith
WordPress Plugin Booking Calendar 6.2 - SQL Injection
by Edwin Molenaar
WordPress Plugin ALO EasyMail NewsLetter 2.9.2 - Cross-Site Request Forgery (Add/Import Arbitrary Subscribers)
by Yorick Koster
WordPress Plugin Ultimate Product Catalog 3.9.8 - do_shortcode via ajax Blind SQL Injection
by i0akiN SEC-LABORATORY
Trend Micro Deep Discovery Inspector <3.8 - RCE
hotfix_upload.cgi in Trend Micro Deep Discovery Inspector (DDI) 3.7, 3.8 SP1 (3.81), and 3.8 SP2 (3.82) allows remote administrators to execute arbitrary code via shell metacharacters in the filename parameter of the Content-Disposition header.
by korpritzombie
CVSS 7.2
AXIS network cameras - Command Injection
The devtools.sh script in AXIS network cameras allows remote authenticated users to execute arbitrary commands via shell metacharacters in the app parameter to (1) app_license.shtml, (2) app_license_custom.shtml, (3) app_index.shtml, or (4) app_params.shtml.
by Orwelllabs
CVSS 8.8
Linux Kernel (ARM/ARM64) - 'perf_event_open()' Arbitrary Memory Read
by Google Security Research
By Source