Text Exploits
31,386 exploits tracked across all sources.
SAP NetWeaver AS Java <7.6 - Path Traversal
Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971.
by ERPScan
CVSS 7.5
SAP NetWeaver Application Server Java 7.10-7.50 - XML External Entity Injection via ServerNodesWSService
XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tc~monitoring~webservice~web/ServerNodesWSService, aka SAP Security Note 2235994.
by ERPScan
CVSS 9.1
ACROS Security 0patch 2016.05.19.539 - '0PatchServicex64.exe' Unquoted Service Path Privilege Escalation
by LiquidWorm
Symphony CMS 2.6.7 - Info Disclosure
Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter.
by hyp3rlinx
CVSS 7.5
Joomla! Component com_bt_media 1.0 - SQL Injection
by Persian Hack Team
Vicidial 2.11 - Scripts Persistent Cross-Site Scripting
by David Silveiro
Tiki Wiki CMS <14.1-6.14 - Command Injection
An authenticated command injection vulnerability exists in Tiki Wiki CMS versions ≤14.1, ≤12.4 LTS, ≤9.10 LTS, and ≤6.14 via the `viewmode` GET parameter in `tiki-calendar.php`. When the calendar module is enabled and an authenticated user has permission to access it, an attacker can inject and execute arbitrary PHP code. Successful exploitation leads to remote code execution in the context of the web server user.
by Dany Ouellet
Gemalto Sentinel License Manager 18.0.1.55505 - Directory Traversal
by LiquidWorm
SolarWinds Virtualization Manager <6.3.1 - Privilege Escalation
SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd."
by Nate Kettlewell
CVSS 7.8
ATCOM PBX IP01 / IP08 / IP4 / IP2G4A - Authentication Bypass
by i-Hmx
AdobeUpdateService 3.6.0.248 - Unquoted Service Path Privilege Escalation
by Cyril Vallicari
Windows - Local Privilege Escalation via Win32k Bitmap Use-After-Free
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0171, CVE-2016-0174, and CVE-2016-0196.
by Nils Sommer
CVSS 7.8
Windows Kernel-Mode Drivers - Local Privilege Escalation via Crafted Application
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0173, CVE-2016-0174, and CVE-2016-0196.
by Nils Sommer
CVSS 7.8
Ultrabenosaurus ChatBoard - Persistent Cross-Site Scripting
by HaHwul
Joomla! Component com_enmasse 5.1 < 6.4 - SQL Injection
by Hamed Izadi
BookingWizz Booking System < 5.5 - Multiple Vulnerabilities
by Mehmet Ince
Google Chrome - GPU Process MailboxManagerImpl Double-Read
by Google Security Research
Hyperoptic (Tilgin) Router HG23xx - Multiple Vulnerabilities
by LiquidWorm
By Source