Text Exploits
31,330 exploits tracked across all sources.
Web2py < 2.14.5 - CSRF
Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim.
by Narendra Bhati
CVSS 8.8
Cakephp < 3.2.4 - Improper Input Validation
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
by Dawid Golunski
CVSS 7.5
Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Out-of-Bounds Read (2)
by Google Security Research
Trend Micro - 'CoreServiceShell.exe' Multiple HTTP s
by Google Security Research
Microsoft Windows 7 - Remote Code Execution
Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted Media Center link (aka .mcl) file, aka "Windows Media Center Remote Code Execution Vulnerability."
by Eduardo Braun Prado
CVSS 7.8
WordPress Plugin Q and A (Focus Plus) FAQ 1.3.9.7 - Multiple Vulnerabilities
by Gwendal Le Coguic
WordPress Plugin Huge-IT Image Gallery 1.8.9 - Multiple Vulnerabilities
by Gwendal Le Coguic
FileZilla Client 3.17.0.0 - Unquoted Search Path
A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
by Cyril Vallicari
CVSS 6.3
Intuit QuickBooks Desktop 2007 < 2016 - Arbitrary Code Execution
by Maxim Tomashevich
Adobe Acrobat < 11.0.15 - Memory Corruption
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.
by Pier-Luc Maltais
CVSS 9.8
Nfdump Nfcapd 1.6.14 - Multiple Vulnerabilities
by Security-Assessment.com
JVC HDRs / Net (Multiple Cameras) - Multiple Vulnerabilities
by Orwelllabs
Microsoft Windows 10 - Access Control
The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability."
by hex0r
CVSS 7.8
Certec EDV atvise SCADA Server 2.5.9 - Local Privilege Escalation
by LiquidWorm
Adobe Flash Player < 11.2.202.577 - Use After Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1013, CVE-2016-1016, CVE-2016-1017, and CVE-2016-1031.
by Google Security Research
CVSS 8.8
Adobe Flash Player < 11.2.202.577 - Use After Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1016, CVE-2016-1017, and CVE-2016-1031.
by Google Security Research
CVSS 8.8
ManageEngine Applications Manager Build 12700 - Multiple Vulnerabilities
by Saif El-Sherei
Dotnetnuke < 07.04.00 - Access Control
The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.
by Marios Nicolaides
CVSS 9.8
IPFire <2.19 - Authenticated RCE
A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server privileges.
by Yann CAM
ImageMagick <6.9.3-10, <7.0.1-1 - Info Disclosure
The LABEL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to read arbitrary files via a crafted image.
by Nikolay Ermishkin
CVSS 5.5
ImageMagick <7.0.1-1 - Path Traversal
The MSL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to move arbitrary files via a crafted image.
by Nikolay Ermishkin
CVSS 3.3
ImageMagick <6.9.3-10, <7.0.1-1 - RCE
The EPHEMERAL coder in ImageMagick before 6.9.3-10 and 7.x before 7.0.1-1 allows remote attackers to delete arbitrary files via a crafted image.
by Nikolay Ermishkin
CVSS 5.5
By Source