Text Exploits
31,386 exploits tracked across all sources.
Multiples Nexon Games - Unquoted Path Privilege Escalation
by Cyril Vallicari
Hex : Shard of Fate 1.0.1.026 - Unquoted Path Privilege Escalation
by Cyril Vallicari
web2py < 2.14.5 - Cross-Site Request Forgery
Web2py versions 2.14.5 and below was affected by CSRF (Cross Site Request Forgery) vulnerability, which allows an attacker to trick a logged in user to perform some unwanted actions i.e An attacker can trick an victim to disable the installed application just by sending a URL to victim.
by Narendra Bhati
CVSS 8.8
CakePHP < 3.2.4 - IP Spoofing via CLIENT-IP HTTP Header
The clientIp function in CakePHP 3.2.4 and earlier allows remote attackers to spoof their IP via the CLIENT-IP HTTP header.
by Dawid Golunski
CVSS 7.5
Wireshark - 'AirPDcapDecryptWPABroadcastKey' Heap Out-of-Bounds Read (2)
by Google Security Research
Trend Micro - 'CoreServiceShell.exe' Multiple HTTP s
by Google Security Research
Microsoft Windows Media Center - Remote Code Execution via Crafted MCL File
Media Center in Microsoft Windows Vista SP2, Windows 7 SP1, and Windows 8.1 allows remote attackers to execute arbitrary code via a crafted Media Center link (aka .mcl) file, aka "Windows Media Center Remote Code Execution Vulnerability."
by Eduardo Braun Prado
CVSS 7.8
WordPress Plugin Q and A (Focus Plus) FAQ 1.3.9.7 - Multiple Vulnerabilities
by Gwendal Le Coguic
WordPress Plugin Huge-IT Image Gallery 1.8.9 - Multiple Vulnerabilities
by Gwendal Le Coguic
FileZilla Client 3.17.0.0 - Unquoted Search Path
A vulnerability has been found in FileZilla Client 3.17.0.0 and classified as problematic. This vulnerability affects unknown code of the file C:\Program Files\FileZilla FTP Client\uninstall.exe of the component Installer. The manipulation leads to unquoted search path. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
by Cyril Vallicari
CVSS 6.3
Intuit QuickBooks Desktop 2007 < 2016 - Arbitrary Code Execution
by Maxim Tomashevich
Adobe Acrobat and Reader < 11.0.16 - Remote Code Execution via Memory Corruption
Adobe Reader and Acrobat before 11.0.16, Acrobat and Acrobat Reader DC Classic before 15.006.30172, and Acrobat and Acrobat Reader DC Continuous before 15.016.20039 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1037, CVE-2016-1063, CVE-2016-1064, CVE-2016-1071, CVE-2016-1072, CVE-2016-1073, CVE-2016-1074, CVE-2016-1076, CVE-2016-1078, CVE-2016-1080, CVE-2016-1081, CVE-2016-1082, CVE-2016-1083, CVE-2016-1084, CVE-2016-1085, CVE-2016-1086, CVE-2016-1088, CVE-2016-1093, CVE-2016-1095, CVE-2016-1116, CVE-2016-1118, CVE-2016-1119, CVE-2016-1120, CVE-2016-1123, CVE-2016-1124, CVE-2016-1125, CVE-2016-1126, CVE-2016-1127, CVE-2016-1128, CVE-2016-1129, CVE-2016-1130, CVE-2016-4088, CVE-2016-4089, CVE-2016-4090, CVE-2016-4093, CVE-2016-4094, CVE-2016-4096, CVE-2016-4097, CVE-2016-4098, CVE-2016-4099, CVE-2016-4100, CVE-2016-4101, CVE-2016-4103, CVE-2016-4104, and CVE-2016-4105.
by Pier-Luc Maltais
CVSS 9.8
Nfdump Nfcapd 1.6.14 - Multiple Vulnerabilities
by Security-Assessment.com
JVC HDRs / Net (Multiple Cameras) - Multiple Vulnerabilities
by Orwelllabs
Microsoft Windows - Local Privilege Escalation via WebDAV Client
The WebDAV client in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "WebDAV Elevation of Privilege Vulnerability."
by hex0r
CVSS 7.8
Certec EDV atvise SCADA Server 2.5.9 - Local Privilege Escalation
by LiquidWorm
Adobe Flash Player < 18.0.0.343, 19.x-21.x < 21.0.0.213, < 11.2.202.616 - Use-After-Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1013, CVE-2016-1016, CVE-2016-1017, and CVE-2016-1031.
by Google Security Research
CVSS 8.8
Adobe Flash Player < 18.0.0.343, 19.x-21.x < 21.0.0.213, < 11.2.202.616 - Use-After-Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.343 and 19.x through 21.x before 21.0.0.213 on Windows and OS X and before 11.2.202.616 on Linux allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-1011, CVE-2016-1016, CVE-2016-1017, and CVE-2016-1031.
by Google Security Research
CVSS 8.8
ManageEngine Applications Manager Build 12700 - Multiple Vulnerabilities
by Saif El-Sherei
DotNetNuke < 7.4.1 - Unauthenticated Application Reinstallation and Privilege Escalation via Install Wizard
The installation wizard in DotNetNuke (DNN) before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx.
by Marios Nicolaides
CVSS 9.8
IPFire < 2.19 Core Update 101 - Authenticated Remote Command Execution via proxy.cgi NCSA User Creation Form
A remote command execution vulnerability exists in IPFire before version 2.19 Core Update 101 via the 'proxy.cgi' CGI interface. An authenticated attacker can inject arbitrary shell commands through crafted values in the NCSA user creation form fields, leading to command execution with web server privileges.
by Yann CAM
By Source