Text Exploits
31,386 exploits tracked across all sources.
OCS Inventory NG <2.3.0.0 - Privilege Escalation
OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service path and trigger the service restart to execute code with elevated system privileges.
by msd0pe
CVSS 8.4
Arcsoft PhotoStudio 6.0.0.172 - Privilege Escalation
Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service path vulnerability in the ArcSoft Exchange Service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and trigger the service to execute arbitrary code with system-level permissions.
by msd0pe
CVSS 8.4
AspEmail 5.6.0.2 - Privilege Escalation
AspEmail 5.6.0.2 contains a binary permission vulnerability that allows local users to escalate privileges through the Persits Software EmailAgent service. Attackers can exploit full write permissions in the BIN directory to replace the service executable and gain elevated system access.
by Zer0FauLT
CVSS 8.4
Serendipity 2.4.0 - Authenticated Remote Code Execution via PHAR File Upload
Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server.
by Mirabbas Ağalarov
CVSS 8.8
Serendipity 2.4.0 - Authenticated Stored Cross-Site Scripting via Blog Entry Creation
Serendipity 2.4.0 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through blog entry creation. Attackers can craft entries with JavaScript payloads that will execute when other users view the compromised blog post.
by Mirabbas Ağalarov
CVSS 5.4
Diasoft File Replication Pro 7.5.0 - Privilege Escalation
Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:(F) access.
by Andrea Intilangelo
CVSS 9.8
FUXA V.1.1.13-1186 - Unauthenticated Remote Code Execution (RCE)
by Rodolfo Mariano
ProjeQtOr Project Management System 10.3.2 - Remote Code Execution (RCE)
by Mirabbas Ağalarov
Piwigo 13.6.0 - Stored Cross-Site Scripting (XSS)
by Mirabbas Ağalarov
GDidees CMS <3.9.1 - Info Disclosure
GDidees CMS v3.9.1 and lower was discovered to contain an arbitrary file download vulenrability via the filename parameter at /_admin/imgdownload.php.
by Hadi Mene
CVSS 7.5
Bang Resto 1.0 - Stored Cross-Site Scripting via itemName Parameter
Bang Resto 1.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the itemName parameter in the admin/menu.php Add New Menu function.
by Rahad Chowdhury
CVSS 4.8
Bang Resto 1.0 - SQL Injection via btnMenuItemID, itemID, itemPrice, menuID, staffID, or itemqty Parameter
Bang Resto 1.0 was discovered to contain multiple SQL injection vulnerabilities via the btnMenuItemID, itemID, itemPrice, menuID, staffID, or itemqty parameter.
by Rahad Chowdhury
CVSS 8.8
Microsoft 365 Apps and Office - Remote Code Execution via Heap-based Buffer Overflow
Microsoft Word Remote Code Execution Vulnerability
by nu11secur1ty
CVSS 7.8
Linux Kernel < 6.3 - Microarchitectural Resource Sharing via IBRS STIBP Bypass
The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line.
This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects.
by nu11secur1ty
CVSS 5.6
Swagger UI 4.1.3 - User Interface (UI) Misrepresentation of Critical Information
by Rafael Cintra Lopes
Franklin Fueling Systems TS-550 - Default Password
by Parsa Rezaie Khiabanloo
InnovaStudio WYSIWYG Editor 5.4 - Unrestricted File Upload
InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload controls in the asset manager.
by Zer0FauLT
CVSS 9.8
Google Chrome Browser 111.0.5563.64 - AXPlatformNodeCocoa Fatal OOM/Crash (macOS)
by LiquidWorm
Sielco PolyEco Digital FM Transmitter 2.0.6 - Unauthenticated Information Disclosure
by LiquidWorm
Sielco PolyEco Digital FM Transmitter 2.0.6 - Radio Data System POST Manipulation
by LiquidWorm
Sielco PolyEco Digital FM Transmitter 2.0.6 - Authorization Bypass Factory Reset
by LiquidWorm
Sielco PolyEco Digital FM Transmitter 2.0.6 - Account Takeover / Lockout / EoP
by LiquidWorm
By Source