Text Exploits
31,386 exploits tracked across all sources.
Adobe Flash Player <18.0.0.333,19.x-21.x - RCE
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-1000.
by Google Security Research
CVSS 8.8
Adobe Flash Player < 18.0.0.333, 19.x-21.x < 21.0.0.182, < 11.2.202.577 - Use-After-Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-0999.
by Google Security Research
CVSS 8.8
Adobe Flash Player Remote Code Execution or DoS via Memory Corruption
Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1005.
by Google Security Research
CVSS 8.8
Apple iOS <9.3 & OS X <10.11.4 - RCE
Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.
by Google Security Research
CVSS 7.0
Wireshark - dissect_ber_integer Static Out-of-Bounds Write
by Google Security Research
WordPress Plugin HB Audio Gallery Lite 1.0.0 Path Traversal File Download
WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the file_path parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to access sensitive files like wp-config.php outside the intended gallery directory.
by CrashBandicot
CVSS 7.5
WordPress Brandfolder Plugin 3.0 Local File Inclusion via callback.php
WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenticated attackers to include arbitrary files by manipulating the wp_abspath parameter. Attackers can supply path traversal sequences or remote URLs through the wp_abspath parameter to read sensitive files like wp-config.php or execute remote code.
by AMAR^SHG
CVSS 6.2
WordPress Dharma Booking 2.28.3 Local File Inclusion via proccess.php
WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter. Attackers can supply file paths with directory traversal sequences or null byte injection to the gateway parameter in proccess.php to read sensitive files like configuration and system files.
by AMAR^SHG
CVSS 6.2
WordPress Plugin Memphis Document Library 3.1.5 - Arbitrary File Download
by Felipe Molina
Joomla! Component Easy Youtube Gallery 1.0.2 - SQL Injection
by Persian Hack Team
WordPress Plugin Abtest Local File Inclusion via abtest_admin.php
WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the action parameter. Attackers can send GET requests to abtest_admin.php with malicious action values to include files from the admin directory and execute arbitrary code.
by CrashBandicot
CVSS 6.2
Xoops 2.5.7.2 - Cross-Site Request Forgery (Arbitrary User Deletions)
by hyp3rlinx
WordPress Plugin Image Export 1.1.0 - Arbitrary File Disclosure
by AMAR^SHG
WordPress Plugin eBook Download 1.1 - Directory Traversal
by Wadeek
ProjectSend r582 - Multiple Cross-Site Scripting Vulnerabilities
by Michael Helwig
iTop 2.2.1 - Cross-Site Request Forgery
by High-Tech Bridge SA
Dating Pro Genie 2015.7 - Cross-Site Request Forgery
by High-Tech Bridge SA
D-Link DWR-932 Firmware 4.00 - Authentication Bypass
by Saeed reza Zamanian
WildFly <10.0.0.Final - Info Disclosure
Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contains (a) lowercase or (b) "meaningless" characters.
by Tal Solomon of Palantir Security
CVSS 7.5
ZenPhoto 1.4.11 - Remote File Inclusion
by Curesec Research Team
By Source