Text Exploits
31,330 exploits tracked across all sources.
Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - 'cdc_acm' Nullpointer Dereference
by OpenSource Security
Linux kernel <4.4 - DoS
The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.
by OpenSource Security
CVSS 4.6
Avast - Memory Corruption/Code Injection
Avast allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted PE file, related to authenticode parsing.
by Google Security Research
CVSS 7.8
Wireshark - wtap_optionblock_free Use-After-Free
by Google Security Research
Phplib - Code Injection
Eval injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. NOTE: this description was significantly updated on 20060605 to reflect new details after an initial vague advisory.
by GulfTech Security
WordPress Plugin Bulk Delete 5.5.3 - Privilege Escalation
by Panagiotis Vagenas
Schneider-electric Struxureware Build... - Improper Access Control
Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism.
by Karn Ganeshen
CVSS 7.2
Secret Net 7 and Secret Net Studio 8 - Local Privilege Escalation
by Cr4sh
PictureTrails Photo Editor GE.exe 2.0.0 - '.bmp' Crash (PoC)
by redknight99
Gallery 2 <2.0.2 - XSS
Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album.
by GulfTech Security
Crouzet em4 soft 1.1.04 / M3 soft 3.1.2.0 - Insecure File Permissions
by LiquidWorm
Viscomsoft Calendar Active-X 2.0 - Multiple Crashes (PoC)
by Shantanu Khandelwal
Crouzet em4 soft 1.1.04 - '.pm4' Integer Division By Zero
by LiquidWorm
WordPress Plugin CP Polls 1.0.8 - Multiple Vulnerabilities
by i0akiN SEC-LABORATORY
WordPress Plugin More Fields 2.1 - Cross-Site Request Forgery
by Aatif Shahdad
WordPress Plugin Ocim MP3 - SQL Injection
by xevil & Blankon33
phpRPC <0.7 - Code Injection
Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and earlier, as used by runcms, exoops, and possibly other programs, allows remote attackers to execute arbitrary PHP code via the base64 tag.
by GulfTech Security
Joomla! Component com_poweradmin 2.3.0 - Multiple Vulnerabilities
by RatioSec Research
Wireshark - print_hex_data_buffer / print_packet Use-After-Free
by Google Security Research
Zimbra Collaboration Server < 8.0.9 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mail interface in Zimbra Collaboration Server (ZCS) before 8.5 allow remote attackers to hijack the authentication of arbitrary users for requests that change account preferences via a SOAP request to service/soap/BatchRequest.
by Sysdream
CVSS 8.8
Proxmox VE 3/4 - Insecure Hostname Checking Remote Command Execution
by Sysdream
Infor CRM 8.2.0.1136 - Multiple HTML Script Injection Vulnerabilities
by LiquidWorm
Mambo - Path Traversal
Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to the SQL injection vector.
by GulfTech Security
Wireshark - vwr_read_s2_s3_W_rec Heap Buffer Overflow
by Google Security Research
By Source