Text Exploits
31,386 exploits tracked across all sources.
AKIPS Network Monitor 15.37-16.5 - Unauthenticated OS Command Injection via Username Parameter
The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter (a failed login attempt returns the command-injection output to a limited login failure field). This is fixed in 16.6.
by BrianWGray
CVSS 9.8
Netwrix Auditor 7.1.322.0 - ActiveX 'sourceFile' Stack Buffer Overflow
by LiquidWorm
Kaltura Video Platform < 11.1.0-2 - Unauthenticated Remote Code Execution via Unsafe Deserialization in keditorservices
A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data within the keditorservices module. An unauthenticated remote attacker can exploit this issue by sending a specially crafted serialized PHP object in the kdata GET parameter to the redirectWidgetCmd endpoint. Successful exploitation leads to execution of arbitrary PHP code in the context of the web server process.
by Security-Assessment.com
TeamPass < 2.1.24.0 - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user.
by Vincent Malguy
CVSS 8.8
TeamPass < 2.1.24 - Cross-Site Scripting via Item Label or Role Name
Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.
by Vincent Malguy
CVSS 6.1
Microsoft Windows - Denial of Service via Crafted OpenType Font
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."
by Google Security Research
CVSS 6.5
Microsoft Windows - Remote Code Execution via Crafted OpenType Font
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."
by Google Security Research
CVSS 8.8
WordPress Plugin Site Import 1.0.1 - Local/Remote File Inclusion
by Wadeek
TeamPass < 2.1.24 - SQL Injection via Item Query or View Log Parameters
Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php.
by Vincent Malguy
CVSS 9.8
Linux Kernel < 4.5.1 - Denial of Service via Crafted USB Device Descriptor
The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.
by OpenSource Security
CVSS 4.6
SUSE Linux Enterprise - Denial of Service via USB Device Descriptor
The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
by OpenSource Security
CVSS 4.6
beauty-premium 1.0.8 - Cross-Site Request Forgery with Arbitrary File Upload in sendmail.php
The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php.
by Colette Chamberland
CVSS 6.5
WordPress Plugin DZS Videogallery < 8.60 - Multiple Vulnerabilities
by Colette Chamberland
Nitro Pro 10.5.7.32 / Nitro Reader 5.5.3.1 - Heap Memory Corruption
by Francis Provencher
WordPress Plugin WP Advanced Comment 0.10 - Persistent Cross-Site Scripting
by Mohammad Khaleghi
WordPress Plugin Best Web Soft Captcha 4.1.5 - Multiple Vulnerabilities
by Colette Chamberland
9bis kitty < 0.66.6.3 - Stack-based Buffer Overflow via SCP-SINK File-Size Response
Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request.
by tintinweb
CVSS 9.8
Exim <4.86.2 - Privilege Escalation
Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
by Dawid Golunski
CVSS 7.0
Adobe Digital Editions <4.5.1 - Memory Corruption
Adobe Digital Editions before 4.5.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
by Pier-Luc Maltais
CVSS 9.8
WordPress Theme SiteMile Project 2.0.9.5 - Multiple Vulnerabilities
by LSE Leading Security Experts GmbH
SUSE Linux Enterprise - Heap Memory Corruption via netfilter IPT_SO_SET_REPLACE
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
by Google Security Research
CVSS 8.4
Linux Kernel < 4.4.1 - Denial of Service via USB Device Without Bulk-Out Endpoint
The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
by OpenSource Security
CVSS 4.6
Linux Kernel < 4.5 - Denial of Service via USB Device with Missing Endpoints
The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.
by OpenSource Security
CVSS 4.6
Linux Kernel < 3.17 - Denial of Service via Wacom USB Device Descriptor
The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
by OpenSource Security
CVSS 4.6
By Source