Text Exploits
31,330 exploits tracked across all sources.
File Replication Pro 7.2.0 - Multiple Vulnerabilities
by Vantage Point Security
Yeager CMS 1.2.1 - SSRF
Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_lite/tests/test_adodb_lite.php, libs/org/adodb_lite/tests/test_datadictionary.php, or libs/org/adodb_lite/tests/test_adodb_lite_sessions.php.
by SEC Consult
CVSS 7.2
Yeager CMS 1.2.1 - SQL Injection
SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter.
by SEC Consult
CVSS 8.8
Yeager CMS 1.2.1 - SQL Injection
SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter.
by SEC Consult
CVSS 9.8
Yeager CMS 1.2.1 - SQL Injection
SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter.
by SEC Consult
CVSS 9.8
Yeager CMS 1.2.1 - RCE
Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.
by SEC Consult
CVSS 7.8
Wieland wieplan 4.1 - Document Parsing Java Code Execution Using XMLDecoder
by LiquidWorm
Apache Sling 2.3.6 - Info Disclosure
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
by Vulnerability-Lab
CVSS 7.5
PotPlayer 1.6.5x - '.mp3' Crash (PoC)
by Shantanu Khandelwal
Adobe Photoshop CC <15.2.4 & Bridge CC <6.2 - Memory Corruption
Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0951 and CVE-2016-0953.
by Francis Provencher
CVSS 9.8
Adobe Photoshop CC <15.2.4 & Bridge CC <6.2 - Memory Corruption
Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0952 and CVE-2016-0953.
by Francis Provencher
CVSS 9.8
Adobe Photoshop CC <15.2.4 & Bridge CC <6.2 - Memory Corruption
Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0951 and CVE-2016-0952.
by Francis Provencher
CVSS 9.8
WordPress Plugin User Meta Manager 3.4.6 - Information Disclosure
by Panagiotis Vagenas
WordPress Plugin Booking Calendar Contact Form 1.0.23 - Multiple Vulnerabilities
by i0akiN SEC-LABORATORY
dotDefender Firewall 5.00.12865/5.13-13282 - Cross-Site Request Forgery
by hyp3rlinx
Adobe Flash - Processing AVC Causes Stack Corruption
by Google Security Research
Samsung Galaxy S6 - libQjpeg je_free Crash
by Google Security Research
Samsung Galaxy S6 - 'android.media.process' 'MdConvertLine' Face Recognition Memory Corruption
by Google Security Research
NETGEAR Management System NMS300 <1.5.0.11 - RCE
Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI.
by Pedro Ribeiro
CVSS 9.6
General Electric GE Industrial Solutions UPS SNMP/Web Adapter <4.8 ...
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors.
by Karn Ganeshen
CVSS 8.8
D-link Dvg-n5402sp Firmware - Hard-coded Credentials
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access.
by Karn Ganeshen
CVSS 9.8
D-link Dvg-n5402sp Firmware - Path Traversal
Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter.
by Karn Ganeshen
CVSS 7.5
WordPress Plugin User Meta Manager 3.4.6 - Privilege Escalation
by Panagiotis Vagenas
WordPress Plugin User Meta Manager 3.4.6 - Blind SQL Injection
by Panagiotis Vagenas
By Source