Text Exploits
31,392 exploits tracked across all sources.
WordPress Plugin User Meta Manager 3.4.6 - Information Disclosure
by Panagiotis Vagenas
dotDefender Firewall 5.00.12865/5.13-13282 - Cross-Site Request Forgery
by hyp3rlinx
Adobe Flash - Processing AVC Causes Stack Corruption
by Google Security Research
Samsung Galaxy S6 - libQjpeg je_free Crash
by Google Security Research
Samsung Galaxy S6 - 'android.media.process' 'MdConvertLine' Face Recognition Memory Corruption
by Google Security Research
NETGEAR Management System NMS300 <1.5.0.11 - RCE
Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI.
by Pedro Ribeiro
CVSS 9.6
General Electric GE Industrial Solutions UPS SNMP/Web Adapter <4.8 ...
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors.
by Karn Ganeshen
CVSS 8.8
D-Link DVG-N5402SP Firmware W1000CN-00, W1000CN-03, W2000EN-00 - Use of Hard-coded Credentials
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access.
by Karn Ganeshen
CVSS 9.8
D-Link DVG-N5402SP Firmware W1000CN-00, W1000CN-03, W2000EN-00 - Path Traversal via Errorpage Parameter
Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter.
by Karn Ganeshen
CVSS 7.5
WordPress Plugin User Meta Manager 3.4.6 - Privilege Escalation
by Panagiotis Vagenas
WordPress Plugin User Meta Manager 3.4.6 - Blind SQL Injection
by Panagiotis Vagenas
OpenDocMan 1.3.4 - Cross-Site Request Forgery
by Curesec Research Team
ATutor 2.2 - Multiple Cross-Site Scripting Vulnerabilities
by Curesec Research Team
NETGEAR Management System NMS300 <1.5.0.11 - Path Traversal
Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter.
by Pedro Ribeiro
CVSS 8.6
General Electric GE Industrial Solutions UPS SNMP/Web Adapter <4.8 ...
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors.
by Karn Ganeshen
CVSS 6.5
D-Link DVG-N5402SP Firmware W1000CN-00, W1000CN-03, W2000EN-00 - Sensitive Information Exposure
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information.
by Karn Ganeshen
CVSS 9.8
TimeClock Software 0.995 - (Authenticated ) Multiple SQL Injections
by Benetrix
Viprinet Multichannel VPN Router 300 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool.
by Portcullis
CVSS 6.1
eClinicalWorks Population Health - Session Fixation
eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID.
by Jerold Hoong
CVSS 9.8
eClinicalWorks Population Health - Authenticated SQL Injection via portalUserService.jsp
eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input.
by Jerold Hoong
CVSS 8.8
eClinicalWorks Population Health - Unauthenticated Stored Cross-Site Scripting via strMessage Parameter
eClinicalWorks Population Health (CCMR) suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter.
by Jerold Hoong
CVSS 6.1
Manage Engine Network Configuration Manager Build 11000 - Cross-Site Request Forgery
by Kaustubh G. Padwad
By Source