Text Exploits
31,392 exploits tracked across all sources.
WordPress Plugin TheCartPress 1.4.7 - Multiple Vulnerabilities
by KedAns-Dz
WordPress Plugin Sell Download 1.0.16 - Local File Disclosure
by KedAns-Dz
WordPress Plugin Advanced uploader 2.10 - Multiple Vulnerabilities
by KedAns-Dz
Malwarebytes AntiVirus 2.2.0 - Denial of Service (PoC)
by Francis Provencher
WordPress Plugin Users Ultra 1.5.50 - Persistent Cross-Site Scripting
by Panagiotis Vagenas
WordPress Plugin Users Ultra 1.5.50 - Blind SQL Injection
by Panagiotis Vagenas
Gwolle Guestbook < 1.5.3 - Authenticated Remote File Inclusion via abspath Parameter
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allow_url_include is enabled.
by High-Tech Bridge SA
CVSS 9.0
Invision Power Board (IP.Board) 4.1.4.x - Persistent Cross-Site Scripting
by Mehdi Alouache
ntopng < 2.0.151021 - Authenticated Privilege Escalation via User Cookie and Username Parameter
ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.
by Dolev Farhi
Kodi 15 - Web Interface Arbitrary File Access
by Machiel Pronk
Belkin N150 Wireless Router F9K1009 v1 - Multiple Vulnerabilities
by Rahul Pratap Singh
MyCustomers CMS 1.3.873 - SQL Injection
by Persian Hack Team
HumHub 0.11.2/0.20.0-beta.2 - SQL Injection
by LSE Leading Security Experts GmbH
SAP Sybase Adaptive Server Enterprise 15.7 ESD 2 - Authenticated XML External Entity Injection via XMLParse Procedure
The XMLParse procedure in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 ESD 2 allows remote authenticated users to read arbitrary files via a SQL statement containing an XML document with an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
by Igor Bulatenko
WordPress Plugin WP-Client 3.8.7 - Persistent Cross-Site Scripting
by Pier-Luc Maltais
NVIDIA GPU <341.92, <354.35, <358.87 - Privilege Escalation
nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to the stereosvrpipe named pipe, which allows local users to gain privileges via a commandline in a number 2 command, which is stored in the HKEY_LOCAL_MACHINE explorer Run registry key, a different vulnerability than CVE-2011-4784.
by Google Security Research
Oracle Fusion Middleware 8.5.0-8.5.2 - Denial of Service in Outside In Filters
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4877.
by Francis Provencher
Oracle Fusion Middleware 8.5.0-8.5.2 - Denial of Service in Outside In Filters
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4878.
by Francis Provencher
Microsoft Windows - Use-After-Free in Kernel
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6101.
by Nils Sommer
Microsoft Windows - Local Privilege Escalation via Kernel Memory Corruption
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6100.
by Nils Sommer
Microsoft Windows - Kernel Memory Information Disclosure via KASLR Bypass
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to bypass the KASLR protection mechanism, and consequently discover a driver base address, via a crafted application, aka "Windows Kernel Memory Information Disclosure Vulnerability."
by Nils Sommer
Windows Vista/Server 2008/7 NDIS Buffer Overflow Local Privilege Escalation
Buffer overflow in the Network Driver Interface Standard (NDIS) implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows NDIS Elevation of Privilege Vulnerability."
by Nils Sommer
Adobe Reader/Acrobat <10.1.16/<11.0.13 - Memory Corruption
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-6685, CVE-2015-6686, CVE-2015-6693, CVE-2015-6694, and CVE-2015-6695.
by Francis Provencher
By Source