Text Exploits
31,330 exploits tracked across all sources.
Samsung Gallery <Galaxy S6 - DoS
Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
by Google Security Research
CVSS 5.5
Samsung Galaxy S6 <Oct 2015 - Memory Corruption
LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file.
by Google Security Research
CVSS 6.5
Samsung Galaxy S6 Edge - Memory Corruption
The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial of service (memory corruption) via a crafted BMP image file.
by Google Security Research
Samsung LibQjpeg - RCE
The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process crash) and execute arbitrary code via a crafted JPG.
by Google Security Research
CVSS 8.8
Microsoft Windows 10 - Access Control
The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows Object Reference Elevation of Privilege Vulnerability."
by Google Security Research
Pligg CMS 2.0.2 - Cross-Site Request Forgery / Code Execution
by Curesec Research Team
PHP Server Monitor 3.1.1 - Multiple Cross-Site Request Forgery Vulnerabilities
by hyp3rlinx
Oxwall <1.8 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall before 1.8 allow remote attackers to hijack the authentication of administrators for requests that (1) put the website under maintenance via the maintenance_enable parameter or (2) conduct cross-site scripting (XSS) attacks via the maintenance_text parameter to admin/pages/maintenance.
by High-Tech Bridge SA
Zend Framework < 2.4.6 - XXE
The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters.
by Dawid Golunski
Hitron Router CGN3ACSMR 4.5.8.16 - Arbitrary Code Execution
by Dolev Farhi
Sagem FAST3304-V2 - Authentication Bypass (2)
by Soufiane Alami Hassani
Samsung Graphics 2D driver - Memory Corruption
Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598.
by Google Security Research
CVSS 7.0
Samsung S6 Edge - Info Disclosure
The SecEmailComposer/EmailComposer application in the Samsung S6 Edge before the October 2015 MR uses weak permissions for the com.samsung.android.email.intent.action.QUICK_REPLY_BACKGROUND service action, which might allow remote attackers with knowledge of the local email address to obtain sensitive information via a crafted application that sends a crafted intent.
by Google Security Research
CVSS 5.5
Exynos Seiren Audio < - Buffer Overflow
Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter.
by Google Security Research
CVSS 5.5
Samsung m2m1shot - Buffer Overflow
Stack-based buffer overflow in the m2m1shot_compat_ioctl32 function in the Samsung m2m1shot driver framework, as used in Samsung S6 Edge, allows local users to have unspecified impact via a large data.buf_out.num_planes value in an ioctl call.
by Google Security Research
CVSS 7.8
Realtyna RPL <8.9.5 - CSRF
Cross-site request forgery (CSRF) vulnerability in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allows remote attackers to hijack the authentication of administrators for requests that add a user via an add_user action to administrator/index.php.
by Bikramaditya Guha
CVSS 8.8
Realtyna RPL <8.9.5 - SQL Injection
Multiple SQL injection vulnerabilities in the Realtyna RPL (com_rpl) component before 8.9.5 for Joomla! allow remote administrators to execute arbitrary SQL commands via the (1) id, (2) copy_field in a data_copy action, (3) pshow in an update_field action, (4) css, (5) tip, (6) cat_id, (7) text_search, (8) plisting, or (9) pwizard parameter to administrator/index.php.
by Bikramaditya Guha
CVSS 7.2
TeamSpeak Client 3.0.18.1 - Remote File Inclusion / Remote Code Execution
by Scurippio
RealtyScript 4.0.2 Stored Cross-Site Scripting via CSV File Upload Filename
Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize CSV file uploads, allowing attackers to inject malicious scripts through filename parameters in multipart form data. Attackers can upload files with XSS payloads in the filename field to execute arbitrary JavaScript in users' browsers when the file is processed or displayed.
by LiquidWorm
CVSS 6.1
RealtyScript 4.0.2 Stored Cross-Site Scripting via File Upload Parameter
Next Click Ventures RealtyScript 4.0.2 fails to properly sanitize file uploads, allowing attackers to store malicious scripts through the file POST parameter in admin/tools.php. Attackers can upload files containing JavaScript code that executes in the context of admin/tools.php when accessed by other users.
by LiquidWorm
CVSS 7.2
By Source