Text Exploits
31,330 exploits tracked across all sources.
Apple OS X <10.10.4 - Privilege Escalation
runner in Install.framework in the Install Framework Legacy subsystem in Apple OS X before 10.10.4 does not properly drop privileges, which allows attackers to execute arbitrary code in a privileged context via a crafted app.
by Google Security Research
Synology Video Station < 1.5-0757 - Command Injection
Synology Video Station before 1.5-0763 allows remote attackers to execute arbitrary shell commands via shell metacharacters in the subtitle_codepage parameter to subtitle.cgi.
by Han Sahin
QlikTech Qlikview <11.20 SR12 - SSRF
XML external entity (XXE) vulnerability in QlikTech Qlikview before 11.20 SR12 allows remote attackers to conduct server-side request forgery (SSRF) attacks and read arbitrary files via crafted XML data in a request to AccessPoint.aspx.
by Alex Haynes
Joomla HTTP Header Unauthenticated Remote Code Execution
The session deserializer in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 mishandles multiple php_var_unserialize calls, which allow remote attackers to execute arbitrary code or cause a denial of service (use-after-free) via crafted session content.
by Taoguang Chen
CVSS 9.8
Php < 5.4.44 - Use After Free
Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.
by Taoguang Chen
CVSS 9.8
Php < 5.4.44 - Use After Free
Multiple use-after-free vulnerabilities in PHP before 5.4.45, 5.5.x before 5.5.29, and 5.6.x before 5.6.13 allow remote attackers to execute arbitrary code via vectors related to (1) the Serializable interface, (2) the SplObjectStorage class, and (3) the SplDoublyLinkedList class, which are mishandled during unserialization.
by Taoguang Chen
CVSS 9.8
Advantech WebAccess <8.0.1 - Buffer Overflow
Multiple stack-based buffer overflows in unspecified DLL files in Advantech WebAccess before 8.0.1 allow remote attackers to execute arbitrary code via unknown vectors.
by Praveen Darshanam
WordPress Theme White-Label Framework 2.0.6 - Cross-Site Scripting
by Outlasted
DirectAdmin Web Control Panel 1.483 - Multiple Vulnerabilities
by Ashiyane Digital Security Team
IBM AIX High Availability Cluster Multiprocessing (HACMP) - Local Privilege Escalation
by Kristian Erik Hermansen
Jsp/mysql Administrador Web - XSS
Cross-site scripting (XSS) vulnerability in JSP/MySQL Administrador Web 1 allows remote attackers to inject arbitrary web script or HTML via the bd parameter to sys/sys/listaBD2.jsp.
by hyp3rlinx
Netgear Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation
by Elliott Lewis
FireEye Appliance - Unauthorized File Disclosure
by Kristian Erik Hermansen
Disconnect.me Mac OSX Client 2.0 - Local Privilege Escalation
by Kristian Erik Hermansen
Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities
by Vulnerability-Lab
HooToo Tripmate HT-TM01 2.000.022 - Cross-Site Request Forgery
by Ken Smith
Mediabridge Medialink MWN-WAPR300N/Tenda N3 - Auth Bypass
Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header.
by Mandeep Jadon
CVSS 9.8
Webgroupmedia Cerb < 7.0.3 - CSRF
Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action.
by High-Tech Bridge SA
XGI WindowsXP Display Manager <6.14.10.1090 - Privilege Escalation
Silicon Integrated Systems XGI WindowsXP Display Manager (aka XGI VGA Driver Manager and VGA Display Manager) 6.14.10.1090 allows local users to gain privileges via a crafted 0x96002404 IOCTL call.
by KoreLogic
CVSS 7.8
Silicon Integrated Systems WindowsXP Display Manager <6.14.10.3930 ...
Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver Manager and VGA Display Manager) 6.14.10.3930 allows local users to gain privileges via a crafted (1) 0x96002400 or (2) 0x96002404 IOCTL call.
by KoreLogic
Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Buffer Overflow (PoC)
by Un_N0n
Bedita < 3.5.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection.
by Sébastien Morin
By Source