Text Exploits
31,330 exploits tracked across all sources.
WordPress Plugin Candidate Application Form 1.0 - Arbitrary File Download
by Larry W. Cashdollar
Apple Mac OSX Keychain - EXC_BAD_ACCESS Denial of Service
by Juan Sacco
Job Manager < 0.7.22 - XSS
Cross-site scripting (XSS) vulnerability in the Job Manager plugin 0.7.22 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the email field.
by Owais Mehtab
Microweber 1.0.3 - Arbitrary File Upload / Filter Bypass / PHP Remote Code Execution
by LiquidWorm
Froxlor Server Management Panel 0.9.33.1 - MySQL Login Information Disclosure
by Dustin Dörr
phpFileManager 0.9.8 - Remote Command Execution
by hyp3rlinx
Sudo <1.8.15 - Privilege Escalation
sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a symlink attack on a file whose full path is defined using multiple wildcards in /etc/sudoers, as demonstrated by "/home/*/*/file.txt."
by daniel svartman
Xceedium Xsuite - Open Redirect
Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter.
by modzero
CVSS 6.1
Xceedium Xsuite - Hard-coded Credentials
Multiple hardcoded credentials in Xsuite 2.x.
by modzero
CVSS 9.8
Xceedium Xsuite - Path Traversal
Directory traversal vulnerability in opm/read_sessionlog.php in Xceedium Xsuite 2.4.4.5 and earlier allows remote attackers to read arbitrary files via a ....// (quadruple dot double slash) in the logFile parameter.
by modzero
Xceedium Xsuite - XSS
Cross-site scripting (XSS) vulnerability in ajax_cmd.php in Xceedium Xsuite 2.4.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the fileName parameter.
by modzero
Broadcom Privileged Access Manager - Improper Input Validation
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.
by modzero
CVSS 9.8
Xceedium Xsuite - SQL Injection
The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.
by modzero
CVSS 7.8
WordPress Plugin Unite Gallery Lite 1.4.6 - Multiple Vulnerabilities
by Nitin Venkatesh
WordPress Count Per Day <3.4.1 - SQL Injection
SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_month parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
by High-Tech Bridge SA
CVSS 7.2
Hawkeye-G 3.0.1.4912 - Persistent Cross-Site Scripting / Information Leakage
by hyp3rlinx
libuser <0.56.13-8 & 0.60 <0.60-7 - DoS
libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.
by Qualys Corporation
Hexis HawkEye G 3.0.1.4912 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the (2) Url matching, (3) DNS Inject, or (4) IP Redirect Sensor in a request to interface/rest/dpi/setEnabled/1; or (5) perform whitelisting of malware MD5 hash IDs via the id parameter to interface/rest/md5-threats/whitelist.
by hyp3rlinx
CVSS 8.8
By Source