Text Exploits
31,337 exploits tracked across all sources.
Broadcom Privileged Access Manager - Improper Input Validation
An improper input validation vulnerability in CA Privileged Access Manager 2.4.4.4 and earlier allows remote attackers to execute arbitrary commands.
by modzero
CVSS 9.8
Xceedium Xsuite - SQL Injection
The MySQL "root" user in Xsuite 2.x does not have a password set, which allows local users to access databases on the system.
by modzero
CVSS 7.8
WordPress Plugin Unite Gallery Lite 1.4.6 - Multiple Vulnerabilities
by Nitin Venkatesh
WordPress Count Per Day <3.4.1 - SQL Injection
SQL injection vulnerability in counter-options.php in the Count Per Day plugin before 3.4.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the cpd_keep_month parameter to wp-admin/options-general.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
by High-Tech Bridge SA
CVSS 7.2
Hawkeye-G 3.0.1.4912 - Persistent Cross-Site Scripting / Information Leakage
by hyp3rlinx
libuser <0.56.13-8 & 0.60 <0.60-7 - DoS
libuser before 0.56.13-8 and 0.60 before 0.60-7, as used in the userhelper program in the usermode package, directly modifies /etc/passwd, which allows local users to cause a denial of service (inconsistent file state) by causing an error during the modification. NOTE: this issue can be combined with CVE-2015-3245 to gain privileges.
by Qualys Corporation
Hexis HawkEye G 3.0.1.4912 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Hexis HawkEye G 3.0.1.4912 allow remote attackers to hijack the authentication of administrators for requests that (1) add arbitrary accounts via the name parameter to interface/rest/accounts/json; turn off the (2) Url matching, (3) DNS Inject, or (4) IP Redirect Sensor in a request to interface/rest/dpi/setEnabled/1; or (5) perform whitelisting of malware MD5 hash IDs via the id parameter to interface/rest/md5-threats/whitelist.
by hyp3rlinx
CVSS 8.8
Helpdesk Pro < 1.3.0 - Path Traversal
Directory traversal vulnerability in the Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a ticket.download_attachment task.
by Simon Rawet
CVSS 7.5
Helpdesk Pro < 1.3.0 - SQL Injection
Multiple SQL injection vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) ticket_code or (2) email parameter or (3) remote authenticated users to execute arbitrary SQL commands via the filter_order parameter.
by Simon Rawet
CVSS 9.8
Helpdesk Pro < 1.3.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the Helpdesk Pro plugin before 1.4.0 for Joomla! allow remote attackers to inject arbitrary web script or HTML via vectors related to name and message.
by Simon Rawet
CVSS 5.4
Helpdesk Pro < 1.3.0 - Information Disclosure
The Helpdesk Pro Plugin before 1.4.0 for Joomla! allows remote attackers to read the support tickets of arbitrary users via obtaining the target ticketId, and navigating to http://{target}/component/helpdeskpro/?view=ticket&id={ticketId}.
by Simon Rawet
CVSS 5.3
Xpcom - Denial of Service
Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted.
by GulfTech Security
Helpdeskpro Helpdesk Pro < 1.3.0 - Injection
The Helpdesk Pro plugin before 1.4.0 for Joomla! allows remote attackers to write to arbitrary .ini files via a crafted language.save task.
by Simon Rawet
CVSS 8.1
Microsoft Excel - Remote Code Execution
Microsoft Excel 2007 SP3, PowerPoint 2007 SP3, Word 2007 SP3, Excel 2010 SP2, PowerPoint 2010 SP2, and Word 2010 SP2 allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Word Local Zone Remote Code Execution Vulnerability."
by Eduardo Braun Prado
PHPVibe <4.21 - XSS
Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows remote authenticated users to inject arbitrary web script or HTML via a comment.
by Filippos Mastrogiannis
CVSS 5.4
Tcpdump < 4.7.0 - Memory Corruption
The rpki_rtr_pdu_print function in print-rpki-rtr.c in the TCP printer in tcpdump before 4.7.2 allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) via a crafted header length in an RPKI-RTR Protocol Data Unit (PDU).
by Luke Arntson
WordPress Plugin BuddyPress Activity Plus 1.5 - Cross-Site Request Forgery
by Tom Adams
ISC Dhcp - Improper Input Validation
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.
by Pierre Kim
WordPress Plugin Download Manager Free 2.7.94 & Pro 4 - (Authenticated) Persistent Cross-Site Scripting
by Filippos Mastrogiannis
8 TOTOLINK Router Models - Backdoor Access / Remote Code Execution
by Pierre Kim
4 TOTOLINK Router Models - Cross-Site Request Forgery / Cross-Site Scripting
by Pierre Kim
Kaseya Virtual System Administrator < 7.0.0.29 - Open Redirect
Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
by Pedro Ribeiro
Joomla! Component com_docman - Multiple Vulnerabilities
by Hugo Santiago
By Source