Text Exploits
31,394 exploits tracked across all sources.
WordPress Simple Ads Manager 2.5.94 and 2.5.96 - Exposure of Sensitive Information
WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information.
by ITAS Team
CVSS 5.3
WordPress Plugin Business Intelligence - SQL Injection (Metasploit)
by Jagriti Sahu
WordPress Plugin Business Intelligence - SQL Injection (Metasploit)
by Jagriti Sahu
WordPress Plugin Business Intelligence - SQL Injection (Metasploit)
by Jagriti Sahu
Google Chrome < 39.0.2171.65 - Denial of Service or Other Impact
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
by Roberto Suggi Liverani
Ericsson Drutt Mobile Service Delivery Platform 4,5,6 Path Traversal via Dot Dot Encoded Slash
Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI.
by Anastasios Monachos
Fiyo CMS < 2.0.1.8 - Exposure of Sensitive Information via Database Backup File
Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/.
by Mahendra
CVSS 7.5
WordPress Plugin SP Project & Document Manager 2.5.3 - Blind SQL Injection
by Catsecurity
fiyo_cms < 2.0.1.8 - Improper Access Control via Direct Request to fiyo/dapur
Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur.
by Mahendra
CVSS 9.8
Elegant Themes Divi - Path Traversal
Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734.
by Claudio Viviani
WordPress Plugin aspose-doc-exporter 1.0 - Arbitrary File Download
by ACC3SS
Contact Form Maker 1.0.1 - SQL Injection via id Parameter
SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by TUNISIAN CYBER
CVSS 9.8
setroubleshoot < 3.2.22 - Remote Code Execution via Filename Shell Metacharacters
The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name.
by Sebastian Krahmer
Berta CMS < 0.8.9b - Unauthenticated Arbitrary File Upload and Remote Code Execution via Image File
Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
by Simon Waters
CVSS 9.8
pfSense < 2.2.1 - Cross-Site Scripting via Multiple WebGUI Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the WebGUI in pfSense before 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) zone parameter to status_captiveportal.php; (2) if or (3) dragtable parameter to firewall_rules.php; (4) queue parameter in an add action to firewall_shaper.php; (5) id parameter in an edit action to services_unbound_acls.php; or (6) filterlogentries_time, (7) filterlogentries_sourceipaddress, (8) filterlogentries_sourceport, (9) filterlogentries_destinationipaddress, (10) filterlogentries_interfaces, (11) filterlogentries_destinationport, (12) filterlogentries_protocolflags, or (13) filterlogentries_qty parameter to diag_logs_filter.php.
by High-Tech Bridge SA
WebGate Embedded Standard Protocol SDK - Buffer Overflows in LoadImage, LoadImageEx, ChangePassword, Connect, and AddID
Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control, (3) ChangePassword function in the WESPCONFIGLib.UserItem control, Connect function in the (4) WESPSerialPort.WESPSerialPortCtrl.1 or (5) WESPPLAYBACKLib.WESPPlaybackCtrl control, or (6) AddID function in the WESPCONFIGLib.IDList control or a (7) long string to the second argument to the ConnectEx3 function in the WESPPLAYBACKLib.WESPPlaybackCtrl control.
by Praveen Darshanam
pfSense < 2.2 - Cross-Site Request Forgery via system_firmware_restorefullbackup.php deletefile Parameter
Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter.
by High-Tech Bridge SA
Adobe Flash Player < 11.2.202.442 - Use-After-Free
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.
by SecurityObscurity
CVSS 9.8
WP Marketplace <2.4.1 - Path Traversal
Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter.
by Kacper Szurek
CVSS 4.3
By Source