Text Exploits
31,394 exploits tracked across all sources.
Telescope < 0.9.0 - Authenticated Stored Cross-Site Scripting via Markdown
Cross-site scripting (XSS) vulnerability in Telescope before 0.9.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted markdown.
by shubs
CVSS 5.4
Citrix Command Center <5.1-5.2 - Info Disclosure
Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml.
by Han Sahin
Microsoft Windows 8.1 - Local WebDAV NTLM Reflection Privilege Escalation
by Google Security Research
Web-Dorado ECommerce WD for Joomla! search_category_id SQL Injection Scanner
Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php.
by Brandon Perry
Citrix NetScaler - Cross-Site Request Forgery via Nitro API
Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacters in the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix.
by Han Sahin
EMC ViPR SRM < 3.6.1 and Watch4Net < 6.5u1 - Authenticated Path Traversal
Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL.
by Han Sahin
EMC Watch4Net < 6.5 and ViPR SRM < 3.6.0 - Unauthorized Exposure of Sensitive Credentials
EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 might allow remote attackers to obtain cleartext data-center discovery credentials by leveraging certain SRM access to conduct a decryption attack.
by Han Sahin
Fortinet Single Sign On - Stack-based Buffer Overflow via Large PROCESS_HELLO Message
Stack-based buffer overflow in collectoragent.exe in Fortinet Single Sign On (FSSO) before build 164 allows remote attackers to execute arbitrary code via a large PROCESS_HELLO message to the Message Dispatcher on TCP port 8000.
by Core Security
Websense TRITON 7.8.3 and V-Series < 7.8.4 - Authenticated Command Injection via CommandLineServlet
The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the "second" parameter of a command, as demonstrated by the Destination parameter in the ping command.
by Han Sahin
Spybot Search & Destroy 1.6.2 Security Center Service - Local Privilege Escalation
by LiquidWorm
Moodle < 2.5.9, 2.6.x < 2.6.9, 2.7.x < 2.7.6, 2.8.x < 2.8.4 - XSS via IMG Alt/Title
Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt or (2) title attribute in an IMG element.
by LiquidWorm
Metasploit Project < 4.11.1 - Initial User Creation Cross-Site Request Forgery (Metasploit)
by Mohamed Abdelbaset Elnoby
Foxit Reader <7.0.6.1126 - Privilege Escalation
Unquoted Windows search path vulnerability in the Foxit Cloud Safe Update Service in the Cloud plugin in Foxit Reader 6.1 through 7.0.6.1126 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% folder.
by LiquidWorm
WPML < 3.1.8 - Unauthenticated Arbitrary Post Deletion via Menu Sync Function
The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php.
by Jouko Pynnonen
WordPress SEO by Yoast < 1.5.7, 1.6.x < 1.6.4, 1.7.x < 1.7.4 - SQL Injection via order_by or order
Multiple SQL injection vulnerabilities in admin/class-bulk-editor-list-table.php in the WordPress SEO by Yoast plugin before 1.5.7, 1.6.x before 1.6.4, and 1.7.x before 1.7.4 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) order_by or (2) order parameter in the wpseo_bulk-editor page to wp-admin/admin.php. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
by Ryan Dewhurst
Joomla! Component com_simplephotogallery 1.0 - SQL Injection
by Moneer Masoud
Intel Ethernet Diagnostics Driver IQVW32.sys and IQVW64.sys < 1.3.1.0 - Denial of Service via IOCTL Call
(1) IQVW32.sys before 1.3.1.0 and (2) IQVW64.sys before 1.3.1.0 in the Intel Ethernet diagnostics driver for Windows allows local users to cause a denial of service or possibly execute arbitrary code with kernel privileges via a crafted (a) 0x80862013, (b) 0x8086200B, (c) 0x8086200F, or (d) 0x80862007 IOCTL call.
by Glafkos Charalambous
CVSS 7.8
WoltLab Community Gallery 2.0 - Stored Cross-Site Scripting via Image Title Parameter
Cross-site scripting (XSS) vulnerability in WoltLab Community Gallery 2.0 before 2014-12-26 allows remote attackers to inject arbitrary web script or HTML via the parameters[data][7][title] parameter in a saveImageData action to index.php/AJAXProxy.
by ITAS Team
HP ArcSight Logger <6.0P1 - Unspecified Vuln
Multiple unspecified vulnerabilities in HP ArcSight Logger before 6.0P1 have unknown impact and remote authenticated attack vectors.
by Horoszkiewicz Julian ISP_
Citrix NetScaler 10.5 - Firewall Bypass via Content-Type Header Manipulation
Citrix NetScaler AppFirewall, as used in NetScaler 10.5, allows remote attackers to bypass intended firewall restrictions via a crafted Content-Type header, as demonstrated by the application/octet-stream and text/xml Content-Types.
by BGA Security
Ubuntu Upstart <1.13.2-0ubuntu9 - Command Injection
The logrotation script (/etc/cron.daily/upstart) in the Ubuntu Upstart package before 1.13.2-0ubuntu9, as used in Ubuntu Vivid 15.04, allows local users to execute arbitrary commands and gain privileges via a crafted file in /run/user/*/upstart/sessions/.
by halfdog
Windows Text Services - Remote Code Execution via Crafted Website or File
Windows Text Services (WTS) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted (1) web site or (2) file, aka "WTS Remote Code Execution Vulnerability."
by Francis Provencher
By Source