Text Exploits
31,337 exploits tracked across all sources.
ManageEngine EventLog Analyzer 9.0 - Directory Traversal / Cross-Site Scripting
by Ertebat Gostar Co
Google Android - Denial of Service
WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and potentially other unspecified Android releases before 5.0.1 and 5.0.2 does not properly handle exceptions, which allows remote attackers to cause a denial of service (reboot) via a crafted 802.11 probe response frame.
by Core Security
CVSS 7.5
NPDS Revolution 13 - SQL Injection
SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote attackers to execute arbitrary SQL commands via the query parameter.
by Narendra Bhati
xlinkerz ecommerceMajor - SQL Injection
Multiple SQL injection vulnerabilities in xlinkerz ecommerceMajor allow remote attackers to execute arbitrary SQL commands via the (1) productbycat parameter to product.php, or (2) username or (3) password parameter to __admin/index.php.
by Manish Tanwar
ManageEngine ServiceDesk Plus 9.0 - User Enumeration
by Muhammad Ahmed Siddiqui
ZOHO ManageEngine SDP <9.0.9031 - SQL Injection
SQL injection vulnerability in reports/CreateReportTable.jsp in ZOHO ManageEngine ServiceDesk Plus (SDP) before 9.0 build 9031 allows remote authenticated users to execute arbitrary SQL commands via the site parameter.
by Muhammad Ahmed Siddiqui
Cisco Ironport Appliances - Privilege Escalation
by Glafkos Charalambous
Free Reprintables ArticleFR <3.0.5 - SQL Injection
SQL injection vulnerability in the getProfile function in system/profile.functions.php in Free Reprintables ArticleFR 3.0.5 allows remote attackers to execute arbitrary SQL commands via the username parameter to register/.
by TranDinhTien
Pixabay Images <2.4 - Code Injection
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not properly restrict access to the upload functionality, which allows remote attackers to write to arbitrary files.
by Hans-Martin Muench
Pixabay Images <2.4 - XSS
Cross-site scripting (XSS) vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the image_user parameter.
by Hans-Martin Muench
Pixabay Images <2.4 - Path Traversal
Directory traversal vulnerability in pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress allows remote attackers to write to arbitrary files via a .. (dot dot) in the q parameter.
by Hans-Martin Muench
Pixabay Images <2.4 - Code Injection
pixabay-images.php in the Pixabay Images plugin before 2.4 for WordPress does not validate hostnames, which allows remote authenticated users to write to arbitrary files via an upload URL with a host other than pixabay.com.
by Hans-Martin Muench
CformsII <14.7 - RCE
Unrestricted file upload vulnerability in lib_nonajax.php in the CformsII plugin 14.7 and earlier for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension via the cf_uploadfile2[] parameter, then accessing the file via a direct request to the file in the default upload directory.
by Zakhar
Microsoft Windows 7 - Access Control
The User Profile Service (aka ProfSvc) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges by conducting a junction attack to load another user's UsrClass.dat registry hive, aka MSRC ID 20674 or "Microsoft User Profile Service Elevation of Privilege Vulnerability."
by Google Security Research
Lorex Technology Edge Lh310 Firmware - Memory Corruption
Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter.
by Pedro Ribeiro
GSM SIM Utility <6.6 - Buffer Overflow
Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file.
by Osanda Malith Jayathissa
WordPress Pie Register <2.0.14 - RCE
The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action.
by Kacper Szurek
Zohocorp Desktop Central < 90109 - Access Control
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.
by Pedro Ribeiro
CVSS 9.8
Ansible Tower <2.0.5 - Privilege Escalation
Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization administrators to gain privileges by creating a superuser account.
by SEC Consult
Ansible Tower <2.0.5 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) users/3/permissions/ in api/v1/ or the (5) next_run parameter to api/v1/schedules/.
by SEC Consult
By Source