Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-0004 EXPLOITDB text VERIFIED
Microsoft Windows - Privilege Escalation via User Profile Service Junction Attack
The User Profile Service (aka ProfSvc) in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges by conducting a junction attack to load another user's UsrClass.dat registry hive, aka MSRC ID 20674 or "Microsoft User Profile Service Elevation of Privilege Vulnerability."
by Google Security Research
CVE-2014-1201 EXPLOITDB text
Lorex Edge Series - Buffer Overflow via HTTP_PORT Parameter
Buffer overflow in the INetViewX ActiveX control in the Lorex Edge LH310 and Edge+ LH320 series with firmware 7-35-28-1B26E, Edge2 LH330 series with firmware 11.17.38-33_1D97A, and Edge3 LH340 series with firmware 11.19.85_1FE3A allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the HTTP_PORT parameter.
by Pedro Ribeiro
CVE-2015-1171 EXPLOITDB text
GSM SIM Utility <6.6 - Buffer Overflow
Stack-based buffer overflow in GSM SIM Utility (aka SIM Card Editor) 6.6 allows remote attackers to execute arbitrary code via a long entry in a .sms file.
by Osanda Malith Jayathissa
CVE-2014-8802 EXPLOITDB text
WordPress Pie Register <2.0.14 - RCE
The Pie Register plugin before 2.0.14 for WordPress does not properly restrict access to certain functions in pie-register.php, which allows remote attackers to (1) add a user by uploading a crafted CSV file or (2) activate a user account via a verifyit action.
by Kacper Szurek
CVE-2014-7862 EXPLOITDB CRITICAL text
ManageEngine Desktop Central < 90109 - Unauthenticated Administrator Account Creation via DCPluginServelet
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.
by Pedro Ribeiro
CVSS 9.8
CVE-2015-1481 EXPLOITDB text
Ansible Tower <2.0.5 - Privilege Escalation
Ansible Tower (aka Ansible UI) before 2.0.5 allows remote organization administrators to gain privileges by creating a superuser account.
by SEC Consult
CVE-2015-1368 EXPLOITDB text
Ansible Tower < 2.0.5 - Cross-Site Scripting via Multiple API Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Ansible Tower (aka Ansible UI) before 2.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) order_by parameter to credentials/, (2) inventories/, (3) projects/, or (4) users/3/permissions/ in api/v1/ or the (5) next_run parameter to api/v1/schedules/.
by SEC Consult
CVE-2015-1482 EXPLOITDB text
Ansible Tower < 2.0.4 - Unauthenticated Sensitive Information Exposure via WebSocket Connection
Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/.
by SEC Consult
CVE-2015-1423 EXPLOITDB text
Gecko CMS 2.2-2.3 - Authenticated SQL Injection via Admin Index Parameters
Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php.
by LiquidWorm
CVE-2015-1422 EXPLOITDB text
Gecko CMS 2.2-2.3 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) horder[], (2) jak_catid, (3) jak_content, (4) jak_css, (5) jak_delete_log[], (6) jak_email, (7) jak_extfile, (8) jak_file, (9) jak_hookshow[], (10) jak_img, (11) jak_javascript, (12) jak_lcontent, (13) jak_name, (14) jak_password, (15) jak_showcontact, (16) jak_tags, (17) jak_title, (18) jak_url, (19) jak_username, (20) real_hook_id[], (21) sp, (22) sreal_plugin_id[], (23) ssp, or (24) sssp parameter to admin/index.php or the (25) editor, (26) field_id, (27) fldr, (28) lang, (29) popup, (30) subfolder, or (31) type parameter to js/editor/plugins/filemanager/dialog.php.
by LiquidWorm
CVE-2015-1424 EXPLOITDB text
Gecko CMS 2.2-2.3 - Cross-Site Request Forgery via Admin User Creation
Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php.
by LiquidWorm
EIP-2026-102238 EXPLOITDB text
Foxit MobilePDF 4.4.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-102978 EXPLOITDB text
RedStar 3.0 Desktop - 'Software Manager swmng.app' Local Privilege Escalation
by RichardG
EIP-2026-102977 EXPLOITDB text
RedStar 2.0 Desktop - 'World-writeable rc.sysinit' Local Privilege Escalation
by prdelka
EIP-2026-113021 EXPLOITDB text
vBulletin MicroCART 1.1.4 - Arbitrary Files Deletion / SQL Injection / Cross-Site Scripting
by Technidev
CVE-2015-0558 EXPLOITDB MEDIUM text
ADB P.DGA4001N Firmware PDG_TEF_SP_4.06L.6 - Missing Encryption of Sensitive Data via WPA Key Generation
The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6, and possibly other routers, uses "1236790" and the MAC address to generate the WPA key.
by Eduardo Novella
CVSS 5.3
CVE-2015-0919 EXPLOITDB text
Sefrengo < 1.6.0 - Authenticated SQL Injection via idcat or idclient Parameter
Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php.
by Steffen Rösemann
CVE-2014-9464 EXPLOITDB text
Microweber CMS <20141209 - SQL Injection
SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable.
by Pham Kien Cuong
CVE-2015-0554 EXPLOITDB text
ADB P.DGA4001N Firmware 4.06L.6 - Unauthenticated Info Disclosure & DoS via Web Interface
The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html.
by Eduardo Novella
CVE-2012-2271 EXPLOITDB text
SkinCrafter 3.0 - Buffer Overflow via InitLicenKeys reg_name Argument
Buffer overflow in the InitLicenKeys function in a certain ActiveX control in SkinCrafter3_vs2005.dll in SkinCrafter 3.0 allows remote attackers to execute arbitrary code via a long string in the first argument (aka the reg_name argument).
by metacom
CVE-2015-1054 EXPLOITDB text
Crea8Social 2.0 - Authenticated Stored Cross-Site Scripting via Game Content Field
Cross-site scripting (XSS) vulnerability in the Games feature in Crea8Social 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the Game Content field in Add Game.
by Yudhistira B W
CVE-2005-0273 EXPLOITDB text
PhotoPost PHP Pro < 4.85 - SQL Injection via cat or ppuser Parameter
Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) ppuser parameter.
by GulfTech Security
CVE-2015-1057 EXPLOITDB text VERIFIED
e107 2.0.0 - Cross-Site Scripting via Real Name Field in usersettings.php
Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the "Real Name" value.
by Ahmet Agar / 0x97
CVE-2005-0270 EXPLOITDB text
ReviewPost PHP Pro < 2.84 - Cross-Site Scripting via si, cat, page, or report Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) si parameter to showcat.php, (2) cat or (3) page parameter to showproduct.php, or (4) report parameter to reportproduct.php.
by GulfTech Security
CVE-2015-0002 EXPLOITDB text VERIFIED
Microsoft Windows - Privilege Escalation via AhcVerifyAdminContext Impersonation Token Bypass
The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not verify that an impersonation token is associated with an administrative account, which allows local users to gain privileges by running AppCompatCache.exe with a crafted DLL file, aka MSRC ID 20544 or "Microsoft Application Compatibility Infrastructure Elevation of Privilege Vulnerability."
by Google Security Research