Text Exploits
31,337 exploits tracked across all sources.
Pineapp Mail-secure 5099sk < - - Access Control
PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms has a sudoers file that does not properly restrict user specifications, which allows local users to gain privileges via a sudo command that leverages access to the qmailq account.
by Ruben Garrote García
SKIDATA Freemotion.Gate - Web Services Multiple Command Execution Vulnerabilities
by Dennis Kelly
nginx <1.5.7 - Auth Bypass
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.
by Ivan Fratric
Deeproot Linux Deepofix < 3.3 - Access Control
The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to bypass authentication via an empty password, which triggers an LDAP anonymous bind.
by Gerardo Vazquez_ Eduardo Arriols
Ruckus Wireless Zoneflex 2942 <9.6.0.0.267 - Auth Bypass
Ruckus Wireless Zoneflex 2942 devices with firmware 9.6.0.0.267 allow remote attackers to bypass authentication, and subsequently access certain configuration/ and maintenance/ scripts, by constructing a crafted URI after receiving an authentication error for an arbitrary login attempt.
by myexploit
Kaseya KServer <6.3.0.2 - File Upload
An unrestricted file upload vulnerability exists in Kaseya KServer versions prior to 6.3.0.2. The uploadImage.asp endpoint allows unauthenticated users to upload files to arbitrary paths via a crafted filename parameter in a multipart/form-data POST request. Due to the lack of authentication and input sanitation, an attacker can upload a file with an .asp extension to a web-accessible directory, which can then be invoked to execute arbitrary code with the privileges of the IUSR account. The vulnerability enables remote code execution without prior authentication and was resolved in version 6.3.0.2 by removing the vulnerable uploadImage.asp endpoint.
by Security-Assessment.com
WordPress Theme Make A Statement (MaS) - Cross-Site Request Forgery
by DevilScreaM
WordPress Theme Euclid 1.x - Cross-Site Request Forgery
by DevilScreaM
WordPress Theme Dimension - Cross-Site Request Forgery
by DevilScreaM
Livezilla - Path Traversal
LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability
by Curesec Research Team
CVSS 9.8
Zohocorp Manageengine Desktop Central < 9.0 - Path Traversal
Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter.
by Security-Assessment.com
CVSS 9.8
Dahuasecurity Dvr Firmware - Authentication Bypass
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.
by Jake Reynolds
Google Gmail IOS Mobile Application - Persistent Cross-Site Scripting
by Ali Raza
WBR-3406 Wireless Broadband NAT Router - Web-Console Password Change Bypass / Cross-Site Request Forgery
by Yakir Wizman
Testa Online Test Management System - SQL Injection
SQL injection vulnerability in Testa Online Test Management System (OTMS) 2.0.0.2 allows remote attackers to execute arbitrary SQL commands via the test_id parameter.
by Ashiyane Digital Security Team
TOSHIBA TEC - CSRF
Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the web-based management utility) on TOSHIBA TEC e-Studio 232, 233, 282, and 283 devices allows remote attackers to hijack the authentication of administrators for requests that change passwords.
by Hubert Gradek
Juniper Junos < 10.4 - Improper Input Validation
jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.
by Sense of Security
WordPress Theme Highlight Premium - Cross-Site Request Forgery / Arbitrary File Upload
by DevilScreaM
Vanilla Forums <2.0.18.8 - Code Injection
Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."
by EgiX
Projeqtor - SQL Injection
SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter.
by Vicente Aguilera Diaz
Horde Groupware - CSRF
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
by Marcela Benetrix
CVSS 8.8
By Source