Text Exploits
31,394 exploits tracked across all sources.
WordPress Plugin dzs-videogallery - Arbitrary File Upload
by link_satisi
TP-Link WR740N/WR740ND - Multiple Cross-Site Request Forgery Vulnerabilities
by Samandeep Singh
MyBB Ajax forum stat Plugin 2.0 - SQL Injection via tooltip or usertooltip Parameter
Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter.
by IeDb ir
Pirelli Discus DRG A125g - Remote Change SSID Value
by Sebastián Magof
LimeSurvey 2.00+ (build 131107) - Multiple Vulnerabilities
by LiquidWorm
ImpressPages CMS 3.8 - Persistent Cross-Site Scripting
by sajith
Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 - Remote Code Execution via VhttpdMgr
VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action.
by Eduardo Gonzalez
PineApp Mail-SeCure 3.70 and earlier on 5099SK - Privilege Escalation via Sudoers Misconfiguration
PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms has a sudoers file that does not properly restrict user specifications, which allows local users to gain privileges via a sudo command that leverages access to the qmailq account.
by Ruben Garrote García
SKIDATA Freemotion.Gate - Web Services Multiple Command Execution Vulnerabilities
by Dennis Kelly
nginx 0.8.41-1.4.3 and 1.5.x < 1.5.7 - URI Restriction Bypass via Unescaped Space Character
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.
by Ivan Fratric
DeepOfix < 3.3 - Unauthenticated Authentication Bypass via Empty Password
The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to bypass authentication via an empty password, which triggers an LDAP anonymous bind.
by Gerardo Vazquez_ Eduardo Arriols
Ruckus Wireless Zoneflex 2942 <9.6.0.0.267 - Auth Bypass
Ruckus Wireless Zoneflex 2942 devices with firmware 9.6.0.0.267 allow remote attackers to bypass authentication, and subsequently access certain configuration/ and maintenance/ scripts, by constructing a crafted URI after receiving an authentication error for an arbitrary login attempt.
by myexploit
Kaseya KServer <6.3.0.2 - File Upload
An unrestricted file upload vulnerability exists in Kaseya KServer versions prior to 6.3.0.2. The uploadImage.asp endpoint allows unauthenticated users to upload files to arbitrary paths via a crafted filename parameter in a multipart/form-data POST request. Due to the lack of authentication and input sanitation, an attacker can upload a file with an .asp extension to a web-accessible directory, which can then be invoked to execute arbitrary code with the privileges of the IUSR account. The vulnerability enables remote code execution without prior authentication and was resolved in version 6.3.0.2 by removing the vulnerable uploadImage.asp endpoint.
by Security-Assessment.com
WordPress Theme Make A Statement (MaS) - Cross-Site Request Forgery
by DevilScreaM
WordPress Theme Euclid 1.x - Cross-Site Request Forgery
by DevilScreaM
WordPress Theme Dimension - Cross-Site Request Forgery
by DevilScreaM
LiveZilla 5.0.1.4 - Remote Code Execution via Path Traversal
LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability
by Curesec Research Team
CVSS 9.8
ManageEngine Desktop Central 7.0-9.0 - Path Traversal & Arbitrary File Write via AgentLogUploader
Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter.
by Security-Assessment.com
CVSS 9.8
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 - Unauthenticated Authentication Bypass via TCP Port 37777
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.
by Jake Reynolds
Google Gmail IOS Mobile Application - Persistent Cross-Site Scripting
by Ali Raza
WBR-3406 Wireless Broadband NAT Router - Web-Console Password Change Bypass / Cross-Site Request Forgery
by Yakir Wizman
By Source