Text Exploits
31,394 exploits tracked across all sources.
Elastix - Multiple Cross-Site Scripting Vulnerabilities
by cheki
WordPress Plugin ADIF Log Search Widget - 'logbook_search.php' Cross-Site Scripting
by k3170makan
Barracuda SSL VPN 680 - 'returnTo' Open Redirection
by Chokri Ben Achor
SIEMENS Solid Edge ST4/ST5 WebPartHelper - ActiveX RFMSsvs!JShellExecuteEx Remote Code Execution
by rgod
Trend Micro DirectPass 1.5.0.1060 - Multiple Software Vulnerabilities
by Vulnerability-Lab
SIEMENS Solid Edge ST4/ST5 SEListCtrlX - ActiveX SetItemReadOnly Arbitrary Memory Rewrite Remote Code Execution
by rgod
SAS Integration Technologies Client 9.31_M1 'SASspk.dll' - Stack Overflow
by LiquidWorm
WordPress Plugin User Role Editor 3.12 - Cross-Site Request Forgery
by Henry Hoggard
WordPress Plugin Spider Event Calendar 1.3.0 - Multiple Vulnerabilities
by waraxe
WordPress Plugin Spider Catalog 1.4.6 - Multiple Vulnerabilities
by waraxe
RadioCMS 2.2 - SQL Injection via meneger.php playlist_id Parameter
SQL injection vulnerability in meneger.php in RadioCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter.
by Rooster(XEKA)
Sony Playstation 3 (PS3) 4.31 - Save Game Preview '.SFO' Handling Local Command Execution
by Vulnerability-Lab
Windows - Local Privilege Escalation via EPATHOBJ::pprFlattenRec Pointer Initialization
The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."
by Tavis Ormandy
CVSS 7.8
Microsoft Windows - Denial of Service via EPATHOBJ::bFlatten Path Traversal
The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.
by Tavis Ormandy
WordPress Plugin ProPlayer 4.7.9.1 - SQL Injection
by Ashiyane Digital Security Team
Exponent CMS <2.2.0 - SQL Injection
Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the (1) src or (2) username parameter to index.php.
by High-Tech Bridge SA
Drupal Module CKEditor < 4.1WYSIWYG (Drupal 6.x/7.x) - Persistent Cross-Site Scripting
by r0ng
WordPress Plugin wp-FileManager - 'path' Arbitrary File Download
by ByEge
jojo-cms < 1.2.2 - SQL Injection via X-Forwarded-For Header
SQL injection vulnerability in the checkEmailFormat function in plugins/jojo_core/classes/Jojo.php in Jojo before 1.2.2 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header to /articles/test/.
by High-Tech Bridge SA
jojo-cms < 1.2.2 - Cross-Site Scripting via Forgot Password Search Parameter
Cross-site scripting (XSS) vulnerability in plugins/jojo_core/forgot_password.php in Jojo before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter to forgot-password/.
by High-Tech Bridge SA
By Source