Text Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110124 EXPLOITDB text
Online Invoicing System 2.6 - 'description' Persistent Cross-Site Scripting
by Cemal Cihad ÇİFTÇİ
CVE-2019-19516 EXPLOITDB MEDIUM text
Intelbras WRN 150 1.0.18 - CSRF
Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a password.
by Prof. Joas Antonio
CVSS 6.5
CVE-2019-25338 EXPLOITDB MEDIUM text
DokuWiki 2018-04-22b - Info Disclosure
DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset endpoint and distinguish between existing and non-existing accounts by analyzing the server's error response messages.
by Talha ŞEN
CVSS 5.3
CVE-2019-25234 EXPLOITDB MEDIUM text
SmartHouse Webapp 6.5.33 - CSRF/XSS
SmartHouse Webapp 6.5.33 contains multiple cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform unauthorized actions. Attackers can exploit these vulnerabilities by tricking logged-in users into visiting malicious websites or injecting malicious scripts into various application parameters.
by LiquidWorm
CVSS 5.3
EIP-2026-119663 EXPLOITDB text VERIFIED
Visual Studio 2008 - XML External Entity Injection
by hyp3rlinx
EIP-2026-119659 EXPLOITDB text
Microsoft Excel 2016 1901 - XML External Entity Injection
by hyp3rlinx
EIP-2026-117443 EXPLOITDB text
Max Secure Anti Virus Plus 19.0.4.020 - Insecure File Permissions
by hyp3rlinx
CVE-2019-25272 EXPLOITDB HIGH text
TexasSoft CyberPlanet 6.4.131 - Code Injection
TexasSoft CyberPlanet 6.4.131 contains an unquoted service path vulnerability in the CCSrvProxy service that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\TenaxSoft\CyberPlanet\SrvProxy.exe' to inject malicious executables and gain elevated system privileges.
by Cristian Ayala G
CVSS 7.8
CVE-2019-25265 EXPLOITDB MEDIUM text
Online Inventory Manager 3.2 - XSS
Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie theft and client-side script execution.
by Cemal Cihad ÇİFTÇİ
CVSS 6.4
EIP-2026-113507 EXPLOITDB text
WordPress Core 5.3 - User Disclosure
by SajjadBnd
CVE-2019-25273 EXPLOITDB HIGH text
Easy-Hide-IP 5.0.0.3 - Code Injection
Easy-Hide-IP 5.0.0.3 contains an unquoted service path vulnerability in the EasyRedirect service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe' to inject malicious executables and escalate privileges.
by Rene Cortes S
CVSS 7.8
EIP-2026-118093 EXPLOITDB text
Waves MaxxAudio Drivers 1.1.6.0 - 'WavesSysSvc64' Unquoted Service Path
by Luis Martínez
EIP-2026-117560 EXPLOITDB text
Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation
by Abdelhamid Naceri
CVE-2019-25274 EXPLOITDB HIGH text
ProShow Producer 9.0.3797 - Code Injection
ProShow Producer 9.0.3797 contains an unquoted service path vulnerability in the ScsiAccess service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
by ZwX
CVSS 7.8
CVE-2019-19490 EXPLOITDB HIGH text
LiteManager 4.5.0 - Info Disclosure
LiteManager 4.5.0 has weak permissions (Everyone: Full Control) in the "LiteManagerFree - Server" folder, as demonstrated by ROMFUSClient.exe.
by ZwX
CVSS 7.3
CVE-2019-1429 EXPLOITDB HIGH text VERIFIED
Microsoft Internet Explorer - Out-of-Bounds Write
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka 'Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1426, CVE-2019-1427, CVE-2019-1428.
by Google Security Research
CVSS 7.5
EIP-2026-103375 EXPLOITDB text VERIFIED
macOS 10.14.6 - root->kernel Privilege Escalation via update_dyld_shared_cache
by Google Security Research
CVE-2019-19491 EXPLOITDB MEDIUM text
TestLink 1.9.19 - XSS
TestLink 1.9.19 has XSS via the lib/testcases/archiveData.php edit parameter, the index.php reqURI parameter, or the URI in a lib/testcases/tcEdit.php?doAction=doDeleteStep request.
by Milad Khoshdel
CVSS 6.1
CVE-2019-18862 EXPLOITDB HIGH text
Maidag <3.8 - Privilege Escalation
maidag in GNU Mailutils before 3.8 is installed setuid and allows local privilege escalation in the url mode.
by Mike Gualtieri
CVSS 7.8
EIP-2026-101894 EXPLOITDB text
Network Management Card 6.2.0 - Host Header Injection
by Amal E Thamban
CVE-2019-15794 EXPLOITDB HIGH text VERIFIED
Linux kernel - Use After Free
Overlayfs in the Linux kernel and shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, both replace vma->vm_file in their mmap handlers. On error the original value is not restored, and the reference is put for the file to which vm_file points. On upstream kernels this is not an issue, as no callers dereference vm_file following after call_mmap() returns an error. However, the aufs patchs change mmap_region() to replace the fput() using a local variable with vma_fput(), which will fput() vm_file, leading to a refcount underflow.
by Google Security Research
CVSS 7.1
CVE-2019-15793 EXPLOITDB MEDIUM text VERIFIED
Linux kernel <5.3 - Privilege Escalation
In shiftfs, a non-upstream patch to the Linux kernel included in the Ubuntu 5.0 and 5.3 kernel series, several locations which shift ids translate user/group ids before performing operations in the lower filesystem were translating them into init_user_ns, whereas they should have been translated into the s_user_ns for the lower filesystem. This resulted in using ids other than the intended ones in the lower fs, which likely did not map into the shifts s_user_ns. A local attacker could use this to possibly bypass discretionary access control permissions.
by Google Security Research
CVSS 6.5
EIP-2026-102164 EXPLOITDB text VERIFIED
iOS 12.4 - Sandbox Escape due to Integer Overflow in mediaserverd
by Google Security Research
CVE-2019-25276 EXPLOITDB HIGH text
Studio 5000 Logix Designer 30.01.00 - Privilege Escalation
Studio 5000 Logix Designer 30.01.00 contains an unquoted service path vulnerability in the FactoryTalk Activation Service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in C:\Program Files (x86)\Rockwell Software\FactoryTalk Activation\ to inject malicious code that would execute with LocalSystem permissions.
by Luis Martínez
CVSS 7.8
CVE-2019-25275 EXPLOITDB HIGH text
BartVPN 1.2.2 - Code Injection
BartVPN 1.2.2 contains an unquoted service path vulnerability in the BartVPNService that allows local attackers to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted binary path by placing malicious executables in specific file system locations to hijack the service's execution context.
by ZwX
CVSS 7.8
By Source
All 31,346 Exploitdb 50,135 Writeup 46,968 Nomisec 21,259 Metasploit 3,228 Github 2,444 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,959 python 5,832 c 3,570 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 87 go 47 postscript 25 xml 24