Text Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-25354 EXPLOITDB HIGH text
iSmartViewPro 1.3.34 - DoS
iSmartViewPro 1.3.34 contains a denial of service vulnerability that allows attackers to crash the application by overflowing the camera ID input field. Attackers can paste a 257-character buffer into the camera DID and password fields to trigger an application crash on iOS devices.
by Ivan Marmolejo
CVSS 7.5
CVE-2019-25352 EXPLOITDB HIGH text
Crystal Live HTTP Server 6.01 - Path Traversal
Crystal Live HTTP Server 6.01 contains a directory traversal vulnerability that allows remote attackers to access system files by manipulating URL path segments. Attackers can use multiple '../' sequences to navigate outside the web root and retrieve sensitive configuration files like Windows system files.
by numan türle
CVSS 7.5
CVE-2019-25344 EXPLOITDB HIGH text
Wondershare MobileGo 8.5.0 - Privilege Escalation
Wondershare MobileGo 8.5.0 contains an insecure file permissions vulnerability that allows local users to modify executable files in the application directory. Attackers can replace the original MobileGo.exe with a malicious executable to create a new user account and add it to the Administrators group with full system access.
by ZwX
CVSS 7.8
CVE-2019-25281 EXPLOITDB HIGH text
NCP Secure Entry Client 9.2 - Code Injection
NCP Secure Entry Client 9.2 contains an unquoted service path vulnerability in multiple Windows services that allows local users to potentially execute arbitrary code. Attackers can exploit the unquoted paths in services like ncprwsnt, rwsrsu, ncpclcfg, and NcpSec to inject malicious code that would execute with LocalSystem privileges during service startup.
by Akif Mohamed Ik
CVSS 7.8
EIP-2026-117128 EXPLOITDB text
Emerson PAC Machine Edition 9.70 Build 8595 - 'FxControlRuntime' Unquoted Service Path
by Luis Martínez
EIP-2026-116823 EXPLOITDB text
ASUS HM Com Service 1.00.31 - 'asHMComSvc' Unquoted Service Path
by Olimpia Saucedo
CVE-2019-14345 EXPLOITDB CRITICAL text
TemaTres 3.0 - Privilege Escalation
TemaTres 3.0 allows remote unprivileged users to create an administrator account
by Pablo Santiago
CVSS 9.8
CVE-2019-14343 EXPLOITDB MEDIUM text
TemaTres 3.0 - XSS
TemaTres 3.0 has stored XSS via the value parameter to the vocab/admin.php?vocabulario_id=list URI.
by Pablo Santiago
CVSS 5.4
CVE-2019-16758 EXPLOITDB HIGH text
Lexmark Services Monitor <2.27.4.0.39 - Path Traversal
In Lexmark Services Monitor 2.27.4.0.39 (running on TCP port 2070), a remote attacker can use a directory traversal technique using /../../../ or ..%2F..%2F..%2F to obtain local files on the host operating system.
by Kevin Randall
CVSS 7.5
CVE-2019-25283 EXPLOITDB HIGH text
Shrew Soft VPN Client 2.2.2 - Privilege Escalation
Shrew Soft VPN Client 2.2.2 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with elevated system privileges. Attackers can place malicious executables in the unquoted service path to gain elevated access during service startup or system reboot.
by D.Goedecke
CVSS 7.8
EIP-2026-117741 EXPLOITDB text
oXygen XML Editor 21.1.1 - XML External Entity Injection
by Pablo Santiago
CVE-2019-18951 EXPLOITDB HIGH text
SibSoft Xfilesharing <2.5.1 - Path Traversal
SibSoft Xfilesharing through 2.5.1 allows op=page&tmpl=../ directory traversal to read arbitrary files.
by Noman Riffat
CVSS 7.5
EIP-2026-101079 EXPLOITDB text
Siemens Desigo PX 6.00 - Denial of Service (PoC)
by LiquidWorm
CVE-2019-25355 EXPLOITDB HIGH text
gSOAP 2.8 - Path Traversal
gSOAP 2.8 contains a directory traversal vulnerability that allows unauthenticated attackers to access system files by manipulating HTTP path traversal techniques. Attackers can retrieve sensitive files like /etc/passwd by sending crafted GET requests with multiple '../' directory traversal sequences.
by numan türle
CVSS 7.5
EIP-2026-117899 EXPLOITDB text
ScanGuard Antivirus 2020 - Insecure Folder Permissions
by hyp3rlinx
CVE-2019-18873 EXPLOITDB CRITICAL text
FUDForum 3.0.9 - Stored XSS
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php.
by liquidsky
CVSS 9.0
CVE-2019-18396 EXPLOITDB HIGH text
Technicolor Td5130v2 Firmware - OS Command Injection
An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to mnt_ping.cgi. NOTE: This may overlap CVE-2017–14127.
by João Teles
CVSS 7.2
CVE-2019-25356 EXPLOITDB MEDIUM text
Bematech MP-4200 TH - XSS
Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a cross-site scripting vulnerability in the admin configuration page. Attackers can inject malicious scripts via crafted POST requests with malformed 'admin' and 'person' parameters, allowing execution of arbitrary JavaScript in the context of an authenticated user's browser session.
by Jonatas Fil
CVSS 6.1
CVE-2019-25401 EXPLOITDB HIGH text
Bematech MP-4200 TH - DoS
Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a denial of service vulnerability in the admin configuration page. Remote attackers can send crafted POST requests with malformed 'admin' and 'person' parameters to crash the printer's web service, causing a denial of service condition.
by Jonatas Fil
CVSS 7.5
CVE-2019-25345 EXPLOITDB HIGH text
Realtek IIS Codec Service 6.4.10041.133 - Code Injection
Realtek IIS Codec Service 6.4.10041.133 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service configuration to inject malicious executables and escalate privileges on the system.
by chuyreds
CVSS 7.8
CVE-2019-25285 EXPLOITDB HIGH text
Alps Pointing-device Controller 8.1202.1711.04 - Code Injection
Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious executable in the service path and gain system-level access when the service restarts or the system reboots.
by Mario Rodriguez
CVSS 7.8
CVE-2019-25266 EXPLOITDB HIGH text
Wondershare Application Framework Service 2.4.3.231 - Code Injection
Wondershare Application Framework Service 2.4.3.231 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific directory locations to hijack the service's execution context.
by chuyreds
CVSS 7.8
EIP-2026-118149 EXPLOITDB text
Wondershare Application Framework Service - _WsAppService_ Unquote Service Path
by chuyreds
EIP-2026-116714 EXPLOITDB text
Acronis True Image OEM 19.0.5128 - 'afcdpsrv' Unquoted Service Path
by Alejandra Sánchez
EIP-2026-105763 EXPLOITDB text
CBAS-Web 19.0.0 - 'id' Boolean-based Blind SQL Injection
by LiquidWorm
By Source
All 31,346 Exploitdb 50,135 Writeup 46,968 Nomisec 21,259 Metasploit 3,228 Github 2,444 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,959 python 5,832 c 3,570 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 87 go 47 postscript 25 xml 24