Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-117899 EXPLOITDB text
ScanGuard Antivirus 2020 - Insecure Folder Permissions
by hyp3rlinx
CVE-2019-18873 EXPLOITDB CRITICAL text
FUDForum 3.0.9 - Stored Cross-Site Scripting and Remote Code Execution via User-Agent Header
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php.
by liquidsky
CVSS 9.0
CVE-2019-18396 EXPLOITDB HIGH text
Technicolor TD5130v2 Firmware - OS Command Injection via Ping Module pingAddr Parameter
An issue was discovered in certain Oi third-party firmware that may be installed on Technicolor TD5130v2 devices. A Command Injection in the Ping module in the Web Interface in OI_Fw_V20 allows remote attackers to execute arbitrary OS commands in the pingAddr parameter to mnt_ping.cgi. NOTE: This may overlap CVE-2017–14127.
by João Teles
CVSS 7.2
CVE-2019-25356 EXPLOITDB MEDIUM text
Bematech MP-4200 TH - Stored Cross-Site Scripting via Admin Configuration Page Parameters
Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a cross-site scripting vulnerability in the admin configuration page. Attackers can inject malicious scripts via crafted POST requests with malformed 'admin' and 'person' parameters, allowing execution of arbitrary JavaScript in the context of an authenticated user's browser session.
by Jonatas Fil
CVSS 6.1
CVE-2019-25401 EXPLOITDB HIGH text
Bematech MP-4200 TH - Denial of Service via Malformed Admin Configuration Parameters
Bematech (formerly Logic Controls, now Elgin) MP-4200 TH printer contains a denial of service vulnerability in the admin configuration page. Remote attackers can send crafted POST requests with malformed 'admin' and 'person' parameters to crash the printer's web service, causing a denial of service condition.
by Jonatas Fil
CVSS 7.5
CVE-2019-25345 EXPLOITDB HIGH text
Realtek IIS Codec Service 6.4.10041.133 - Code Injection
Realtek IIS Codec Service 6.4.10041.133 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in the service configuration to inject malicious executables and escalate privileges on the system.
by chuyreds
CVSS 7.8
CVE-2019-25285 EXPLOITDB HIGH text
Alps Pointing-device Controller 8.1202.1711.04 - Code Injection
Alps Pointing-device Controller 8.1202.1711.04 contains an unquoted service path vulnerability in the ApHidMonitorService that allows local attackers to execute code with elevated privileges. Attackers can place a malicious executable in the service path and gain system-level access when the service restarts or the system reboots.
by Mario Rodriguez
CVSS 7.8
CVE-2019-25266 EXPLOITDB HIGH text
Wondershare Application Framework Service 2.4.3.231 - Code Injection
Wondershare Application Framework Service 2.4.3.231 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted service path by placing malicious executables in specific directory locations to hijack the service's execution context.
by chuyreds
CVSS 7.8
EIP-2026-118149 EXPLOITDB text
Wondershare Application Framework Service - _WsAppService_ Unquote Service Path
by chuyreds
EIP-2026-116714 EXPLOITDB text
Acronis True Image OEM 19.0.5128 - 'afcdpsrv' Unquoted Service Path
by Alejandra Sánchez
EIP-2026-105763 EXPLOITDB text
CBAS-Web 19.0.0 - 'id' Boolean-based Blind SQL Injection
by LiquidWorm
CVE-2019-9189 EXPLOITDB HIGH text
Prima Systems FlexAir < 2.3.38 - Authenticated Arbitrary File Upload and Remote Code Execution via Python Script Upload
Prima Systems FlexAir, Versions 2.4.9api3 and prior. The application allows the upload of arbitrary Python scripts when configuring the main central controller. These scripts can be immediately executed because of root code execution, not as a web server user, allowing an authenticated attacker to gain full system access.
by LiquidWorm
CVSS 8.8
CVE-2019-7272 EXPLOITDB MEDIUM text
Optergy Proton/Enterprise - Info Disclosure
Optergy Proton/Enterprise devices allow Username Disclosure.
by LiquidWorm
CVSS 5.3
CVE-2019-7274 EXPLOITDB CRITICAL text
Optergy Proton/Enterprise - Code Injection
Optergy Proton/Enterprise devices allow Authenticated File Upload with Code Execution as root.
by LiquidWorm
CVSS 9.8
CVE-2019-7273 EXPLOITDB HIGH text
Optergy Enterprise and Proton < 2.3.0a - Cross-Site Request Forgery
Optergy Proton/Enterprise devices allow Cross-Site Request Forgery (CSRF).
by LiquidWorm
CVSS 8.8
CVE-2019-7254 EXPLOITDB HIGH text
Linear eMerge E3-Series - Path Traversal
Linear eMerge E3-Series devices allow File Inclusion.
by LiquidWorm
CVSS 7.5
CVE-2019-7254 EXPLOITDB HIGH text
Linear eMerge E3-Series - Path Traversal
Linear eMerge E3-Series devices allow File Inclusion.
by LiquidWorm
CVSS 7.5
CVE-2019-7262 EXPLOITDB HIGH text
Linear eMerge Essential and Elite Firmware < 1.00-06 - Cross-Site Request Forgery
Linear eMerge E3-Series devices allow Cross-Site Request Forgery (CSRF).
by LiquidWorm
CVSS 8.8
CVE-2019-7255 EXPLOITDB MEDIUM text
Linear eMerge Essential and Elite Firmware < 1.00-06 - Cross-Site Scripting
Linear eMerge E3-Series devices allow XSS.
by LiquidWorm
CVSS 6.1
CVE-2019-10846 EXPLOITDB MEDIUM text
Computrols CBAS < 19.0.0 - Unauthenticated Reflected Cross-Site Scripting via Username Parameter
Computrols CBAS 18.0.0 allows Unauthenticated Reflected Cross-Site Scripting vulnerabilities in the login page and password reset page via the username GET parameter.
by LiquidWorm
CVSS 6.1
CVE-2019-10848 EXPLOITDB MEDIUM text
Computrols CBAS < 19.0.0 - Username Enumeration
Computrols CBAS 18.0.0 allows Username Enumeration.
by LiquidWorm
CVSS 5.3
CVE-2019-10847 EXPLOITDB HIGH text
Computrols CBAS < 19.0.0 - Cross-Site Request Forgery
Computrols CBAS 18.0.0 allows Cross-Site Request Forgery.
by LiquidWorm
CVSS 8.8
CVE-2019-10849 EXPLOITDB HIGH text
Computrols CBAS < 19.0.0 - Unauthenticated Source Code Disclosure via SVN Directory
Computrols CBAS 18.0.0 allows unprotected Subversion (SVN) directory / source code disclosure.
by LiquidWorm
CVSS 7.5
CVE-2018-12234 EXPLOITDB MEDIUM text
Adrenalin 5.4.0 - Reflected Cross-Site Scripting via GeneralInfo.aspx strAction Parameter
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4.0 HRMS Software. The user supplied input containing JavaScript is echoed back in JavaScript code in an HTML response via the flexiportal/GeneralInfo.aspx strAction parameter.
by Cy83rl0gger
CVSS 6.1
CVE-2018-12653 EXPLOITDB MEDIUM text
Adrenalin HRMS 5.4.0 - Reflected Cross-Site Scripting via ReportId Parameter
A Reflected Cross Site Scripting (XSS) vulnerability exists in Adrenalin HRMS 5.4.0. An attacker can input malicious JavaScript code in /RPT/SSRSDynamicEditReports.aspx via 'ReportId' parameter.
by Cy83rl0gger
CVSS 6.1
By Source
All 31,386 Writeup 62,508 Exploitdb 50,076 Nomisec 22,472 Github 3,695 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,606 ruby 6,006 c 3,632 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 135 go 73 postscript 25 typescript 25