Text Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-25308 EXPLOITDB HIGH text
Mikogo <5.2.2.150317 - Code Injection
Mikogo 5.2.2.150317 contains an unquoted service path vulnerability in the Mikogo-Service Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific path locations.
by cakes
CVSS 7.8
CVE-2019-16330 EXPLOITDB MEDIUM text
NCH Express Accounts Accounting v7.02 - XSS
In NCH Express Accounts Accounting v7.02, persistent cross site scripting (XSS) exists in Invoices/Sales Orders/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Sales Orders/Items/Customers/Quotes fields parameter to inject arbitrary JavaScript.
by Debashis Pal
CVSS 5.4
EIP-2026-117419 EXPLOITDB text
LiteManager 4.5.0 - 'romservice' Unquoted Serive Path
by cakes
EIP-2026-117402 EXPLOITDB text
Lavasoft 2.3.4.7 - 'LavasoftTcpService' Unquoted Service Path
by Luis MedinaL
EIP-2026-114736 EXPLOITDB text
Solaris xscreensaver 11.4 - Privilege Escalation
by Marco Ivaldi
CVE-2019-25310 EXPLOITDB HIGH text
ActiveFax Server <6.92 Build 0316 - Code Injection
ActiveFax Server 6.92 Build 0316 contains an unquoted service path vulnerability in the ActiveFaxServiceNT service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with elevated administrative privileges.
by cakes
CVSS 7.8
CVE-2019-17591 EXPLOITDB text
Bolt CMS 3.6.10 - Cross-Site Request Forgery
by r3m0t3nu11
CVE-2019-16282 EXPLOITDB MEDIUM text
NCH Express Invoice <7.12 - XSS
In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. An authenticated unprivileged user can add/modify the Invoices/Items/Customers fields parameter to inject arbitrary JavaScript.
by Debashis Pal
CVSS 5.4
CVE-2019-14737 EXPLOITDB HIGH text
Ubisoft Uplay - Incorrect Default Permissions
Ubisoft Uplay 92.0.0.6280 has Insecure Permissions.
by Kusol Watchara-Apanukorn
CVSS 7.8
CVE-2019-17503 EXPLOITDB MEDIUM text
Kirona DRS 5.5.3.5 - Info Disclosure
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database information such as database version, table name, column name, etc.
by Ramikan
CVSS 5.3
EIP-2026-117667 EXPLOITDB text
National Instruments Circuit Design Suite 14.0 - Local Privilege Escalation
by Ivan Marmolejo
EIP-2026-101809 EXPLOITDB text
Intelbras Router WRN150 1.0.18 - Persistent Cross-Site Scripting
by Prof. Joas Antonio
CVE-2019-1364 EXPLOITDB HIGH text VERIFIED
Windows - Privilege Escalation
An elevation of privilege vulnerability exists in Windows when the Windows kernel-mode driver fails to properly handle objects in memory, aka 'Win32k Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1362.
by Google Security Research
CVSS 7.8
CVE-2019-1347 EXPLOITDB MEDIUM text VERIFIED
Windows - DoS
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1346.
by Google Security Research
CVSS 6.5
CVE-2019-1345 EXPLOITDB MEDIUM text VERIFIED
Windows Kernel - Info Disclosure
An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory, aka 'Windows Kernel Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1334.
by Google Security Research
CVSS 5.5
CVE-2019-1346 EXPLOITDB MEDIUM text VERIFIED
Windows - DoS
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1343, CVE-2019-1347.
by Google Security Research
CVSS 6.5
CVE-2019-1344 EXPLOITDB MEDIUM text VERIFIED
Windows Code Integrity Module - Info Disclosure
An information disclosure vulnerability exists in the way that the Windows Code Integrity Module handles objects in memory, aka 'Windows Code Integrity Module Information Disclosure Vulnerability'.
by Google Security Research
CVSS 5.5
CVE-2019-1343 EXPLOITDB MEDIUM text VERIFIED
Windows - DoS
A denial of service vulnerability exists when Windows improperly handles objects in memory, aka 'Windows Denial of Service Vulnerability'. This CVE ID is unique from CVE-2019-1346, CVE-2019-1347.
by Google Security Research
CVSS 6.5
CVE-2019-13529 EXPLOITDB HIGH text
SMA Sunny Webbox Firmware < 1.6 - CSRF
An attacker could send a malicious link to an authenticated operator, which may allow remote attackers to perform actions with the permissions of the user on the Sunny WebBox Firmware Version 1.6 and prior. This device uses IP addresses to maintain communication after a successful login, which would increase the ease of exploitation.
by Borja Merino
CVSS 8.8
CVE-2019-8717 EXPLOITDB HIGH text VERIFIED
Apple Mac OS X < 10.15 - Out-of-Bounds Write
A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Catalina 10.15, tvOS 13. An application may be able to execute arbitrary code with kernel privileges.
by Google Security Research
CVSS 7.8
CVE-2019-17382 EXPLOITDB CRITICAL text
Zabbix < 4.4 - IDOR
An issue was discovered in zabbix.php?action=dashboard.view&dashboardid=1 in Zabbix through 4.4. An attacker can bypass the login page and access the dashboard page, and then create a Dashboard, Report, Screen, or Map without any Username/Password (i.e., anonymously). All created elements (Dashboard/Report/Screen/Map) are accessible by other users and by an admin.
by Milad Khoshdel
CVSS 9.1
CVE-2019-8452 EXPLOITDB HIGH text
Checkpoint Endpoint Security < e80.96 - Symlink Following
A hard-link created from log file archive of Check Point ZoneAlarm up to 15.4.062 or Check Point Endpoint Security client for Windows before E80.96 to any file on the system will get its permission changed so that all users can access that linked file. Doing this on files with limited access gains the local attacker higher privileges to the file.
by Jakub Palaczynski
CVSS 7.8
CVE-2019-17225 EXPLOITDB MEDIUM text
Intelliants Subrion - XSS
Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue.
by Creatigon
CVSS 5.4
CVE-2019-4013 EXPLOITDB CRITICAL text
IBM Bigfix Platform < 9.5.11 - Unrestricted File Upload
IBM BigFix Platform 9.5 could allow any authenticated user to upload any file to any location on the server with root privileges. This results in code execution on underlying system with root privileges. IBM X-Force ID: 155887.
by Jakub Palaczynski
CVSS 9.0
CVE-2019-25438 EXPLOITDB HIGH text
LabCollector 5.423 - SQL Injection
LabCollector 5.423 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by injecting malicious code through POST parameters. Attackers can submit crafted SQL payloads in the login parameter of login.php or the user_name parameter of retrieve_password.php to extract sensitive database information without authentication.
by Carlos Avila
CVSS 7.5
By Source
All 31,346 Exploitdb 50,135 Writeup 46,968 Nomisec 21,259 Metasploit 3,228 Github 2,444 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,959 python 5,832 c 3,570 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 87 go 47 postscript 25 xml 24