Text Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-115790 EXPLOITDB text VERIFIED
Microsoft Windows cryptoapi - SymCrypt Modular Inverse Algorithm Denial of Service
by Google Security Research
CVE-2019-8641 EXPLOITDB CRITICAL text VERIFIED
Apple Iphone OS < 12.4 - Out-of-Bounds Read
An out-of-bounds read was addressed with improved input validation.
by Google Security Research
CVSS 9.8
CVE-2019-16679 EXPLOITDB MEDIUM text
Gila CMS <1.11.1 - Path Traversal
Gila CMS before 1.11.1 allows admin/fm/?f=../ directory traversal, leading to Local File Inclusion.
by Sainadh Jamalpur
CVSS 4.9
CVE-2019-8605 EXPLOITDB HIGH text
Apple Iphone OS < 12.3 - Use After Free
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.3, macOS Mojave 10.14.5, tvOS 12.3, watchOS 5.2.1. A malicious application may be able to execute arbitrary code with system privileges.
by Umang Raghuvanshi
CVSS 7.8
CVE-2019-25446 EXPLOITDB HIGH text
DIGIT CENTRIS ERP - SQL Injection
DIGIT CENTRIS ERP contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the datum1, datum2, KID, and PID parameters. Attackers can send POST requests to /korisnikinfo.php with malicious SQL syntax in these parameters to extract or modify sensitive database information.
by n1x_
CVSS 8.2
CVE-2019-25316 EXPLOITDB MEDIUM text VERIFIED
GOautodial 4.0 - XSS
GOautodial 4.0 contains a persistent cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the event title parameter. Attackers can exploit the CreateEvent.php endpoint by sending crafted POST requests with XSS payloads to execute arbitrary JavaScript in victim browsers.
by cakes
CVSS 6.4
CVE-2019-16399 EXPLOITDB CRITICAL text
Western Digital WD My Book World - Auth Bypass
Western Digital WD My Book World through II 1.02.12 suffers from Broken Authentication, which allows an attacker to access the /admin/ directory without credentials. An attacker can easily enable SSH from /admin/system_advanced.php?lang=en and login with the default root password welc0me.
by Noman Riffat
CVSS 9.8
EIP-2026-107623 EXPLOITDB text VERIFIED
Hospital-Management 1.26 - 'fname' SQL Injection
by cakes
CVE-2019-13140 EXPLOITDB MEDIUM text
Inteno EG200 - Info Disclosure
Inteno EG200 EG200-WU7P1U_ADAMO3.16.4-190226_1650 routers have a JUCI ACL misconfiguration that allows the "user" account to extract the 3DES key via JSON commands to ubus. The 3DES key is used to decrypt the provisioning file provided by Adamo Telecom on a public URL via cleartext HTTP.
by Gerard Fuguet
CVSS 6.5
CVE-2019-16294 EXPLOITDB HIGH text
Notepad++ <7.7 - RCE/DoS
SciLexer.dll in Scintilla in Notepad++ (x64) before 7.7 allows remote code execution or denial of service via Unicode characters in a crafted .ml file.
by Bogdan Kurinnoy
CVSS 7.8
CVE-2019-1253 EXPLOITDB HIGH text
Microsoft Windows 10 1703 - Symlink Following
An elevation of privilege vulnerability exists when the Windows AppX Deployment Server improperly handles junctions.To exploit this vulnerability, an attacker would first have to gain execution on the victim system, aka 'Windows Elevation of Privilege Vulnerability'. This CVE ID is unique from CVE-2019-1215, CVE-2019-1278, CVE-2019-1303.
by Gabor Seljan
CVSS 7.8
EIP-2026-106064 EXPLOITDB text VERIFIED
CollegeManagementSystem-CMS 1.3 - 'batch' SQL Injection
by cakes
CVE-2016-10258 EXPLOITDB MEDIUM text
Broadcom Advanced Secure Gateway < 6.6.5.14 - Unrestricted File Upload
Unrestricted file upload vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can upload arbitrary malicious files to the management console and trick another administrator user into downloading and executing malicious code.
by Pankaj Kumar Thakur
CVSS 6.8
EIP-2026-112670 EXPLOITDB text VERIFIED
Ticket-Booking 1.4 - Authentication Bypass
by cakes
EIP-2026-106062 EXPLOITDB text VERIFIED
College-Management-System 1.2 - Authentication Bypass
by cakes
CVE-2019-12922 EXPLOITDB MEDIUM text
Phpmyadmin < 4.9.0.1 - CSRF
A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page.
by Manuel García Cárdenas
CVSS 6.5
CVE-2019-16173 EXPLOITDB MEDIUM text VERIFIED
LimeSurvey <3.17.14 - XSS
LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin. This occurs in application/core/Survey_Common_Action.php,
by SEC Consult
CVSS 5.4
CVE-2019-16197 EXPLOITDB MEDIUM text
Dolibarr 10.0.1 - XSS
In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS.
by Metin Yunus Kandemir
CVSS 6.1
CVE-2019-1244 EXPLOITDB MEDIUM text VERIFIED
Microsoft Windows 10 - Information Disclosure
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1245, CVE-2019-1251.
by Google Security Research
CVSS 6.5
CVE-2019-1245 EXPLOITDB MEDIUM text VERIFIED
Microsoft Windows 10 - Information Disclosure
An information disclosure vulnerability exists when DirectWrite improperly discloses the contents of its memory, aka 'DirectWrite Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1244, CVE-2019-1251.
by Google Security Research
CVSS 6.5
CVE-2019-16119 EXPLOITDB CRITICAL text
10Web Photo Gallery <1.5.35 - SQL Injection
SQL injection in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via the admin/controllers/Albumsgalleries.php album_id parameter.
by MTK
CVSS 9.8
CVE-2019-16118 EXPLOITDB MEDIUM text
10Web Photo Gallery <1.5.35 - XSS
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php.
by MTK
CVSS 6.1
CVE-2019-16117 EXPLOITDB MEDIUM text
10Web Photo Gallery <1.5.35 - XSS
Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php.
by MTK
CVSS 6.1
CVE-2019-25452 EXPLOITDB HIGH text
Dolibarr ERP/CRM 10.0.1 - SQL Injection
Dolibarr ERP/CRM 10.0.1 contains an SQL injection vulnerability in the elemid POST parameter of the viewcat.php endpoint that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can submit crafted POST requests with malicious SQL payloads in the elemid parameter to extract sensitive database information using error-based or time-based blind SQL injection techniques.
by Metin Yunus Kandemir
CVSS 7.5
CVE-2019-25450 EXPLOITDB HIGH text
Dolibarr ERP/CRM 10.0.1 - SQL Injection
Dolibarr ERP/CRM 10.0.1 contains multiple SQL injection vulnerabilities that allow authenticated attackers to manipulate database queries by injecting SQL code through POST parameters. Attackers can inject malicious SQL through parameters like actioncode, demand_reason_id, and availability_id in card.php endpoints to extract sensitive database information using boolean-based blind, error-based, and time-based blind techniques.
by Metin Yunus Kandemir
CVSS 7.5
By Source
All 31,346 Exploitdb 50,135 Writeup 46,973 Nomisec 21,281 Metasploit 3,228 Github 2,458 Vulncheck_xdb 900 Inthewild 518 Gitlab 440 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,959 python 5,836 c 3,571 perl 2,854 html 2,055 php 1,334 bash 459 java 361 javascript 260 c++ 247 shell 89 go 48 postscript 25 xml 24