Text Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-115629 EXPLOITDB text VERIFIED
Microsoft Compiled HTML Help / Uncompiled .chm File - XML External Entity Injection
by hyp3rlinx
CVE-2019-13383 EXPLOITDB MEDIUM text
Webpanel - Information Disclosure
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, the Login process allows attackers to check whether a username is valid by reading the HTTP response.
by Pongtorn Angsuchotmetee_ Nissana Sirijirakal_ Narin Boonwasanarak
CVSS 5.3
CVE-2019-13359 EXPLOITDB HIGH text
Webpanel - Unrestricted File Upload
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.836, a cwpsrv-xxx cookie allows a normal user to craft and upload a session file to the /tmp directory, and use it to become the root user.
by Pongtorn Angsuchotmetee_ Nissana Sirijirakal_ Narin Boonwasanarak
CVSS 7.5
CVE-2019-13605 EXPLOITDB HIGH text
CentOS Web Panel 0.9.8.838-0.9.8.846 - Auth Bypass
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.838 to 0.9.8.846, remote attackers can bypass authentication in the login process by leveraging the knowledge of a valid username. The attacker must defeat an encoding that is not equivalent to base64, and thus this is different from CVE-2019-13360.
by Pongtorn Angsuchotmetee
CVSS 8.8
CVE-2019-13396 EXPLOITDB MEDIUM text
Flightpath < 4.8.3 - Path Traversal
FlightPath 4.x and 5.0-x allows directory traversal and Local File Inclusion through the form_include parameter in an index.php?q=system-handle-form-submit POST request because of an include_once in system_handle_form_submit in modules/system/system.module.
by Mohammed Althibyani
CVSS 5.3
EIP-2026-101873 EXPLOITDB text
Netgear WiFi Router JWNR2010v5 / R6080 - Authentication Bypass
by Wadeek
CVE-2019-1943 EXPLOITDB MEDIUM text
Cisco Sg200-50 Firmware - Open Redirect
A vulnerability in the web interface of Cisco Small Business 200, 300, and 500 Series Switches software could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. The vulnerability is due to improper input validation of the parameters of an HTTP request. An attacker could exploit this vulnerability by intercepting a user's HTTP request and modifying it into a request that causes the web interface to redirect the user to a specific malicious URL. This type of vulnerability is known as an open redirect attack and is used in phishing attacks that get users to unknowingly visit malicious sites.
by Ramikan
CVSS 4.7
CVE-2019-2107 EXPLOITDB HIGH text
Android -< 9 - RCE
In ihevcd_parse_pps of ihevcd_parse_headers.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-130024844.
by Marcin Kozlowski
CVSS 8.8
CVE-2019-1019 EXPLOITDB HIGH text VERIFIED
Microsoft Windows 10 - Information Disclosure
A security feature bypass vulnerability exists where a NETLOGON message is able to obtain the session key and sign messages. To exploit this vulnerability, an attacker could send a specially crafted authentication request. An attacker who successfully exploited this vulnerability could access another machine using the original user privileges. The issue has been addressed by changing how NTLM validates network authentication messages.
by Google Security Research
CVSS 8.5
EIP-2026-115658 EXPLOITDB text VERIFIED
Microsoft Font Subsetting - DLL Heap Corruption in ComputeFormat4CmapData
by Google Security Research
CVE-2019-13346 EXPLOITDB MEDIUM text
Myt - XSS
In MyT 1.5.1, the User[username] parameter has XSS.
by Metin Yunus Kandemir
CVSS 6.1
CVE-2019-10349 EXPLOITDB MEDIUM text
Jenkins Dependency Graph Viewer < 0.13 - XSS
A stored cross site scripting vulnerability in Jenkins Dependency Graph Viewer Plugin 0.13 and earlier allowed attackers able to configure jobs in Jenkins to inject arbitrary HTML and JavaScript in the plugin-provided web pages in Jenkins.
by Ishaq Mohammed
CVSS 5.4
CVE-2019-13491 EXPLOITDB text
Tenda D301 v2 Modem Router - Persistent Cross-Site Scripting
by ABDO10
CVE-2019-13493 EXPLOITDB MEDIUM text
Sitecore Experience Platform - XSS
In Sitecore 9.0 rev 171002, Persistent XSS exists in the Media Library and File Manager. An authenticated unprivileged user can modify the uploaded file extension parameter to inject arbitrary JavaScript.
by Owais Mehtab
CVSS 5.4
EIP-2026-115781 EXPLOITDB text VERIFIED
Microsoft Windows - Font Subsetting DLL Heap-Based Out-of-Bounds Read in MergeFonts
by Google Security Research
EIP-2026-115637 EXPLOITDB text VERIFIED
Microsoft DirectWrite / AFDKO - Use of Uninitialized Memory While Freeing Resources in var_loadavar
by Google Security Research
EIP-2026-115636 EXPLOITDB text VERIFIED
Microsoft DirectWrite / AFDKO - Stack-Based Buffer Overflow in do_set_weight_vector_cube for Large nAxes
by Google Security Research
CVE-2019-1123 EXPLOITDB HIGH text VERIFIED
Microsoft DirectWrite - RCE
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
by Google Security Research
CVSS 8.8
CVE-2019-1117 EXPLOITDB HIGH text VERIFIED
Microsoft DirectWrite - RCE
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
by Google Security Research
CVSS 8.8
CVE-2019-1127 EXPLOITDB HIGH text VERIFIED
Microsoft DirectWrite - RCE
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1128.
by Google Security Research
CVSS 8.8
CVE-2019-1118 EXPLOITDB HIGH text VERIFIED
Microsoft DirectWrite - RCE
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
by Google Security Research
CVSS 8.8
CVE-2019-1119 EXPLOITDB HIGH text VERIFIED
Microsoft DirectWrite - RCE
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
by Google Security Research
CVSS 8.8
EIP-2026-115635 EXPLOITDB text VERIFIED
Microsoft DirectWrite / AFDKO - Out-of-Bounds Read in OpenType Font Handling Due to Undefined FontName Index
by Google Security Research
EIP-2026-115634 EXPLOITDB text VERIFIED
Microsoft DirectWrite / AFDKO - NULL Pointer Dereferences in OpenType Font Handling While Accessing Empty dynarrays
by Google Security Research
EIP-2026-115633 EXPLOITDB text VERIFIED
Microsoft DirectWrite / AFDKO - Multiple Bugs in OpenType Font Handling Related to the _post_ Table
by Google Security Research
By Source
All 31,346 Exploitdb 50,135 Writeup 46,974 Nomisec 21,287 Metasploit 3,228 Github 2,465 Vulncheck_xdb 900 Inthewild 518 Gitlab 440 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,959 python 5,840 c 3,571 perl 2,854 html 2,055 php 1,334 bash 459 java 361 javascript 260 c++ 247 shell 89 go 48 postscript 25 xml 24