Text Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-115632 EXPLOITDB text VERIFIED
Microsoft DirectWrite / AFDKO - Interpreter Stack Underflow in OpenType Font Handling Due to Missing CHKUFLOW
by Google Security Research
CVE-2019-1121 EXPLOITDB HIGH text VERIFIED
Microsoft DirectWrite - RCE
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
by Google Security Research
CVSS 8.8
CVE-2019-1124 EXPLOITDB HIGH text VERIFIED
Microsoft DirectWrite - RCE
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1127, CVE-2019-1128.
by Google Security Research
CVSS 8.8
CVE-2019-1122 EXPLOITDB HIGH text VERIFIED
Microsoft DirectWrite - RCE
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
by Google Security Research
CVSS 8.8
CVE-2019-1120 EXPLOITDB HIGH text VERIFIED
Microsoft DirectWrite - RCE
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127, CVE-2019-1128.
by Google Security Research
CVSS 8.8
EIP-2026-115631 EXPLOITDB text VERIFIED
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow in OpenType Font Handling in readEncoding
by Google Security Research
CVE-2019-1128 EXPLOITDB HIGH text VERIFIED
Microsoft DirectWrite - RCE
A remote code execution vulnerability exists in the way that DirectWrite handles objects in memory, aka 'DirectWrite Remote Code Execution Vulnerability'. This CVE ID is unique from CVE-2019-1117, CVE-2019-1118, CVE-2019-1119, CVE-2019-1120, CVE-2019-1121, CVE-2019-1122, CVE-2019-1123, CVE-2019-1124, CVE-2019-1127.
by Google Security Research
CVSS 8.8
EIP-2026-115630 EXPLOITDB text VERIFIED
Microsoft DirectWrite / AFDKO - Heap-Based Buffer Overflow Due to Integer Overflow in readTTCDirectory
by Google Security Research
CVE-2019-13344 EXPLOITDB MEDIUM text
Crudlab WP Like Button < 1.6.0 - Missing Authentication
An authentication bypass vulnerability in the CRUDLab WP Like Button plugin through 1.6.0 for WordPress allows unauthenticated attackers to change settings. The contains() function in wp_like_button.php did not check if the current request is made by an authorized user, thus allowing any unauthenticated user to successfully update settings, as demonstrated by the wp-admin/admin.php?page=facebook-like-button each_page_url or code_snippet parameter.
by Benjamin Lim
CVSS 5.3
EIP-2026-108969 EXPLOITDB text
Karenderia Multiple Restaurant System 5.3 - SQL Injection
by Mehmet EMIROGLU
EIP-2026-108968 EXPLOITDB text VERIFIED
Karenderia Multiple Restaurant System 5.3 - Local File Inclusion
by Mehmet EMIROGLU
CVE-2019-9701 EXPLOITDB MEDIUM text
DLP 15.5 MP1- - XSS
DLP 15.5 MP1 and all prior versions may be susceptible to a cross-site scripting (XSS) vulnerability, a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
by Chapman Schleiss
CVSS 4.8
CVE-2019-25486 EXPLOITDB HIGH text
Varient 1.6.1 - SQL Injection
Varient 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the user_id parameter. Attackers can submit POST requests with crafted SQL payloads in the user_id field to bypass authentication and extract sensitive database information.
by Mehmet EMIROGLU
CVSS 8.2
CVE-2019-25243 EXPLOITDB HIGH text
FaceSentry 6.4.8 - Command Injection
FaceSentry 6.4.8 contains an authenticated remote command injection vulnerability in pingTest.php and tcpPortTest.php scripts. Attackers can exploit unsanitized input parameters to inject and execute arbitrary shell commands with root privileges by manipulating the 'strInIP' and 'strInPort' parameters.
by LiquidWorm
CVSS 8.8
CVE-2019-25242 EXPLOITDB MEDIUM text
FaceSentry Access Control System 6.4.8 - CSRF
FaceSentry Access Control System 6.4.8 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change administrator passwords, add new admin users, or open access control doors by tricking authenticated users into loading a specially crafted webpage.
by LiquidWorm
CVSS 4.3
CVE-2019-13072 EXPLOITDB MEDIUM text
Zoneminder - XSS
Stored XSS in the Filters page (Name field) in ZoneMinder 1.32.3 allows a malicious user to embed and execute JavaScript code in the browser of any user who navigates to this page.
by Joey Lane
CVSS 5.4
CVE-2019-13070 EXPLOITDB MEDIUM text
Cyberpowersystems Powerpanel - XSS
A stored XSS vulnerability in the Agent/Center component of CyberPower PowerPanel Business Edition 3.4.0 allows a privileged attacker to embed malicious JavaScript in the SNMP trap receivers form. Upon visiting the /agent/action_recipient Event Action/Recipient page, the embedded code will be executed in the browser of the victim.
by Joey Lane
CVSS 5.4
EIP-2026-114369 EXPLOITDB text
WorkSuite PRM 2.4 - 'password' SQL Injection
by Mehmet EMIROGLU
EIP-2026-105862 EXPLOITDB text
CiuisCRM 1.6 - 'eventType' SQL Injection
by Mehmet EMIROGLU
CVE-2019-0285 EXPLOITDB CRITICAL text
SAP Crystal Reports - Cleartext Storage
The .NET SDK WebForm Viewer in SAP Crystal Reports for Visual Studio (fixed in version 2010) discloses sensitive database information including credentials which can be misused by the attacker.
by Mohamed M.Fouad
CVSS 9.8
CVE-2019-11707 EXPLOITDB HIGH text VERIFIED
Mozilla Firefox < 60.7.1 - Type Confusion
A type confusion vulnerability can occur when manipulating JavaScript objects due to issues in Array.pop. This can allow for an exploitable crash. We are aware of targeted attacks in the wild abusing this flaw. This vulnerability affects Firefox ESR < 60.7.1, Firefox < 67.0.3, and Thunderbird < 60.7.2.
by Google Security Research
CVSS 8.8
CVE-2019-13507 EXPLOITDB CRITICAL text
Hidea AZ Admin - SQL Injection
hidea.com AZ Admin 1.0 has news_det.php?cod= SQL Injection.
by felipe andrian
CVSS 9.8
EIP-2026-113871 EXPLOITDB text
WordPress Plugin Live Chat Unlimited 2.8.3 - Cross-Site Scripting
by m0ze
EIP-2026-113821 EXPLOITDB text
WordPress Plugin iLive 1.0.4 - Cross-Site Scripting
by m0ze
CVE-2019-25602 EXPLOITDB MEDIUM text
GSearch 1.0.1.0 Denial of Service via Search Input
GSearch 1.0.1.0 contains a denial of service vulnerability that allows local attackers to crash the application by inputting an excessively long string in the search bar. Attackers can paste a buffer of 2000 characters into the search field, click search, and select any result to trigger an application crash.
by 0xB9
CVSS 5.5
By Source
All 31,346 Exploitdb 50,135 Writeup 47,044 Nomisec 21,287 Metasploit 3,228 Github 2,484 Vulncheck_xdb 901 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,959 python 5,851 c 3,573 perl 2,854 html 2,055 php 1,334 bash 459 java 361 javascript 260 c++ 247 shell 91 go 48 postscript 25 xml 24