Text Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101946 EXPLOITDB text
RICOH Aficio MP 301 Printer - Cross-Site Scripting
by Ismail Tasdelen
CVE-2018-16071 EXPLOITDB HIGH text VERIFIED
Google Chrome < 69.0.3497.81 - Out-of-Bounds Write
A use after free in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to potentially exploit heap corruption via a crafted video file.
by Google Security Research
CVSS 8.8
CVE-2018-16083 EXPLOITDB HIGH text VERIFIED
Google Chrome < 69.0.3497.81 - Out-of-Bounds Read
An out of bounds read in forward error correction code in WebRTC in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page.
by Google Security Research
CVSS 8.8
EIP-2026-101595 EXPLOITDB text
Collectric CMU 1.0 - 'lang' Hard-Coded Credentials / SQL injection
by Simon Brannstrom
CVE-2018-8410 EXPLOITDB HIGH text VERIFIED
Windows Kernel API - Privilege Escalation
An elevation of privilege vulnerability exists when the Windows Kernel API improperly handles registry objects in memory, aka "Windows Registry Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows 8.1, Windows Server 2016, Windows Server 2008 R2, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 7.8
CVE-2018-8449 EXPLOITDB LOW text VERIFIED
Windows - Privilege Escalation
A security feature bypass exists when Device Guard incorrectly validates an untrusted file, aka "Device Guard Security Feature Bypass Vulnerability." This affects Windows Server 2016, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 3.3
CVE-2018-16283 EXPLOITDB CRITICAL text
Wechat Brodcast < 1.2.0 - Path Traversal
The Wechat Broadcast plugin 1.2.0 and earlier for WordPress allows Directory Traversal via the Image.php url parameter.
by Manuel García Cárdenas
CVSS 9.8
CVE-2018-16299 EXPLOITDB HIGH text
Localize MY Post - Path Traversal
The Localize My Post plugin 1.0 for WordPress allows Directory Traversal via the ajax/include.php file parameter.
by Manuel García Cárdenas
CVSS 7.5
CVE-2018-16736 EXPLOITDB MEDIUM text
Roundcube rcfilters <2.1.6 - XSS
In the rcfilters plugin 2.1.6 for Roundcube, XSS exists via the _whatfilter and _messages parameters (in the Filters section of the settings).
by Fahimeh Rezaei
CVSS 5.4
CVE-2018-15832 EXPLOITDB HIGH text
Ubisoft Uplay - Improper Input Validation
upc.exe in Ubisoft Uplay Desktop Client versions 63.0.5699.0 allows remote attackers to execute arbitrary code. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of URI handlers. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code under the context of the current process.
by Che-Chun Kuo
CVSS 8.8
CVE-2018-1002008 EXPLOITDB MEDIUM text
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in list-user.html.php:4: via GET request offset variable.
by Larry W. Cashdollar
CVSS 4.8
CVE-2018-1002007 EXPLOITDB MEDIUM text
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:15: via POST request variable html_id.
by Larry W. Cashdollar
CVSS 4.8
CVE-2018-1002006 EXPLOITDB MEDIUM text
XSS - Privilege Escalation
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in integration-contact-form.html.php:14: via POST request variable classes
by Larry W. Cashdollar
CVSS 4.8
CVE-2018-1002005 EXPLOITDB MEDIUM text
XSS - Bft List Html Php
These vulnerabilities require administrative privileges to exploit. There is an XSS vulnerability in bft_list.html.php:43: via the filter_signup_date parameter.
by Larry W. Cashdollar
CVSS 4.8
CVE-2018-1002004 EXPLOITDB MEDIUM text
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
by Larry W. Cashdollar
CVSS 4.8
CVE-2018-1002003 EXPLOITDB MEDIUM text
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
by Larry W. Cashdollar
CVSS 4.8
CVE-2018-1002002 EXPLOITDB MEDIUM text
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
by Larry W. Cashdollar
CVSS 4.8
CVE-2018-1002001 EXPLOITDB MEDIUM text
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit.
by Larry W. Cashdollar
CVSS 4.8
CVE-2018-1002000 EXPLOITDB HIGH text
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - SQL Injection
There is blind SQL injection in WordPress Arigato Autoresponder and Newsletter v2.5.1.8 These vulnerabilities require administrative privileges to exploit. There is an exploitable blind SQL injection vulnerability via the del_ids variable by POST request.
by Larry W. Cashdollar
CVSS 7.2
CVE-2018-1002009 EXPLOITDB MEDIUM text
WordPress Arigato Autoresponder & Newsletter <v2.5.1.8 - XSS
There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. There is an XSS vulnerability in unsubscribe.html.php:3: via GET reuqest to the email variable.
by Larry W. Cashdollar
CVSS 4.8
CVE-2018-17254 EXPLOITDB CRITICAL text VERIFIED
JCK Editor <6.4.4 - SQL Injection
The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.
by Hamza Megahed
CVSS 9.8
EIP-2026-101885 EXPLOITDB text VERIFIED
Netis ADSL Router DL4322D RTK 2.1.1 - Cross-Site Scripting
by cakes
EIP-2026-114103 EXPLOITDB text VERIFIED
WordPress Plugin Survey & Poll 1.5.7.3 - 'sss_params' SQL Injection
by Ceylan BOZOĞULLARINDAN
CVE-2018-1321 EXPLOITDB HIGH text
Apache Syncope < 1.2.11 - Improper Input Validation
An administrator with report and template entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can use XSL Transformations (XSLT) to perform malicious operations, including but not limited to file read, file write, and code execution.
by Che-Chun Kuo
CVSS 7.2
CVE-2018-1322 EXPLOITDB MEDIUM text
Apache Syncope < 1.2.11 - Information Disclosure
An administrator with user search entitlements in Apache Syncope 1.2.x before 1.2.11, 2.0.x before 2.0.8, and unsupported releases 1.0.x and 1.1.x which may be also affected, can recover sensitive security values using the fiql and orderby parameters.
by Che-Chun Kuo
CVSS 4.9
By Source
All 31,346 Writeup 52,991 Exploitdb 50,135 Nomisec 21,420 Metasploit 3,228 Github 2,580 Vulncheck_xdb 903 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,959 python 5,917 c 3,577 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 52 postscript 25 xml 24