Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101104 EXPLOITDB text
TP-Link Wireless N Router WR840N - Denial of Service (PoC)
by Aniket Dinda
EIP-2026-117185 EXPLOITDB text
Foxit Reader 9.0.1.1049 - Buffer Overflow (ASLR & DEP Bypass)
by Manoj Ahuje
EIP-2026-109573 EXPLOITDB text
Monstra-Dev 3.0.4 - Cross-Site Request Forgery (Account Hijacking)
by Nainsi Gupta
CVE-2018-14493 EXPLOITDB MEDIUM text
Open-Audit Community 2.2.6 - Stored Cross-Site Scripting via Group Name
Cross-site scripting (XSS) vulnerability in the Groups Page in Open-Audit Community 2.2.6 allows remote attackers to inject arbitrary web script or HTML via the group name.
by Ranjeet Jaiswal
CVSS 6.1
CVE-2018-14840 EXPLOITDB MEDIUM text
Subrion < 4.2.2 - Cross-Site Scripting via .html File Upload
uploads/.htaccess in Subrion CMS 4.2.1 allows XSS because it does not block .html file uploads (but does block, for example, .htm file uploads).
by Zeel Chavda
CVSS 6.1
EIP-2026-105974 EXPLOITDB text
CMS ISWEB 3.5.3 - Directory Traversal
by Thiago Sena
CVE-2019-8982 EXPLOITDB CRITICAL text
WaveMaker Studio 6.6 - Server-Side Request Forgery via studioService.download inUrl Parameter
com/wavemaker/studio/StudioService.java in WaveMaker Studio 6.6 mishandles the studioService.download?method=getContent&inUrl= value, leading to disclosure of local files and SSRF.
by Gionathan Reale
CVSS 9.6
CVE-2018-12090 EXPLOITDB MEDIUM text
LAMS < 3.1 - Unauthenticated Reflected Cross-Site Scripting via Forgot Password Key Parameter
There is unauthenticated reflected cross-site scripting (XSS) in LAMS before 3.1 that allows a remote attacker to introduce arbitrary JavaScript via manipulation of an unsanitized GET parameter during a forgotPasswordChange.jsp?key= password change.
by Nikola Kojic
CVSS 6.1
CVE-2018-7669 EXPLOITDB HIGH text
Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 and above - Path Traversal via Log Viewer File Parameter
An issue was discovered in Sitecore Sitecore.NET 8.1 rev. 151207 Hotfix 141178-1 and above. The 'Log Viewer' application is vulnerable to a directory traversal attack, allowing an attacker to access arbitrary files from the host Operating System using a sitecore/shell/default.aspx?xmlcontrol=LogViewerDetails&file= URI. Validation is performed to ensure that the text passed to the 'file' parameter correlates to the correct log file directory. This filter can be bypassed by including a valid log filename and then appending a traditional 'dot dot' style attack.
by Chris
CVSS 7.5
CVE-2018-13417 EXPLOITDB CRITICAL text
Vuze Bittorrent Client 5.7.6.0 - XML External Entity Injection via SSDP/UPnP XML Parser
In Vuze Bittorrent Client 5.7.6.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running Vuze, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.
by Chris Moberly
CVSS 9.8
CVE-2018-13415 EXPLOITDB CRITICAL text
Plex Media Server 1.13.2.5154 - Unauthenticated XML External Entity Injection via SSDP/UPnP Parser
In Plex Media Server 1.13.2.5154, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running Plex, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.
by Chris Moberly
CVSS 9.8
CVE-2018-14869 EXPLOITDB MEDIUM text
PHP Template Store Script 3.0.6 - XSS
PHP Template Store Script 3.0.6 allows XSS via the Address line 1, Address Line 2, Bank name, or A/C Holder name field in a profile.
by Sarafraz Khan
CVSS 5.4
EIP-2026-100773 EXPLOITDB text VERIFIED
cgit < 1.2.1 - 'cgit_clone_objects()' Directory Traversal
by Google Security Research
CVE-2018-13416 EXPLOITDB CRITICAL text
Universal Media Server 7.1.0 - Unauthenticated XML External Entity Injection via SSDP/UPnP Parser
In Universal Media Server (UMS) 7.1.0, the XML parsing engine for SSDP/UPnP functionality is vulnerable to an XML External Entity Processing (XXE) attack. Remote, unauthenticated attackers can use this vulnerability to: (1) Access arbitrary files from the filesystem with the same permission as the user account running UMS, (2) Initiate SMB connections to capture a NetNTLM challenge/response and crack to cleartext password, or (3) Initiate SMB connections to relay a NetNTLM challenge/response and achieve Remote Command Execution in Windows domains.
by Chris Moberly
CVSS 9.8
EIP-2026-112668 EXPLOITDB text VERIFIED
TI Online Examination System v2 - Arbitrary File Download
by AkkuS
EIP-2026-110449 EXPLOITDB text
PageResponse FB Inboxer Add-on 1.2 - 'search_field' SQL Injection
by AkkuS
EIP-2026-101528 EXPLOITDB text
ASUS DSL-N12E_C1 1.1.2.3_345 - Remote Command Execution
by Fakhri Zulkifli
EIP-2026-103718 EXPLOITDB text VERIFIED
WebRTC - VP8 Block Decoding Use-After-Free
by Google Security Research
EIP-2026-103717 EXPLOITDB text VERIFIED
WebRTC - H264 NAL Packet Processing Type Confusion
by Google Security Research
EIP-2026-103716 EXPLOITDB text VERIFIED
WebRTC - FEC Processing Overflow
by Google Security Research
CVE-2018-14716 EXPLOITDB HIGH text
nystudio107 SEOmatic < 3.1.4 - Server-Side Template Injection via Canonical URL Generation
A Server Side Template Injection (SSTI) was discovered in the SEOmatic plugin before 3.1.4 for Craft CMS, because requests that don't match any elements incorrectly generate the canonicalUrl, and can lead to execution of Twig code.
by 0xB455
CVSS 7.5
CVE-2017-15358 EXPLOITDB HIGH text
Charles Proxy < 4.2.1 - Local Privilege Escalation via Race Condition in Settings Binary
Race condition in the Charles Proxy Settings suid binary in Charles Proxy before 4.2.1 allows local users to gain privileges via vectors involving the --self-repair option.
by Mark Wadham
CVSS 7.0
CVE-2018-14728 EXPLOITDB CRITICAL text
Responsive FileManager 9.13.1 - SSRF
upload.php in Responsive FileManager 9.13.1 allows SSRF via the url parameter.
by GUIA BRAHIM FOUAD
CVSS 9.8
CVE-2018-14417 EXPLOITDB CRITICAL text VERIFIED
SoftNAS Cloud <4.0.3 - Command Injection
A command injection vulnerability was found in the web administration console in SoftNAS Cloud before 4.0.3. In particular, the snserv script did not sanitize the 'recentVersion' parameter from the snserv endpoint, allowing an unauthenticated attacker to execute arbitrary commands with root permissions.
by Core Security
CVSS 9.8
CVE-2018-6126 EXPLOITDB HIGH text VERIFIED
Google Chrome <67.0.3396.62 - Memory Corruption
A precision error in Skia in Google Chrome prior to 67.0.3396.62 allowed a remote attacker to perform an out of bounds memory write via a crafted HTML page.
by Google Security Research
CVSS 8.8
By Source
All 31,386 Writeup 62,633 Exploitdb 50,076 Nomisec 22,505 Github 3,761 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 483 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,641 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,335 bash 462 java 371 c++ 261 javascript 231 shell 140 go 75 postscript 25 typescript 25