Text Exploits

31,368 exploits tracked across all sources.

Sort: Activity Stars
CVE-2016-10036 EXPLOITDB CRITICAL text
JFrog Artifactory <4.16 - RCE
Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file.
by Alessio Sergi
CVSS 9.8
EIP-2026-102064 EXPLOITDB text
TP-Link Technologies TL-WA850RE Wi-Fi Range Extender - Remote Reboot
by Wadeek
CVE-2018-10258 EXPLOITDB HIGH text
Shopy Point of Sale <1.0 - Code Injection
A CSV Injection vulnerability was discovered in Shopy Point of Sale v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
by 8bitsec
CVSS 8.8
CVE-2018-10260 EXPLOITDB HIGH text
HRSALE The Ultimate HRM 1.0.2 - LFI
A Local File Inclusion vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.
by 8bitsec
CVSS 8.8
CVE-2018-10257 EXPLOITDB HIGH text
HRSALE The Ultimate HRM <1.0.2 - Command Injection
A CSV Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
by 8bitsec
CVSS 8.8
CVE-2018-10259 EXPLOITDB MEDIUM text
HRSALE The Ultimate HRM <1.0.2 - XSS
An Authenticated Stored XSS vulnerability was found in HRSALE The Ultimate HRM v1.0.2, exploitable by a low privileged user.
by 8bitsec
CVSS 5.4
CVE-2018-10256 EXPLOITDB HIGH text
HRSALE The Ultimate HRM <1.0.2 - SQL Injection
A SQL Injection vulnerability was discovered in HRSALE The Ultimate HRM v1.0.2 that allows a user with low level privileges to directly modify the SQL query.
by 8bitsec
CVSS 8.8
CVE-2018-7602 EXPLOITDB CRITICAL text VERIFIED
Drupal < 7.59 - Code Injection
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being compromised. This vulnerability is related to Drupal core - Highly critical - Remote Code Execution - SA-CORE-2018-002. Both SA-CORE-2018-002 and this vulnerability are being exploited in the wild.
by Blaklis
CVSS 9.8
CVE-2018-10255 EXPLOITDB HIGH text
clustercoding Blog Master Pro v1.0 - Command Injection
A CSV Injection vulnerability was discovered in clustercoding Blog Master Pro v1.0 that allows a user with low level privileges to inject a command that will be included in the exported CSV file, leading to possible code execution.
by 8bitsec
CVSS 8.8
CVE-2018-9137 EXPLOITDB MEDIUM text
Open-AudIT <2.2 - Code Injection
Open-AudIT before 2.2 has CSV Injection.
by Sureshbabu Narvaneni
CVSS 6.8
CVE-2018-10312 EXPLOITDB HIGH text
WUZHI CMS 4.1.0 - CSRF
index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member.
by jiguang
CVSS 8.8
CVE-2018-10310 EXPLOITDB MEDIUM text
Catapult UK Cookie Consent <2.3.10 - XSS
A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary HTML/script code in the context of a victim's browser.
by B0UG
CVSS 5.4
CVE-2018-9038 EXPLOITDB MEDIUM text
Monstra - Path Traversal
Monstra CMS 3.0.4 allows remote attackers to delete files via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request.
by Wenming Jiang
CVSS 6.5
CVE-2018-4936 EXPLOITDB MEDIUM text VERIFIED
Adobe Flash Player Desktop Runtime < 29.0.0.113 - Memory Corruption
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure.
by Google Security Research
CVSS 6.5
CVE-2018-4935 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player Desktop Runtime < 29.0.0.113 - Out-of-Bounds Write
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
by Google Security Research
CVSS 8.8
CVE-2018-4937 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player Desktop Runtime < 29.0.0.113 - Out-of-Bounds Write
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
by Google Security Research
CVSS 8.8
CVE-2018-4934 EXPLOITDB MEDIUM text VERIFIED
Adobe Flash Player Desktop Runtime < 29.0.0.113 - Out-of-Bounds Read
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
by Google Security Research
CVSS 6.5
EIP-2026-102606 EXPLOITDB text
gif2apng 1.9 - '.gif' Stack Buffer Overflow
by Hamm3r.py
CVE-2018-8716 EXPLOITDB MEDIUM text
WSO2 Identity Server <5.5.0 - XSS
WSO2 Identity Server before 5.5.0 has XSS via the dashboard, allowing attacks by low-privileged attackers.
by SEC Consult
CVSS 5.4
CVE-2018-10201 EXPLOITDB HIGH text
NComputing vSpace Pro <11 - Info Disclosure
An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with .../ or ...\ or ..../ or ....\ as a directory-traversal pattern to TCP port 8667.
by Javier Bernardo
CVSS 7.5
CVE-2018-10109 EXPLOITDB MEDIUM text
Monstra CMS 3.0.4 - XSS
Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog.
by Wenming Jiang
CVSS 4.8
CVE-2018-9205 EXPLOITDB HIGH text
Drupal Avatar Uploader - Path Traversal
Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path.
by Larry W. Cashdollar
CVSS 7.5
CVE-2018-8056 EXPLOITDB HIGH text
Western Bridge Cobub Razor <0.8.0 - Info Disclosure
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an invalid channel_name parameter to /index.php?/manage/channel/addchannel or a direct request to /export.php.
by Kyhvedn
CVSS 7.5
CVE-2018-8770 EXPLOITDB MEDIUM text
Western Bridge Cobub Razor 0.8.0 - Info Disclosure
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php in tests/.
by Kyhvedn
CVSS 5.3
CVE-2018-25306 EXPLOITDB MEDIUM text
PDFunite 0.41.0 Buffer Overflow via Malformed PDF
PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmentation fault in the XRef::getEntry function within libpoppler by providing a specially crafted PDF file to the pdfunite utility.
by Hamm3r.py
CVSS 6.2
By Source
All 31,368 Writeup 54,084 Exploitdb 50,193 Nomisec 21,431 Metasploit 3,228 Github 2,586 Vulncheck_xdb 904 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,368 ruby 5,960 python 5,951 c 3,580 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 55 postscript 25 xml 24