Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-10312 EXPLOITDB HIGH text
WUZHI CMS 4.1.0 - CSRF
index.php?m=member&v=pw_reset in WUZHI CMS 4.1.0 allows CSRF to change the password of a common member.
by jiguang
CVSS 8.8
CVE-2018-10310 EXPLOITDB MEDIUM text
Catapult UK Cookie Consent <2.3.10 - XSS
A persistent cross-site scripting vulnerability has been identified in the web interface of the Catapult UK Cookie Consent plugin before 2.3.10 for WordPress that allows the execution of arbitrary HTML/script code in the context of a victim's browser.
by B0UG
CVSS 5.4
CVE-2018-9038 EXPLOITDB MEDIUM text
Monstra CMS 3.0.4 - Unauthenticated Arbitrary File Deletion via Files Manager
Monstra CMS 3.0.4 allows remote attackers to delete files via an admin/index.php?id=filesmanager&delete_dir=./&path=uploads/ request.
by Wenming Jiang
CVSS 6.5
CVE-2018-4936 EXPLOITDB MEDIUM text VERIFIED
Adobe Flash Player < 29.0.0.113 - Heap Overflow
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable Heap Overflow vulnerability. Successful exploitation could lead to information disclosure.
by Google Security Research
CVSS 6.5
CVE-2018-4935 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player < 29.0.0.113 - Out-of-bounds Write
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
by Google Security Research
CVSS 8.8
CVE-2018-4937 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player < 29.0.0.113 - Out-of-bounds Write
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds write vulnerability. Successful exploitation could lead to arbitrary code execution in the context of the current user.
by Google Security Research
CVSS 8.8
CVE-2018-4934 EXPLOITDB MEDIUM text VERIFIED
Adobe Flash Player < 29.0.0.113 - Out-of-bounds Read
Adobe Flash Player versions 29.0.0.113 and earlier have an exploitable out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
by Google Security Research
CVSS 6.5
EIP-2026-102606 EXPLOITDB text
gif2apng 1.9 - '.gif' Stack Buffer Overflow
by Hamm3r.py
CVE-2018-8716 EXPLOITDB MEDIUM text
WSO2 Identity Server < 5.5.0 - Stored Cross-Site Scripting via Dashboard
WSO2 Identity Server before 5.5.0 has XSS via the dashboard, allowing attacks by low-privileged attackers.
by SEC Consult
CVSS 5.4
CVE-2018-10201 EXPLOITDB HIGH text
NComputing vSpace Pro <11 - Info Disclosure
An issue was discovered in NcMonitorServer.exe in NC Monitor Server in NComputing vSpace Pro 10 and 11. It is possible to read arbitrary files outside the root directory of the web server. This vulnerability could be exploited remotely by a crafted URL without credentials, with .../ or ...\ or ..../ or ....\ as a directory-traversal pattern to TCP port 8667.
by Javier Bernardo
CVSS 7.5
CVE-2018-10109 EXPLOITDB MEDIUM text
Monstra CMS 3.0.4 - Stored Cross-Site Scripting in Blog Page Content
Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog.
by Wenming Jiang
CVSS 4.8
CVE-2018-9205 EXPLOITDB HIGH text
Drupal Avatar Uploader 7.x-1.0-beta8 - Unauthenticated Path Traversal
Vulnerability in avatar_uploader v7.x-1.0-beta8 , The code in view.php doesn't verify users or sanitize the file path.
by Larry W. Cashdollar
CVSS 7.5
CVE-2018-8056 EXPLOITDB HIGH text
Western Bridge Cobub Razor <0.8.0 - Info Disclosure
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via an invalid channel_name parameter to /index.php?/manage/channel/addchannel or a direct request to /export.php.
by Kyhvedn
CVSS 7.5
CVE-2018-8770 EXPLOITDB MEDIUM text
Western Bridge Cobub Razor 0.8.0 - Info Disclosure
Physical path Leakage exists in Western Bridge Cobub Razor 0.8.0 via generate.php, controllers/getConfigTest.php, controllers/getUpdateTest.php, controllers/postclientdataTest.php, controllers/posterrorTest.php, controllers/posteventTest.php, controllers/posttagTest.php, controllers/postusinglogTest.php, fixtures/Controller_fixt.php, fixtures/Controller_fixt2.php, fixtures/view_fixt2.php, libs/ipTest.php, or models/commonDbfix.php in tests/.
by Kyhvedn
CVSS 5.3
CVE-2018-25327 EXPLOITDB MEDIUM text
Joomla! Component Js Jobs 1.2.0 Cross-Site Request Forgery
Joomla! Component Js Jobs 1.2.0 contains a cross-site request forgery vulnerability that allows attackers to perform state-changing actions without token validation. Attackers can craft malicious HTML forms targeting administrative endpoints like job.jobenforcedelete to delete job entries or modify component settings when administrators visit attacker-controlled pages.
by Sureshbabu Narvaneni
CVSS 5.3
CVE-2018-25306 EXPLOITDB MEDIUM text
PDFunite 0.41.0 Buffer Overflow via Malformed PDF
PDFunite 0.41.0 contains a buffer overflow vulnerability that allows local attackers to crash the application by processing malformed PDF files during merge operations. Attackers can trigger a segmentation fault in the XRef::getEntry function within libpoppler by providing a specially crafted PDF file to the pdfunite utility.
by Hamm3r.py
CVSS 6.2
CVE-2018-25305 EXPLOITDB MEDIUM text
librsvg2-bin 2.40.13 - Malformed SVG Buffer Overflow
librsvg2-bin 2.40.13 contains a buffer overflow vulnerability that allows local attackers to cause a denial of service by processing malformed SVG files. Attackers can supply crafted SVG input to the rsvg conversion tool to trigger a segmentation fault in the cairo image compositor.
by Hamm3r.py
CVSS 6.2
CVE-2018-10078 EXPLOITDB MEDIUM text
Geist WatchDog Console 3.2.2 - Authenticated Stored Cross-Site Scripting via Server Description
Cross-site scripting (XSS) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a server description.
by bzyo
CVSS 4.8
CVE-2018-10077 EXPLOITDB MEDIUM text
Geist WatchDog Console 3.2.2 - Info Disclosure
XML external entity (XXE) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to read arbitrary files via crafted XML data.
by bzyo
CVSS 4.9
CVE-2018-10079 EXPLOITDB HIGH text
Geist WatchDog Console <3.2.2 - Info Disclosure
Geist WatchDog Console 3.2.2 uses a weak ACL for the C:\ProgramData\WatchDog Console directory, which allows local users to modify configuration data by updating (1) config.xml or (2) servers.xml.
by bzyo
CVSS 7.8
CVE-2018-7747 EXPLOITDB MEDIUM text
Caldera Forms < 1.6.0-rc.1 - Stored Cross-Site Scripting via Greeting Message, Email Log, or Imported Form
Multiple cross-site scripting (XSS) vulnerabilities in the Caldera Forms plugin before 1.6.0-rc.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) a greeting message, (2) the email transaction log, or (3) an imported form.
by Federico Scalco
CVSS 4.8
EIP-2026-111851 EXPLOITDB text VERIFIED
Rvsitebuilder CMS - Database Backup Download
by Hesam Bazvand
EIP-2026-109803 EXPLOITDB text VERIFIED
MySQL Squid Access Report 2.1.4 - SQL Injection / Cross-Site Scripting
by Keerati T.
EIP-2026-109802 EXPLOITDB text VERIFIED
MySQL Squid Access Report 2.1.4 - SQL Injection / Cross-Site Scripting
by Keerati T.
CVE-2018-9857 EXPLOITDB MEDIUM text VERIFIED
Match Clone Script 1.0.4 - Cross-Site Scripting via Search Field
PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the "View Search By Id" screen).
by ManhNho
CVSS 6.1