Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-6220 EXPLOITDB CRITICAL text VERIFIED
Trend Micro Email Encryption Gateway 5.5 - Arbitrary File Write
An arbitrary file write vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to inject arbitrary data, which may lead to gaining code execution on vulnerable systems.
by Core Security
CVSS 9.8
CVE-2018-6219 EXPLOITDB MEDIUM text VERIFIED
Trend Micro Email Encryption Gateway 5.5 - Insecure Update via HTTP
An Insecure Update via HTTP vulnerability in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to eavesdrop and tamper with certain types of update data.
by Core Security
CVSS 6.5
EIP-2026-119412 EXPLOITDB text
Parallels Remote Application Server 15.5 - Path Traversal
by Nicolas Markitanis
CVE-2018-7289 EXPLOITDB LOW text
Armadito 0.12.7.2 - Info Disclosure
An issue was discovered in armadito-windows-driver/src/communication.c in Armadito 0.12.7.2. Malware with filenames containing pure UTF-16 characters can bypass detection. The user-mode service will fail to open the file for scanning after the conversion is done from Unicode to ANSI. This happens because characters that cannot be converted from Unicode are replaced with '?' characters.
by Souhail Hammou
CVSS 3.3
CVE-2018-7317 EXPLOITDB HIGH text
Proclaim 9.1.1 - Unauthenticated Sensitive Information Exposure via Backup File Download
Backup Download exists in the Proclaim 9.1.1 component for Joomla! via a direct request for a .sql file under backup/.
by Ihsan Sencan
CVSS 7.5
CVE-2018-7316 EXPLOITDB CRITICAL text
Proclaim 9.1.1 - Arbitrary File Upload via Mediafileform Action
Arbitrary File Upload exists in the Proclaim 9.1.1 component for Joomla! via a mediafileform action.
by Ihsan Sencan
CVSS 9.8
CVE-2018-7314 EXPLOITDB CRITICAL text
PrayerCenter 3.0.2 - SQL Injection via Session ID Parameter
SQL Injection exists in the PrayerCenter 3.0.2 component for Joomla! via the sessionid parameter, a different vulnerability than CVE-2008-6429.
by Ihsan Sencan
CVSS 9.8
CVE-2018-7319 EXPLOITDB CRITICAL text
OS Property Real Estate 3.12.7 - SQL Injection via Cooling System, Heating System, or Laundry Parameter
SQL Injection exists in the OS Property Real Estate 3.12.7 component for Joomla! via the cooling_system1, heating_system1, or laundry parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-7315 EXPLOITDB CRITICAL text
Ek Rishta 2.9 - SQL Injection via Gender, Age, Religion, Mother Tongue, Caste, or Country Parameter
SQL Injection exists in the Ek Rishta 2.9 component for Joomla! via the gender, age1, age2, religion, mothertounge, caste, or country parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-7313 EXPLOITDB CRITICAL text
CW Tags 2.0.6 - SQL Injection via Searchtext Array Parameter
SQL Injection exists in the CW Tags 2.0.6 component for Joomla! via the searchtext array parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-7318 EXPLOITDB CRITICAL text
belitsoft checklist SQL Injection via title_search, tag_search, name_search, description_search, or filter_order
SQL Injection exists in the CheckList 1.1.1 component for Joomla! via the title_search, tag_search, name_search, description_search, or filter_order parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-7312 EXPLOITDB CRITICAL text
alexandria_book_library 3.1.2 - SQL Injection via Letter Parameter
SQL Injection exists in the Alexandria Book Library 3.1.2 component for Joomla! via the letter parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6230 EXPLOITDB MEDIUM text VERIFIED
Trend Micro Email Encryption Gateway 5.5 - SQL Injection via Search Configuration Script
A SQL injection vulnerability in an Trend Micro Email Encryption Gateway 5.5 search configuration script could allow an attacker to execute SQL commands to upload and execute arbitrary code that may harm the target system.
by Core Security
CVSS 6.8
CVE-2018-0826 EXPLOITDB HIGH text VERIFIED
Windows Storage Services - Privilege Escalation
Windows Storage Services in Windows 10 versions 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way objects are handled in memory, aka "Windows Storage Services Elevation of Privilege Vulnerability".
by Google Security Research
CVSS 7.0
CVE-2018-0823 EXPLOITDB HIGH text VERIFIED
Windows 10 <1709 - Privilege Escalation
The Named Pipe File System in Windows 10 version 1709 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way the Named Pipe File System handles objects, aka "Named Pipe File System Elevation of Privilege Vulnerability".
by Google Security Research
CVSS 7.0
CVE-2018-0822 EXPLOITDB HIGH text VERIFIED
Windows 10 and Windows Server 2016 - Elevation of Privilege via NTFS Reparse Point Handling
NTFS in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way NTFS handles objects, aka "Windows NTFS Global Reparse Point Elevation of Privilege Vulnerability".
by Google Security Research
CVSS 7.0
CVE-2018-0821 EXPLOITDB HIGH text VERIFIED
Windows 10 and Windows Server 2016 - Elevation of Privilege via AppContainer Impersonation
AppContainer in Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to the way constrained impersonations are handled, aka "Windows AppContainer Elevation Of Privilege Vulnerability".
by Google Security Research
CVSS 7.0
EIP-2026-104143 EXPLOITDB text VERIFIED
μTorrent (uTorrent) Classic/Web - JSON-RPC Remote Code Execution / Information Disclosure
by Google Security Research
CVE-2018-7198 EXPLOITDB MEDIUM text
October CMS < 1.0.431 - Stored Cross-Site Scripting via Add Posts Page
October CMS through 1.0.431 allows XSS by entering HTML on the Add Posts page.
by Samrat Das
CVSS 6.1
EIP-2026-100977 EXPLOITDB text
Aastra 6755i SIP SP4 - Denial of Service
by Wadeek
CVE-2018-13818 EXPLOITDB CRITICAL text
symfony/twig < 2.4.4 - Server-Side Template Injection via search_key Parameter
Twig before 2.4.4 allows Server-Side Template Injection (SSTI) via the search search_key parameter. NOTE: the vendor points out that Twig itself is not a web application and states that it is the responsibility of web applications using Twig to properly wrap input to it
by JameelNabbo
CVSS 9.8
EIP-2026-115642 EXPLOITDB text VERIFIED
Microsoft Edge - 'UnmapViewOfFile' ACG Bypass
by Google Security Research
EIP-2026-112817 EXPLOITDB text VERIFIED
TV - Video Subscription - Authentication Bypass SQL Injection
by L0RD
EIP-2026-111564 EXPLOITDB text VERIFIED
PSNews Website 1.0.0 - 'Keywords' SQL Injection
by L0RD
EIP-2026-110585 EXPLOITDB text VERIFIED
PHIMS - Hospital Management Information System - 'Password' SQL Injection
by L0RD