Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-5991 EXPLOITDB CRITICAL text VERIFIED
Joomla! Form Maker 3.6.12 - SQL Injection
SQL Injection exists in the Form Maker 3.6.12 component for Joomla! via the id, from, or to parameter in a view=stats request, a different vulnerability than CVE-2015-2798.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6004 EXPLOITDB CRITICAL text
Joomla! File Download Tracker 3.0 - SQL Injection
SQL Injection exists in the File Download Tracker 3.0 component for Joomla! via the dynfield[phone] or sess parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6373 EXPLOITDB CRITICAL text VERIFIED
fastball 2.5 - SQL Injection via Season Parameter
SQL Injection exists in the Fastball 2.5 component for Joomla! via the season parameter in a view=player action.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6584 EXPLOITDB CRITICAL text VERIFIED
DT Register 3.2.7 - SQL Injection via Task Parameter
SQL Injection exists in the DT Register 3.2.7 component for Joomla! via a task=edit&id= request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5989 EXPLOITDB CRITICAL text VERIFIED
ccNewsletter 2.x - Joomla! - SQL Injection
SQL Injection exists in the ccNewsletter 2.x component for Joomla! via the id parameter in a task=removeSubscriber action, a related issue to CVE-2011-5099.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5990 EXPLOITDB CRITICAL text VERIFIED
AllVideos Reloaded <1.2.x - SQL Injection
SQL Injection exists in the AllVideos Reloaded 1.2.x component for Joomla! via the divid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5993 EXPLOITDB CRITICAL text VERIFIED
aist < 2.0 - SQL Injection via id Parameter in showvacancy Request
SQL Injection exists in the Aist through 2.0 component for Joomla! via the id parameter in a view=showvacancy request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5982 EXPLOITDB CRITICAL text VERIFIED
Advertisement Board 3.1.0 - Joomla! - SQL Injection
SQL Injection exists in the Advertisement Board 3.1.0 component for Joomla! via a task=show_rss_categories&catname= request.
by Ihsan Sencan
CVSS 9.8
CVE-2017-10046 EXPLOITDB MEDIUM text VERIFIED
Oracle Primavera P6 <16.1 - Info Disclosure
Vulnerability in the Primavera P6 Enterprise Project Portfolio Management component of Oracle Primavera Products Suite (subcomponent: Web Access). Supported versions that are affected are 8.3, 8.4, 15.1, 15.2 and 16.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Primavera P6 Enterprise Project Portfolio Management, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Primavera P6 Enterprise Project Portfolio Management accessible data as well as unauthorized read access to a subset of Primavera P6 Enterprise Project Portfolio Management accessible data. CVSS 3.0 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
by Marios Nicolaides
CVSS 5.4
CVE-2018-1041 EXPLOITDB HIGH text
jboss-remoting - Denial of Service via RemoteMessageChannel Infinite Loop
A vulnerability was found in the way RemoteMessageChannel, introduced in jboss-remoting versions 3.3.10, reads from an empty buffer. An attacker could use this flaw to cause denial of service via high CPU caused by an infinite loop.
by Frank Spierings
CVSS 7.5
CVE-2016-6272 EXPLOITDB HIGH text VERIFIED
Epic MyChart - XPath Injection via Help Topic Parameter
XPath injection vulnerability in Epic MyChart allows remote attackers to access contents of an XML document containing static display strings, such as field labels, via the topic parameter to help.asp. NOTE: this was originally reported as a SQL injection vulnerability, but this may be inaccurate.
by Shayan S
CVSS 7.5
CVE-2018-0770 EXPLOITDB HIGH text VERIFIED
Microsoft Edge - Remote Code Execution via Scripting Engine Memory Corruption
Microsoft Edge in Windows 10 Gold, 1511, 1607, 1703, 1709, and Windows Server 2016 allows an attacker to execute arbitrary code in the context of the current user, due to how the scripting engine handles objects in memory, aka "Scripting Engine Memory Corruption Vulnerability". This CVE ID is unique from CVE-2018-0758, CVE-2018-0762, CVE-2018-0768, CVE-2018-0769, CVE-2018-0772, CVE-2018-0773, CVE-2018-0774, CVE-2018-0775, CVE-2018-0776, CVE-2018-0777, CVE-2018-0778, and CVE-2018-0781.
by Google Security Research
CVSS 7.5
EIP-2026-103626 EXPLOITDB text VERIFIED
Pdfium - Pattern Shading Integer Overflows
by Google Security Research
EIP-2026-103625 EXPLOITDB text VERIFIED
Pdfium - Out-of-Bounds Read with Shading Pattern Backed by Pattern Colorspace
by Google Security Research
CVE-2018-1204 EXPLOITDB MEDIUM text VERIFIED
Dell EMC Isilon OneFS Path Traversal in isi_phone_home
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a path traversal vulnerability in the isi_phone_home tool. A malicious compadmin may potentially exploit this vulnerability to execute arbitrary code with root privileges.
by Core Security
CVSS 6.7
CVE-2018-1203 EXPLOITDB MEDIUM text VERIFIED
Dell EMC Isilon OneFS 8.0.0.0-8.0.0.6 - Privilege Escalation via Sudo tcpdump
In Dell EMC Isilon OneFS, the compadmin is able to run tcpdump binary with root privileges. In versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, the tcpdump binary, being run with sudo, may potentially be used by compadmin to execute arbitrary code with root privileges.
by Core Security
CVSS 6.7
CVE-2018-1202 EXPLOITDB MEDIUM text VERIFIED
Dell EMC Isilon 7.1.1.11 8.0.0.0-8.0.0.6 8.0.1.0-8.0.1.2 8.1.0.0-8.1.0.1 - Cross-Site Scripting in NDMP Page
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the NDMP Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
by Core Security
CVSS 4.8
CVE-2018-1201 EXPLOITDB MEDIUM text VERIFIED
Dell EMC Isilon 7.1.1.11, 7.2.1.x, 8.0.0.0-8.0.0.6, 8.0.1.0-8.0.1.2, 8.1.0.0-8.1.0.1 XSS in Job Operations
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Job Operations Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
by Core Security
CVSS 4.8
CVE-2018-1189 EXPLOITDB MEDIUM text VERIFIED
Dell EMC Isilon 7.1.1.11-8.1.0.1 Cross-Site Scripting in Antivirus Page
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Antivirus Page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
by Core Security
CVSS 4.8
CVE-2018-1188 EXPLOITDB MEDIUM text VERIFIED
Dell EMC Isilon 7.2.1.0-7.2.1.5, 8.0.0.0-8.0.0.6, 8.0.1.0-8.0.1.2, 8.1.0.0-8.1.0.1 XSS in Authorization Providers
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, and versions 7.2.1.x is affected by a cross-site scripting vulnerability in the Authorization Providers page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
by Core Security
CVSS 4.8
CVE-2018-1187 EXPLOITDB MEDIUM text VERIFIED
Dell EMC Isilon 8.0.0.0-8.0.0.6 - Cross-Site Scripting in Network Configuration Page
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6 is affected by a cross-site scripting vulnerability in the Network Configuration page within the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
by Core Security
CVSS 4.8
CVE-2018-1186 EXPLOITDB MEDIUM text VERIFIED
Dell EMC Isilon 7.1.1.11-8.1.0.1 Stored XSS in Cluster Description
Dell EMC Isilon versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 is affected by a cross-site scripting vulnerability in the Cluster description of the OneFS web administration interface. A malicious administrator may potentially inject arbitrary HTML or JavaScript code in the user's browser session in the context of the OneFS website.
by Core Security
CVSS 4.8
CVE-2018-6940 EXPLOITDB MEDIUM text
nat32 - Remote Code Execution via /shell?cmd= XSS and CSRF
A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with CSRF.
by hyp3rlinx
CVSS 6.1
CVE-2018-6941 EXPLOITDB HIGH text
nat32 v2.2 Build 22284 - Cross-Site Request Forgery via /shell?cmd= Endpoint
A /shell?cmd= CSRF issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with XSS.
by hyp3rlinx
CVSS 8.8
EIP-2026-112934 EXPLOITDB text
userSpice 4.3 - Cross-Site Scripting
by Dolev Farhi