Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-6191 EXPLOITDB MEDIUM text
Artifex MuJS < 1.0.2 - Integer Overflow in js_strtod
The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an integer overflow because of incorrect exponent validation.
by Andrea Sindoni
CVSS 5.5
EIP-2026-101131 EXPLOITDB text
Sony Playstation 3 (PS3) 4.82 - 'Jailbreak' (ROP)
by PS3Xploit
EIP-2026-113864 EXPLOITDB text
WordPress Plugin Learning Management System - 'course_id' SQL Injection
by Esecurity.ir
CVE-2018-5973 EXPLOITDB CRITICAL text
Professional Local Directory Script 1.0 - SQL Injection
SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php IndustryID parameter, or the suppliers.php IndustryID or CategoryID parameter.
by Ihsan Sencan
CVSS 9.8
EIP-2026-116908 EXPLOITDB text VERIFIED
Blizzard Update Agent - JSON RPC DNS Rebinding
by Google Security Research
CVE-2018-5978 EXPLOITDB CRITICAL text
Facebook Style Php Ajax Chat Zechat 1.5 - SQL Injection
SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the login.php User field.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5979 EXPLOITDB CRITICAL text
Wchat Fully Responsive PHP AJAX Chat Script 1.5 - SQL Injection
SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 via the login.php User field.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5984 EXPLOITDB CRITICAL text
Tumder 2.1 - Joomla! - SQL Injection
SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 component for Joomla! via the PATH_INFO to the category/ URI.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5972 EXPLOITDB CRITICAL text
Classified Ads CMS Quickad 4.0 - SQL Injection
SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat parameter to the listing URI.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5985 EXPLOITDB CRITICAL text
LiveCRM SaaS Cloud 1.0 - SQL Injection
SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for Joomla! via an r=site/login&company_id= request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5988 EXPLOITDB CRITICAL text
Flexible Poll 1.2 - SQL Injection via id Parameter
SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5986 EXPLOITDB CRITICAL text
Easy Car Script 2014 - SQL Injection
SQL Injection exists in Easy Car Script 2014 via the s_order or s_row parameter to site_search.php.
by Ihsan Sencan
CVSS 9.8
EIP-2026-105775 EXPLOITDB text
CentOS Web Panel 0.9.8.12 - 'row_id' / 'domain' SQL Injection
by Vulnerability-Lab
CVE-2018-5977 EXPLOITDB CRITICAL text
Affiligator Affiliate Webshop Mgmt Sys <2.1.0 - SQL Injection
SQL Injection exists in Affiligator Affiliate Webshop Management System 2.1.0 via a search/?q=&price_type=range&price= request.
by Ihsan Sencan
CVSS 9.8
EIP-2026-104354 EXPLOITDB text
NEC Univerge SV9100/SV8100 WebPro 10.0 - Configuration Download
by LiquidWorm
CVE-2018-5999 EXPLOITDB CRITICAL text
AsusWRT <3.0.0.4.384_10007 - Info Disclosure
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.
by Pedro Ribeiro
CVSS 9.8
CVE-2018-6000 EXPLOITDB CRITICAL text
AsusWRT <3.0.0.4.384_10007 - Privilege Escalation
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable infosvr command mode), and consequently obtain remote administrative access, via a crafted request. This is available to unauthenticated attackers in conjunction with CVE-2018-5999.
by Pedro Ribeiro
CVSS 9.8
EIP-2026-105776 EXPLOITDB text
CentOS Web Panel 0.9.8.12 - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2017-16921 EXPLOITDB HIGH text
OTRS <6.0.1-4.0.26 - Command Injection
In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters (related to PGP) and execute arbitrary shell commands with the permissions of the OTRS or web server user.
by Bæln0rn
CVSS 8.8
CVE-2017-15374 EXPLOITDB MEDIUM text
Shopware 5.2.5-5.3 - Stored Cross-Site Scripting in Backend Customer and Order Preview
Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the customer and orders section of the backend. The execution occurs in the administrator backend listing when processing a preview of the customers (kunden) or orders (bestellungen). The injection can be performed interactively via user registration or by manipulation of the order information inputs. The issue can be exploited by low privileged user accounts against higher privileged (admin or moderator) accounts.
by Vulnerability-Lab
CVSS 6.1
CVE-2017-10273 EXPLOITDB MEDIUM text VERIFIED
Oracle JDeveloper 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, 12.2.1.2.0 - Authenticated Path Traversal
Vulnerability in the Oracle JDeveloper component of Oracle Fusion Middleware (subcomponent: Deployment). Supported versions that are affected are 11.1.1.7.0, 11.1.1.7.1, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle JDeveloper executes to compromise Oracle JDeveloper. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle JDeveloper, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle JDeveloper accessible data as well as unauthorized read access to a subset of Oracle JDeveloper accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle JDeveloper. CVSS 3.0 Base Score 4.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:L).
by hyp3rlinx
CVSS 4.7
CVE-2018-5725 EXPLOITDB HIGH text
MASTER IPCAMERA01 <3.3.4.2103 - Info Disclosure
MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Change, as demonstrated by the port number of the web server.
by Raffaele Sabato
CVSS 7.5
CVE-2018-5724 EXPLOITDB CRITICAL text
MASTER IPCAMERA01 <3.3.4.2103 - Info Disclosure
MASTER IPCAMERA01 3.3.4.2103 devices allow Unauthenticated Configuration Download and Upload, as demonstrated by restore.cgi.
by Raffaele Sabato
CVSS 9.8
CVE-2018-5723 EXPLOITDB CRITICAL text
MASTER IPCAMERA01 <3.3.4.2103 - Info Disclosure
MASTER IPCAMERA01 3.3.4.2103 devices have a hardcoded password of cat1029 for the root account.
by Raffaele Sabato
CVSS 9.8
EIP-2026-114631 EXPLOITDB text
Zomato Clone Script - Arbitrary File Upload
by Tauco