Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-17111 EXPLOITDB CRITICAL text VERIFIED
Posty Readymade Classifieds Script 1.0 - SQL Injection
Posty Readymade Classifieds Script 1.0 allows an attacker to inject SQL commands via a listings.php?catid= or ads-details.php?ID= request.
by Ihsan Sencan
CVSS 9.8
EIP-2026-114837 EXPLOITDB text VERIFIED
Abyss Web Server < 2.11.6 - Heap Memory Corruption
by hyp3rlinx
CVE-2017-17055 EXPLOITDB CRITICAL text
Artica Web Proxy <3.06.112911 - XSS
Artica Web Proxy before 3.06.112911 allows remote attackers to execute arbitrary code as root by conducting a cross-site scripting (XSS) attack involving the username-form-id parameter to freeradius.users.php.
by hyp3rlinx
CVSS 9.0
CVE-2017-16884 EXPLOITDB MEDIUM text VERIFIED
mistserver < 2.13 - Unauthenticated Stored Cross-Site Scripting via Failed Authentication Alert
Cross-site scripting (XSS) vulnerability in MistServer before 2.13 allows remote attackers to inject arbitrary web script or HTML via vectors related to failed authentication requests alerts.
by hyp3rlinx
CVSS 6.1
EIP-2026-108117 EXPLOITDB text
Jobs2Careers / Coroflot Clone - SQL Injection
by 8bitsec
EIP-2026-103868 EXPLOITDB text
Axis Communications MPQT/PACS - Heap Overflow / Information Leakage
by bashis
CVE-2017-15118 EXPLOITDB HIGH text VERIFIED
qemu < 2.11 - Stack-based Buffer Overflow in NBD Server Export Name Handling
A stack-based buffer overflow vulnerability was found in NBD server implementation in qemu before 2.11 allowing a client to request an export name of size up to 4096 bytes, which in fact should be limited to 256 bytes, causing an out-of-bounds stack write in the qemu process. If NBD server requires TLS, the attacker cannot trigger the buffer overflow without first successfully negotiating TLS.
by Eric Blake
CVSS 8.3
CVE-2017-17058 EXPLOITDB HIGH text
WooCommerce < 3.2.6 - Directory Traversal via Email Template URI
The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code
by Fu2x2000
CVSS 7.5
CVE-2017-9095 EXPLOITDB MEDIUM text
Diving Log < 6.0.9 - XML External Entity Injection via Subsurface Import
XXE in Diving Log 6.0 allows attackers to remotely view local files through a crafted dive.xml file that is mishandled during a Subsurface import.
by Trent Gordon
CVSS 5.5
CVE-2017-16944 EXPLOITDB HIGH text VERIFIED
Exim 4.88-4.89 - Denial of Service via BDAT Command Handling
The receive_msg function in receive.c in the SMTP daemon in Exim 4.88 and 4.89 allows remote attackers to cause a denial of service (infinite loop and stack exhaustion) via vectors involving BDAT commands and an improper check for a '.' character signifying the end of the content, related to the bdat_getc function.
by meh
CVSS 7.5
CVE-2017-16953 EXPLOITDB HIGH text VERIFIED
ZTE ZXDSL 831CII Firmware - Unauthenticated Configuration Modification via connoppp.cgi
connoppp.cgi on ZTE ZXDSL 831CII devices does not require HTTP Basic Authentication, which allows remote attackers to modify the PPPoE configuration or set up a malicious configuration via a GET request.
by Ibad Shah
CVSS 7.5
CVE-2017-11882 EXPLOITDB HIGH text
Microsoft Office CVE-2017-11882
Microsoft Office 2007 Service Pack 3, Microsoft Office 2010 Service Pack 2, Microsoft Office 2013 Service Pack 1, and Microsoft Office 2016 allow an attacker to run arbitrary code in the context of the current user by failing to properly handle objects in memory, aka "Microsoft Office Memory Corruption Vulnerability". This CVE ID is unique from CVE-2017-11884.
by embedi
CVSS 7.8
CVE-2017-11830 EXPLOITDB MEDIUM text VERIFIED
Windows - Privilege Escalation
Device Guard in Windows 10 Gold, 1511, 1607, 1703, and 1709, Windows Server 2016, and Windows Server, version 1709 allows an attacker to make an unsigned file appear to be signed, due to a security feature bypass, aka "Device Guard Security Feature Bypass Vulnerability".
by Google Security Research
CVSS 5.3
CVE-2017-16819 EXPLOITDB MEDIUM text
Icon Time Systems RTC-1000 v2.5.7458 - XSS
A stored cross-site scripting vulnerability in the Icon Time Systems RTC-1000 v2.5.7458 and earlier time clock allows remote attackers to inject arbitrary JavaScript in the nameFirst (aka First Name) field for the employee details page (/employee.html) that is then reflected in multiple pages where that field data is utilized, resulting in session hijacking and possible elevation of privileges.
by Keith Thome
CVSS 5.4
CVE-2017-15806 EXPLOITDB HIGH text VERIFIED
Zeta Components Mail < 1.8.2 - Remote Code Execution via Crafted Email Address in Return Path
The send function in the ezcMailMtaTransport class in Zeta Components Mail before 1.8.2 does not properly restrict the set of characters used in the ezcMail returnPath property, which might allow remote attackers to execute arbitrary code via a crafted email address, as demonstrated by one containing "-X/path/to/wwwroot/file.php."
by MalwareBenchmark
CVSS 8.1
EIP-2026-102070 EXPLOITDB text
TP-Link TL-WR740N - Cross-Site Scripting
by bl00dy
CVE-2017-16841 EXPLOITDB MEDIUM text
LanSweeper < 6.0.100.94 - Cross-Site Scripting via Calendar Description Parameter
LanSweeper 6.0.100.75 has XSS via the description parameter to /Calendar/CalendarActions.aspx.
by Miguel Mendez Z
CVSS 6.1
CVE-2017-16962 EXPLOITDB MEDIUM text
CommuniGate Pro < 6.2.1 - Stored Cross-Site Scripting via Calendar Invitation or Directory Name
The WebMail components (Crystal, pronto, and pronto4) in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via (1) the location or details field of a Google Calendar invitation, (2) a crafted Outlook.com calendar (aka Hotmail Calendar) invitation, (3) e-mail granting access to a directory that has JavaScript in its name, (4) JavaScript in a note name, (5) JavaScript in a task name, or (6) HTML e-mail that is mishandled in the Inbox component.
by Boumediene KADDOUR
CVSS 6.1
CVE-2017-15270 EXPLOITDB MEDIUM text
psftpd 10.0.4 Build 729 - Log Injection via CSV Escape Bypass
The PSFTPd 10.0.4 Build 729 server does not properly escape data before writing it into a Comma Separated Values (CSV) file. This can be used by attackers to hide data in the Graphical User Interface (GUI) view and create arbitrary entries to a certain extent. Special characters such as '"' and ',' and '\r' are not escaped and can be used to add new entries to the log.
by X41 D-Sec GmbH
CVSS 5.3
CVE-2017-15271 EXPLOITDB MEDIUM text
PSFTPd 10.0.4 Build 729 - Unauthenticated Use-After-Free via Crafted SSH Identification String
A use-after-free issue could be triggered remotely in the SFTP component of PSFTPd 10.0.4 Build 729. This issue could be triggered prior to authentication. The PSFTPd server did not automatically restart, which enabled attackers to perform a very effective DoS attack against this service. By sending a crafted SSH identification / version string to the server, a NULL pointer dereference could be caused, apparently because of a race condition in the window message handling, performing the cleanup for invalid connections. This incorrect cleanup code has a use-after-free.
by X41 D-Sec GmbH
CVSS 5.9
CVE-2017-16807 EXPLOITDB MEDIUM text VERIFIED
Kirby Panel <2.3.3, <2.4.2, <2.5.7 - XSS
A cross-site Scripting (XSS) vulnerability in Kirby Panel before 2.3.3, 2.4.x before 2.4.2, and 2.5.x before 2.5.7 exists when displaying a specially prepared SVG document that has been uploaded as a content file.
by Ishaq Mohammed
CVSS 5.4
CVE-2017-16780 EXPLOITDB CRITICAL text VERIFIED
MyBB < 1.8.12 - Remote Code Execution via Installer Configuration File Write
The installer in MyBB before 1.8.13 allows remote attackers to execute arbitrary code by writing to the configuration file.
by Pabstersac
CVSS 9.8
CVE-2017-16781 EXPLOITDB MEDIUM text VERIFIED
MyBB < 1.8.12 - Cross-Site Scripting in Installer
The installer in MyBB before 1.8.13 has XSS.
by Pabstersac
CVSS 5.4
CVE-2017-16542 EXPLOITDB HIGH text
Zoho ManageEngine Applications Manager <13 - SQL Injection
Zoho ManageEngine Applications Manager 13 before build 13500 allows Post-authentication SQL injection via the name parameter in a manageApplications.do?method=insert request.
by Cody Sixteen
CVSS 8.8
CVE-2017-16543 EXPLOITDB CRITICAL text
Zoho ManageEngine Applications Manager <13 - SQL Injection
Zoho ManageEngine Applications Manager 13 before build 13500 allows SQL injection via GraphicalView.do, as demonstrated by a crafted viewProps yCanvas field or viewid parameter.
by Cody Sixteen
CVSS 9.8