Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-14086 EXPLOITDB HIGH text VERIFIED
Trend Micro OfficeScan 11.0 - Use After Free
Pre-authorization Start Remote Process vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to start the fcgiOfcDDA.exe executable or cause a potential INI corruption, which may cause the server disk space to be consumed with dump files from continuous HTTP requests.
by hyp3rlinx
CVSS 7.5
CVE-2017-14084 EXPLOITDB HIGH text VERIFIED
Trend Micro OfficeScan 11.0 and XG (12.0) - Remote Code Execution via Man-in-the-Middle Attack
A potential Man-in-the-Middle (MitM) attack vulnerability in Trend Micro OfficeScan 11.0 and XG may allow attackers to execute arbitrary code on vulnerable installations.
by hyp3rlinx
CVSS 8.1
EIP-2026-118027 EXPLOITDB text VERIFIED
Trend Micro OfficeScan 11.0/XG (12.0) - Image File Execution Bypass
by hyp3rlinx
EIP-2026-115745 EXPLOITDB text
Microsoft Office Groove - 'Workspace Shortcut' Arbitrary Code Execution
by Eduardo Braun Prado
EIP-2026-112791 EXPLOITDB text VERIFIED
Trend Micro OfficeScan 11.0/XG (12.0) - Server Side Request Forgery
by hyp3rlinx
CVE-2017-14083 EXPLOITDB HIGH text VERIFIED
Trend Micro OfficeScan 11.0 - Info Disclosure
A vulnerability in Trend Micro OfficeScan 11.0 and XG allows remote unauthenticated users who can access the system to download the OfficeScan encryption file.
by hyp3rlinx
CVSS 7.5
CVE-2017-14085 EXPLOITDB MEDIUM text VERIFIED
Trend Micro OfficeScan <11.0 - Info Disclosure
Information disclosure vulnerabilities in Trend Micro OfficeScan 11.0 and XG may allow unauthenticated users who can access the OfficeScan server to query the network's NT domain or the PHP version and modules.
by hyp3rlinx
CVSS 5.3
CVE-2017-14087 EXPLOITDB HIGH text VERIFIED
Trend Micro OfficeScan XG 12.0 - Host Header Injection
A Host Header Injection vulnerability in Trend Micro OfficeScan XG (12.0) may allow an attacker to spoof a particular Host header, allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.
by hyp3rlinx
CVSS 7.5
EIP-2026-111706 EXPLOITDB text
Real Estate MLM plan script 1.0 - 'srch' SQL Injection
by 8bitsec
EIP-2026-110733 EXPLOITDB text
PHP Multi Vendor Script 1.02 - 'sid' SQL Injection
by 8bitsec
EIP-2026-106691 EXPLOITDB text
Easy Blog PHP Script 1.3a - 'id' SQL Injection
by 8bitsec
CVE-2017-18378 EXPLOITDB HIGH text
NETGEAR ReadyNAS Surveillance <1.4.3-17 x86 & <1.1.4-7 ARM - RCE via upgrade_handle.php
In NETGEAR ReadyNAS Surveillance before 1.4.3-17 x86 and before 1.1.4-7 ARM, $_GET['uploaddir'] is not escaped and is passed to system() through $tmp_upload_dir, leading to upgrade_handle.php?cmd=writeuploaddir remote command execution.
by Kacper Szurek
CVSS 8.4
CVE-2017-14620 EXPLOITDB MEDIUM text
SmarterStats 11.3.6347 - Stored Cross-Site Scripting via Referer Field in HTTP Logfiles
SmarterStats Version 11.3.6347 will Render the Referer Field of HTTP Logfiles from URL /Data/Reports/ReferringURLsWithQueries resulting in Stored Cross Site Scripting.
by sqlhacker
CVSS 6.1
CVE-2017-14844 EXPLOITDB HIGH text
Mojoomla WPGYM <WordPress> - SQL Injection
Mojoomla WPGYM WordPress Gym Management System allows SQL Injection via the id parameter.
by Ihsan Sencan
CVSS 8.8
CVE-2017-14845 EXPLOITDB HIGH text
Mojoomla WPCHURCH < - SQL Injection
Mojoomla WPCHURCH Church Management System for WordPress allows SQL Injection via the id parameter.
by Ihsan Sencan
CVSS 8.8
CVE-2017-14847 EXPLOITDB HIGH text
Dasinfomedia Mojoomla WPAMS Apartment Management System for WordPress - SQL Injection
Mojoomla WPAMS Apartment Management System for WordPress allows SQL Injection via the id parameter.
by Ihsan Sencan
CVSS 8.8
CVE-2017-14843 EXPLOITDB HIGH text
Mojoomla School Mgmt - SQL Injection
Mojoomla School Management System for WordPress allows SQL Injection via the id parameter.
by Ihsan Sencan
CVSS 8.8
CVE-2017-14846 EXPLOITDB HIGH text
Mojoomla Hospital Management System for WordPress - SQL Injection
Mojoomla Hospital Management System for WordPress allows SQL Injection via the id parameter.
by Ihsan Sencan
CVSS 8.8
CVE-2017-14840 EXPLOITDB HIGH text
TeamWork TicketPlus - Code Injection
TeamWork TicketPlus allows Arbitrary File Upload in updateProfile.
by Ihsan Sencan
CVSS 8.8
CVE-2017-14842 EXPLOITDB HIGH text
smsmaster_multipurpose_sms_gateway - SQL Injection via id Parameter
Mojoomla SMSmaster Multipurpose SMS Gateway for WordPress allows SQL Injection via the id parameter.
by Ihsan Sencan
CVSS 8.8
CVE-2017-14839 EXPLOITDB HIGH text
TeamWork Photo Fusion - Arbitrary File Upload
TeamWork Photo Fusion allows Arbitrary File Upload in changeAvatar and changeCover.
by Ihsan Sencan
CVSS 8.8
CVE-2017-14838 EXPLOITDB HIGH text
TeamWork Job Links - Path Traversal
TeamWork Job Links allows Arbitrary File Upload in profileChange and coverChange.
by Ihsan Sencan
CVSS 8.8
CVE-2017-14841 EXPLOITDB MEDIUM text
Mojoomla AMC - Arbitrary File Upload
Mojoomla Annual Maintenance Contract (AMC) Management System allows Arbitrary File Upload in profilesetting image handling.
by Ihsan Sencan
CVSS 6.5
EIP-2026-103232 EXPLOITDB text
Tiny HTTPd 0.1.0 - Directory Traversal
by Touhid M.Shaikh
CVE-2017-20215 EXPLOITDB HIGH text
FLIR Thermal Camera FC-S/PT <8.0.0.64 - Command Injection
FLIR Thermal Camera FC-S/PT firmware version 8.0.0.64 contains an authenticated OS command injection vulnerability that allows attackers to execute shell commands with root privileges. Authenticated attackers can inject arbitrary shell commands through unvalidated input parameters to gain complete control of the thermal camera system.
by LiquidWorm
CVSS 8.8