Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-107115 EXPLOITDB text
Flash Poker 2.0 - 'game' SQL Injection
by Ihsan Sencan
EIP-2026-106704 EXPLOITDB text
Easy Web Search 4.0 - SQL Injection
by Ihsan Sencan
EIP-2026-105710 EXPLOITDB text
Car or Cab Booking Script - Authentication Bypass
by Ali BawazeEer
EIP-2026-102442 EXPLOITDB text
NethServer 7.3.1611 - Cross-Site Request Forgery / Cross-Site Scripting
by LiquidWorm
EIP-2026-109340 EXPLOITDB text
Matrimonial Script 2.7 - Authentication Bypass
by Ali BawazeEer
CVE-2017-6998 EXPLOITDB HIGH text VERIFIED
Apple <10.3.2, <10.2.1, <3.2.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Zimperium zLabs Team
CVSS 7.8
CVE-2017-6997 EXPLOITDB HIGH text VERIFIED
Apple <10.3.2, <10.2.1, <3.2.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Zimperium zLabs Team
CVSS 7.8
CVE-2017-6996 EXPLOITDB HIGH text VERIFIED
Apple <10.3.2, <10.2.1, <3.2.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Zimperium zLabs Team
CVSS 7.8
CVE-2017-6995 EXPLOITDB HIGH text VERIFIED
Apple <10.3.2, <10.2.1, <3.2.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Zimperium zLabs Team
CVSS 7.8
CVE-2017-6994 EXPLOITDB HIGH text VERIFIED
Apple <10.3.2, <10.2.1, <3.2.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Zimperium zLabs Team
CVSS 7.8
CVE-2017-6989 EXPLOITDB HIGH text VERIFIED
Apple <10.3.2, <10.2.1, <3.2.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Zimperium zLabs Team
CVSS 7.8
CVE-2017-6979 EXPLOITDB HIGH text VERIFIED
Apple <10.3.2, <10.12.5, <10.2.1, <3.2.2 - RCE
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. macOS before 10.12.5 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "IOSurface" component. A race condition allows attackers to execute arbitrary code in a privileged context via a crafted app.
by Zimperium zLabs Team
CVSS 7.0
CVE-2017-6999 EXPLOITDB HIGH text VERIFIED
Apple <10.3.2, <10.2.1, <3.2.2 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. tvOS before 10.2.1 is affected. watchOS before 3.2.2 is affected. The issue involves the "AVEVideoEncoder" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Zimperium zLabs Team
CVSS 7.8
CVE-2017-20259 EXPLOITDB HIGH text
Joomla OSDownloads 1.7.4 SQL Injection via item view
Joomla OSDownloads 1.7.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_osdownloads&view=item&id=[SQL] to extract sensitive database information including credentials and configuration data.
by Ihsan Sencan
CVSS 8.2
CVE-2017-20258 EXPLOITDB HIGH text
Joomla! Component RPC Responsive Portfolio 1.6.1 SQL Injection
Joomla! Component RPC Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_pofos&view=pofo&id=[SQL] to extract sensitive database information.
by Ihsan Sencan
CVSS 8.2
EIP-2026-108830 EXPLOITDB text
Joomla! Component Photo Contest 1.0.2 - SQL Injection
by Ihsan Sencan
EIP-2026-105310 EXPLOITDB text
AutoCar 1.1 - 'category' SQL Injection
by Bora Bozdogan
CVE-2017-20261 EXPLOITDB HIGH text
Joomla! Component Bargain Product VM3 1.0 SQL Injection
Joomla! Component Bargain Product VM3 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id parameter. Attackers can supply crafted SQL statements in GET requests to the brainy and alice views to extract sensitive database information.
by Ihsan Sencan
CVSS 8.2
CVE-2017-20260 EXPLOITDB HIGH text
Joomla! Component Price Alert 3.0.2 SQL Injection
Joomla! Component Price Alert 3.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the product_id parameter. Attackers can send requests to the subscribeajax view with crafted SQL payloads in the product_id parameter to extract sensitive database information including credentials and configuration data.
by Ihsan Sencan
CVSS 8.2
CVE-2017-12953 EXPLOITDB MEDIUM text
libgig 4.0.0 - Denial of Service via Crafted GIG File
The gig::Instrument::UpdateRegionKeyTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory write and application crash) via a crafted gig file.
by qflb.wu
CVSS 6.5
CVE-2017-12952 EXPLOITDB MEDIUM text
libgig 4.0.0 - Denial of Service via Crafted GIG File
The LoadString function in helper.h in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
by qflb.wu
CVSS 6.5
CVE-2017-12951 EXPLOITDB MEDIUM text
libgig 4.0.0 - Denial of Service via Crafted GIG File
The gig::DimensionRegion::CreateVelocityTable function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted gig file.
by qflb.wu
CVSS 6.5
CVE-2017-12950 EXPLOITDB MEDIUM text
libgig 4.0.0 - Denial of Service via Crafted GIG File
The gig::Region::Region function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted gig file.
by qflb.wu
CVSS 6.5
CVE-2017-12954 EXPLOITDB MEDIUM text
libgig 4.0.0 - Denial of Service via Crafted GIG File
The gig::Region::GetSampleFromWavePool function in gig.cpp in libgig 4.0.0 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted gig file.
by qflb.wu
CVSS 6.5
CVE-2017-9644 EXPLOITDB HIGH text
ALC WebCTRL <6.5 - Code Injection
An Unquoted Search Path or Element issue was discovered in Automated Logic Corporation (ALC) ALC WebCTRL, i-Vu, SiteScan Web 6.5 and prior; ALC WebCTRL, SiteScan Web 6.1 and prior; ALC WebCTRL, i-Vu 6.0 and prior; ALC WebCTRL, i-Vu, SiteScan Web 5.5 and prior; and ALC WebCTRL, i-Vu, SiteScan Web 5.2 and prior. An unquoted search path vulnerability may allow a non-privileged local attacker to change files in the installation directory and execute arbitrary code with elevated privileges.
by LiquidWorm
CVSS 7.0