Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-12785 EXPLOITDB CRITICAL text
NoviWare < 400.2.6 - Authenticated Buffer Overflow via 'show log cli' Command
The novish command-line interface, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, is prone to a buffer overflow in the "show log cli" command. This could be used by a read-only user (monitor role) to gain privileged (root) code execution on the switch via command injection.
by François Goichon
CVSS 9.8
CVE-2017-12759 EXPLOITDB CRITICAL text
SOA School Management 3.0 - SQL Injection
Ynet Interactive - http://demo.ynetinteractive.com/soa/ SOA School Management 3.0 is affected by: SQL Injection. The impact is: Code execution (remote).
by Ihsan Sencan
CVSS 9.8
CVE-2017-12758 EXPLOITDB CRITICAL text
Joomla! Component Appointment 1.1 - SQL Injection
https://www.joomlaextensions.co.in/ Joomla! Component Appointment 1.1 is affected by: SQL Injection. The impact is: Code execution (remote). The component is: com_appointment component.
by Ihsan Sencan
CVSS 9.8
CVE-2017-12757 EXPLOITDB CRITICAL text
Ambit Technologies iTech Scripts - SQL Injection
Certain Ambit Technologies Pvt. Ltd products are affected by: SQL Injection. This affects iTech B2B Script 4.42i and Tech Business Networking Script 8.26i and Tech Caregiver Script 2.71i and Tech Classifieds Script 7.41i and Tech Dating Script 3.40i and Tech Freelancer Script 5.27i and Tech Image Sharing Script 4.13i and Tech Job Script 9.27i and Tech Movie Script 7.51i and Tech Multi Vendor Script 6.63i and Tech Social Networking Script 3.08i and Tech Travel Script 9.49. The impact is: Code execution (remote).
by Ihsan Sencan
CVSS 9.8
CVE-2017-9979 EXPLOITDB MEDIUM text
OSNEXUS QuantaStor < 4.3.0 - Cross-Site Scripting via REST Error Response
On the OSNEXUS QuantaStor v4 virtual appliance before 4.3.1, if the REST call invoked does not exist, an error will be triggered containing the invalid method previously invoked. The response sent to the user isn't sanitized in this case. An attacker can leverage this issue by including arbitrary HTML or JavaScript code as a parameter, aka XSS.
by VVVSecurity
CVSS 6.1
CVE-2017-14680 EXPLOITDB HIGH text
ZKTeco ZKTime Web 2.0.1.12280 - Info Disclosure
ZKTeco ZKTime Web 2.0.1.12280 allows remote attackers to obtain sensitive employee metadata via a direct request for a PDF document.
by Arvind V
CVSS 7.5
EIP-2026-109344 EXPLOITDB text
Matrimony Script 2.7 - SQL Injection
by Ihsan Sencan
EIP-2026-109188 EXPLOITDB text
LiveSupport 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-109186 EXPLOITDB text
LiveSales 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-109185 EXPLOITDB text
LiveProjects 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-109183 EXPLOITDB text
LiveInvoices 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-109182 EXPLOITDB text
LiveCRM 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-108016 EXPLOITDB text
iTech Travel Script 9.49 - SQL Injection
by Ihsan Sencan
EIP-2026-108007 EXPLOITDB text
iTech Multi Vendor Script 6.63 - SQL Injection
by Ihsan Sencan
EIP-2026-108004 EXPLOITDB text
iTech Movie Script 7.51 - SQL Injection
by Ihsan Sencan
EIP-2026-108001 EXPLOITDB text
iTech Job Script 9.27 - SQL Injection
by Ihsan Sencan
EIP-2026-107997 EXPLOITDB text
iTech Image Sharing Script 4.13 - SQL Injection
by Ihsan Sencan
EIP-2026-107995 EXPLOITDB text
iTech Freelancer Script 5.27 - SQL Injection
by Ihsan Sencan
EIP-2026-107993 EXPLOITDB text
iTech Dating Script 3.40 - SQL Injection
by Ihsan Sencan
EIP-2026-107990 EXPLOITDB text
iTech Classifieds Script 7.41 - SQL Injection
by Ihsan Sencan
EIP-2026-107986 EXPLOITDB text
iTech Business Networking Script 8.26 - SQL Injection
by Ihsan Sencan
EIP-2026-107984 EXPLOITDB text
iTech B2B Script 4.42 - SQL Injection
by Ihsan Sencan
EIP-2026-106751 EXPLOITDB text
eCardMAX 10.5 - SQL Injection
by Ihsan Sencan
EIP-2026-106432 EXPLOITDB text
DeWorkshop 1.0 - Arbitrary File Upload
by Ihsan Sencan
CVE-2017-6327 EXPLOITDB HIGH text VERIFIED
Symantec Messaging Gateway < 10.6.3-267 - Remote Code Execution
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of remote code execution, which describes a situation whereby an individual may obtain the ability to execute commands remotely on a target machine or in a target process. In this type of occurrence, after gaining access to the system, the attacker may attempt to elevate their privileges.
by Philip Pettersson
CVSS 8.8