Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-12786 EXPLOITDB CRITICAL text
NoviWare < 400.2.6 - Unauthenticated Stack-Based Buffer Overflow via Packet Data Unserialization
Network interfaces of the cliengine and noviengine services, included in the NoviWare software distribution through NW400.2.6 and deployed on NoviSwitch devices, can be inadvertently exposed if an operator attempts to modify ACLs, because of a bug when ACL modifications are applied. This could be leveraged by remote, unauthenticated attackers to gain resultant privileged (root) code execution on the switch, because there is a stack-based buffer overflow during unserialization of packet data.
by François Goichon
CVSS 9.8
CVE-2017-3106 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <26.0.0.137 - RCE
Adobe Flash Player versions 26.0.0.137 and earlier have an exploitable type confusion vulnerability when parsing SWF files. Successful exploitation could lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
EIP-2026-110617 EXPLOITDB text
Photogallery Project 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-110161 EXPLOITDB text
Online Quiz Project 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-107179 EXPLOITDB text
Food Ordering Script 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-106493 EXPLOITDB text
Doctor Patient Project 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-105937 EXPLOITDB text
ClipBucket 2.8.3 - Multiple Vulnerabilities
by bRpsd
EIP-2026-104997 EXPLOITDB text VERIFIED
AdvanDate iCupid Dating Software 12.2 - SQL Injection
by Ihsan Sencan
CVE-2017-9767 EXPLOITDB MEDIUM text
Quali CloudShell < 7.1.0.6508 - Authenticated Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Quali CloudShell before 8 allow remote authenticated users to inject arbitrary web script or HTML via the (1) Name or (2) Description parameter to RM/Reservation/ReserveNew; the (3) Description parameter to RM/Topology/Update; the (4) Name, (5) Description, (6) ExecutionBatches[0].Name, (7) ExecutionBatches[0].Description, or (8) Labels parameter to SnQ/JobTemplate/Edit; or (9) Alias or (10) Description parameter to RM/AbstractTemplate/AddOrUpdateAbstractTemplate.
by Benjamin Lee
CVSS 5.4
CVE-2017-8665 EXPLOITDB HIGH text VERIFIED
Xamarin.iOS - Elevation of Privilege via Update Component
The Xamarin.iOS update component on systems running macOS allows an attacker to run arbitrary code as root, aka "Xamarin.iOS Elevation Of Privilege Vulnerability."
by Securify
CVSS 7.8
EIP-2026-106433 EXPLOITDB text
DeWorkshop 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-106397 EXPLOITDB text
De-Tutor 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-106396 EXPLOITDB text
De-Journal 1.0 - SQL Injection
by Ihsan Sencan
CVE-2015-9098 EXPLOITDB CRITICAL text
Redgate SQL Monitor < 3.10 and 4.x < 4.2 - Unauthenticated SQL Injection
In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an account with SQL admin privileges, then code execution on the operating system can result in full system compromise (if Microsoft SQL Server is running with local administrator privileges).
by Paul Taylor
CVSS 9.8
EIP-2026-111297 EXPLOITDB text
Piwigo Plugin User Tag 0.9.0 - Cross-Site Scripting
by Touhid M.Shaikh
EIP-2026-107794 EXPLOITDB text
ImageBay 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-107408 EXPLOITDB text
GIF Collection 2.0 - SQL Injection
by Ihsan Sencan
CVE-2017-12761 EXPLOITDB HIGH text
WebFile Explorer 1.0 - SQL Injection and Arbitrary File Download via download.php id Parameter
http://codecanyon.net/user/Endober WebFile Explorer 1.0 is affected by: SQL Injection. The impact is: Arbitrary File Download (remote). The component is: $file = $_GET['id'] in download.php. The attack vector is: http://speicher.example.com/envato/codecanyon/demo/web-file-explorer/download.php?id=WebExplorer/../config.php.
by Ihsan Sencan
CVSS 7.5
CVE-2017-6328 EXPLOITDB HIGH text VERIFIED
Symantec Messaging Gateway < 10.6.3-267 - Cross-Site Request Forgery
The Symantec Messaging Gateway before 10.6.3-267 can encounter an issue of cross site request forgery (also known as one-click attack and is abbreviated as CSRF or XSRF), which is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the web application trusts. A CSRF attack attempts to exploit the trust that a specific website has in a user's browser.
by Dhiraj Mishra
CVSS 8.8
EIP-2026-102474 EXPLOITDB text
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Server-Side Request Forgery
by LiquidWorm
EIP-2026-102473 EXPLOITDB text
DALIM SOFTWARE ES Core 5.0 build 7184.1 - Directory Traversal
by LiquidWorm
CVE-2017-11663 EXPLOITDB MEDIUM text
WildMIDI 0.4.2 - Denial of Service via Crafted MIDI File
The _WM_SetupMidiEvent function in internal_midi.c:2315 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
by qflb.wu
CVSS 6.5
CVE-2017-11662 EXPLOITDB HIGH text
WildMIDI 0.4.2 - Denial of Service via Crafted MIDI File
The _WM_ParseNewMidi function in f_midi.c in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
by qflb.wu
CVSS 7.5
CVE-2017-11661 EXPLOITDB HIGH text
WildMIDI 0.4.2 - Denial of Service via Crafted MIDI File
The _WM_SetupMidiEvent function in internal_midi.c:2318 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
by qflb.wu
CVSS 7.5
EIP-2026-119641 EXPLOITDB text VERIFIED
Microsoft Windows 8.1 (x64) - RGNOBJ Integer Overflow (MS16-098) (2)
by SensePost