Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-11664 EXPLOITDB MEDIUM text
WildMIDI 0.4.2 - Denial of Service via Crafted MIDI File
The _WM_SetupMidiEvent function in internal_midi.c:2122 in WildMIDI 0.4.2 can cause a denial of service (invalid memory read and application crash) via a crafted mid file.
by qflb.wu
CVSS 6.5
EIP-2026-113710 EXPLOITDB text VERIFIED
WordPress Plugin Easy Modal 2.0.17 - SQL Injection
by defensecode
CVE-2017-20271 EXPLOITDB HIGH text
Joomla StreetGuessr Game 1.1.8 SQL Injection via catid
Joomla StreetGuessr Game 1.1.8 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the catid parameter. Attackers can send GET requests to index.php with the option=com_streetguess&view=maps parameters and inject SQL code in the catid parameter to extract sensitive database information including version and database names.
by Ihsan Sencan
CVSS 8.2
CVE-2017-10129 EXPLOITDB HIGH text VERIFIED
Oracle VM VirtualBox < 5.1.24 - Authenticated Remote Code Execution
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
by Google Security Research
CVSS 8.8
CVE-2017-10204 EXPLOITDB HIGH text VERIFIED
Oracle VM VirtualBox < 5.1.24 - Authenticated Remote Code Execution
Vulnerability in the Oracle VM VirtualBox component of Oracle Virtualization (subcomponent: Core). The supported version that is affected is Prior to 5.1.24. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.0 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
by Google Security Research
CVSS 8.8
CVE-2017-20276 EXPLOITDB HIGH text
Joomla! Component SIMGenealogy 2.1.5 SQL Injection
Joomla! Component SIMGenealogy 2.1.5 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the type parameter. Attackers can send GET requests to index.php with the option=com_simgenealogy, view=latest parameters and inject malicious SQL in the type parameter to extract sensitive database information.
by Ihsan Sencan
CVSS 8.2
CVE-2017-20275 EXPLOITDB HIGH text
Joomla! Component PHP-Bridge 1.2.3 SQL Injection via id Parameter
Joomla! Component PHP-Bridge 1.2.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_phpbridge&view=phpview parameters and inject SQL code in the id parameter to extract database information including table and column names.
by Ihsan Sencan
CVSS 8.2
CVE-2017-20274 EXPLOITDB HIGH text
Joomla LMS King Professional 3.2.4.0 SQL Injection via learningpath
Joomla LMS King Professional 3.2.4.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cp_id parameter. Attackers can send GET requests to index.php with the option=com_lmsking, view=lmsking, layout=learningpath, and task=learningPath parameters to extract sensitive database information.
by Ihsan Sencan
CVSS 8.2
CVE-2017-20273 EXPLOITDB HIGH text
Joomla Event Registration Pro Calendar 4.1.3 SQL Injection
Joomla Event Registration Pro Calendar 4.1.3 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the id parameter. Attackers can send GET requests to index.php with option=com_registrationpro&view=category&id parameter containing SQL injection payloads to extract sensitive database information.
by Ihsan Sencan
CVSS 8.2
CVE-2017-20272 EXPLOITDB HIGH text
Joomla Ultimate Property Listing 1.0.2 SQL Injection via sf_selectuser_id
Joomla Ultimate Property Listing 1.0.2 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the sf_selectuser_id parameter. Attackers can send GET requests to index.php with the option=com_upl and view=propertylisting parameters to extract sensitive database information including table names and column structures.
by Ihsan Sencan
CVSS 8.2
EIP-2026-111489 EXPLOITDB text
Premium Servers List Tracker 1.0 - SQL Injection
by Kaan KAMIS
EIP-2026-109655 EXPLOITDB text
Muviko 1.0 - 'q' SQL Injection
by Kaan KAMIS
EIP-2026-106887 EXPLOITDB text
Entrepreneur B2B Script - 'pid' SQL Injection
by Meisam Monsef
EIP-2026-106776 EXPLOITDB text
EDUMOD Pro 1.3 - SQL Injection
by Kaan KAMIS
EIP-2026-113048 EXPLOITDB text
VehicleWorkshop - Authentication Bypass
by Touhid M.Shaikh
EIP-2026-113047 EXPLOITDB text
VehicleWorkshop - Arbitrary File Upload
by Touhid M.Shaikh
EIP-2026-108925 EXPLOITDB text
JoySale 2.2.1 - Arbitrary File Upload
by Mutlu Benmutlu
CVE-2017-7047 EXPLOITDB HIGH text VERIFIED
Apple <10.3.3, <10.12.6, <10.2.2, <3.2.3 - RCE/DoS
An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. macOS before 10.12.6 is affected. tvOS before 10.2.2 is affected. watchOS before 3.2.3 is affected. The issue involves the "libxpc" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app.
by Google Security Research
CVSS 8.8
CVE-2017-11552 EXPLOITDB MEDIUM text
mpg321 <0.3.2-1 - Memory Corruption
mpg321.c in mpg321 0.3.2-1 does not properly manage memory for use with libmad 0.15.1b, which allows remote attackers to cause a denial of service (memory corruption seen in a crash in the mad_decoder_run function in decoder.c in libmad) via a crafted MP3 file.
by qflb.wu
CVSS 6.5
CVE-2017-11494 EXPLOITDB CRITICAL text
SOL.Connect ISET-mpp meter <1.2.4.2 - SQL Injection
SQL injection vulnerability in SOL.Connect ISET-mpp meter 1.2.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the user parameter in a login action.
by Andy Tan
CVSS 9.8
CVE-2017-11358 EXPLOITDB MEDIUM text
Sound eXchange 14.4.2 - Denial of Service via Crafted HCOM File
The read_samples function in hcom.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted hcom file.
by qflb.wu
CVSS 5.5
CVE-2017-11333 EXPLOITDB MEDIUM text
libvorbis 1.3.5 - Denial of Service via Crafted WAV File
The vorbis_analysis_wrote function in lib/block.c in Xiph.Org libvorbis 1.3.5 allows remote attackers to cause a denial of service (OOM) via a crafted wav file.
by qflb.wu
CVSS 5.5
CVE-2017-11332 EXPLOITDB MEDIUM text
Sound eXchange 14.4.2 - Denial of Service via Crafted WAV File
The startread function in wav.c in Sound eXchange (SoX) 14.4.2 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted wav file.
by qflb.wu
CVSS 5.5
CVE-2017-15185 EXPLOITDB MEDIUM text
libmp3splt 0.9.2 - Denial of Service via Crafted OGG File
plugins/ogg.c in Libmp3splt 0.9.2 calls the libvorbis vorbis_block_clear function with uninitialized data upon detection of invalid input, which allows remote attackers to cause a denial of service (application crash) via a crafted file.
by qflb.wu
CVSS 5.0
CVE-2017-11331 EXPLOITDB MEDIUM text
vorbis-tools 1.4.0 - Denial of Service via Crafted WAV File
The wav_open function in oggenc/audio.c in Xiph.Org vorbis-tools 1.4.0 allows remote attackers to cause a denial of service (memory allocation error) via a crafted wav file.
by qflb.wu
CVSS 5.5