Text Exploits

31,329 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-108750 EXPLOITDB text
Joomla! Component JoomRecipe 1.0.3 - SQL Injection
by EziBilisim
CVE-2017-9602 EXPLOITDB CRITICAL text
KBVault Mysql Free Knowledge Base <0.16a - RCE
KBVault Mysql Free Knowledge Base application package 0.16a comes with a FileExplorer/Explorer.aspx?id=/Uploads file-management component. An unauthenticated user can access the file upload and deletion functionality. Through this functionality, a user can upload an ASPX script to Uploads/Documents/ to run any arbitrary code.
by Fatih Emiral
CVSS 9.8
EIP-2026-100042 EXPLOITDB text VERIFIED
LG MRA58K - Out-of-Bounds Heap Read in CAVIFileParser::Destroy Resulting in Invalid Free
by Google Security Research
EIP-2026-100041 EXPLOITDB text VERIFIED
LG MRA58K - Missing Bounds-Checking in AVI Stream Parsing
by Google Security Research
EIP-2026-100039 EXPLOITDB text VERIFIED
LG MRA58K - 'ASFParser::ParseHeaderExtensionObjects' Missing Bounds-Checking
by Google Security Research
EIP-2026-111702 EXPLOITDB text
Real Estate Classifieds Script - SQL Injection
by EziBilisim
CVE-2016-9813 EXPLOITDB MEDIUM text VERIFIED
Gstreamer < 1.10.1 - NULL Pointer Dereference
The _parse_pat function in the mpegts parser in GStreamer before 1.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted file.
by Hanno Boeck
CVSS 5.5
EIP-2026-118466 EXPLOITDB text
Easy File Sharing Web Server 7.2 - Authentication Bypass
by Touhid M.Shaikh
CVE-2017-9603 EXPLOITDB HIGH text
WP Jobs <1.5 - SQL Injection
SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress allows authenticated users to execute arbitrary SQL commands via the jobid parameter to wp-admin/edit.php.
by Dimitrios Tsagkarakis
CVSS 8.8
EIP-2026-110497 EXPLOITDB text
PaulShop - SQL Injection
by Se0pHpHack3r
EIP-2026-106756 EXPLOITDB text
eCom Cart 1.3 - SQL Injection
by Alperen Eymen Ozcan
CVE-2017-9127 EXPLOITDB MEDIUM text
libquicktime 1.2.4 - DoS
The quicktime_user_atoms_read_atom function in useratoms.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.
by qflb.wu
CVSS 6.5
CVE-2017-9126 EXPLOITDB MEDIUM text
libquicktime 1.2.4 - DoS
The quicktime_read_dref_table function in dref.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) via a crafted mp4 file.
by qflb.wu
CVSS 6.5
CVE-2017-9125 EXPLOITDB MEDIUM text
libquicktime 1.2.4 - DoS
The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted mp4 file.
by qflb.wu
CVSS 6.5
CVE-2017-9124 EXPLOITDB MEDIUM text
libquicktime 1.2.4 - DoS
The quicktime_match_32 function in util.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted mp4 file.
by qflb.wu
CVSS 6.5
CVE-2017-9123 EXPLOITDB MEDIUM text
libquicktime 1.2.4 - DoS
The lqt_frame_duration function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (invalid memory read and application crash) via a crafted mp4 file.
by qflb.wu
CVSS 6.5
CVE-2017-9122 EXPLOITDB MEDIUM text
libquicktime 1.2.4 - DoS
The quicktime_read_moov function in moov.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted mp4 file.
by qflb.wu
CVSS 6.5
CVE-2017-8834 EXPLOITDB MEDIUM text
Gnome Libcroco - Memory Corruption
The cr_tknzr_parse_comment function in cr-tknzr.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (memory allocation error) via a crafted CSS file.
by qflb.wu
CVSS 6.5
EIP-2026-109981 EXPLOITDB text
Nuevomailer < 6.0 - SQL Injection
by Oleg Boytsev
CVE-2017-9730 EXPLOITDB CRITICAL text
nuevoMailer <6.0 - SQL Injection
SQL injection vulnerability in rdr.php in nuevoMailer version 6.0 and earlier allows remote attackers to execute arbitrary SQL commands via the "r" parameter.
by Oleg Boytsev
CVSS 9.8
CVE-2017-9128 EXPLOITDB MEDIUM text
libquicktime 1.2.4 - DoS
The quicktime_video_width function in lqt_quicktime.c in libquicktime 1.2.4 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted mp4 file.
by qflb.wu
CVSS 6.5
CVE-2017-8871 EXPLOITDB MEDIUM text
Gnome Libcroco - Infinite Loop
The cr_parser_parse_selector_core function in cr-parser.c in libcroco 0.6.12 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a crafted CSS file.
by qflb.wu
CVSS 6.5
CVE-2017-7180 EXPLOITDB HIGH text
Net Monitor for Employees Pro <5.3.4 - Auth Bypass
Net Monitor for Employees Pro through 5.3.4 has an unquoted service path, which allows a Security Feature Bypass of its documented "Block applications" design goal. The local attacker must have privileges to write to program.exe in a protected directory, such as the %SYSTEMDRIVE% directory, and thus the issue is not interpreted as a direct privilege escalation. However, the local attacker might have the goal of executing program.exe even though program.exe is a blocked application.
by Saeid Atabaki
CVSS 7.3
CVE-2017-9516 EXPLOITDB MEDIUM text
Craft CMS <2.6.2982 - XSS
Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file.
by Ahsan Tahir
CVSS 5.4
EIP-2026-114411 EXPLOITDB text
Xavier 2.4 - SQL Injection
by Vulnerability-Lab
By Source
All 31,329 Writeup 57,446 Exploitdb 49,983 Nomisec 21,423 Metasploit 3,217 Github 2,519 Vulncheck_xdb 901 Inthewild 514 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,329 python 5,908 ruby 5,906 c 3,561 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 88 go 53 postscript 25 xml 24