Text Exploits

31,329 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-108824 EXPLOITDB text
Joomla! Component Payage 2.05 - 'aid' SQL Injection
by Persian Hack Team
EIP-2026-102731 EXPLOITDB text
reiserfstune 3.6.25 - Local Buffer Overflow
by Nassim Asrir
CVE-2016-6566 EXPLOITDB CRITICAL text
Sungard eTRAKiT3 <3.2.1.17 - SQL Injection
The valueAsString parameter inside the JSON payload contained by the ucLogin_txtLoginId_ClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may then be executed by the backend server. eTRAKiT 3.2.1.17 was tested, but other versions may also be vulnerable.
by Goran Tuzovic
CVSS 9.8
CVE-2017-18346 EXPLOITDB CRITICAL text
Cms Web-gooroo < 2013-01-19 - SQL Injection
SQL injection vulnerability in /wbg/core/_includes/authorization.inc.php in CMS Web-Gooroo through 2013-01-19 allows remote attackers to execute arbitrary SQL commands via the wbg_login parameter.
by Kaimi
CVSS 9.8
CVE-2017-9425 EXPLOITDB MEDIUM text
Facetag extension 0.0.3 - XSS
The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action.
by Touhid M.Shaikh
CVSS 6.1
EIP-2026-110413 EXPLOITDB text
OV3 Online Administration 3.0 - SQL Injection
by LiquidWorm
EIP-2026-110412 EXPLOITDB text
OV3 Online Administration 3.0 - Remote Code Execution
by LiquidWorm
EIP-2026-110411 EXPLOITDB text
OV3 Online Administration 3.0 - Directory Traversal
by LiquidWorm
CVE-2017-9426 EXPLOITDB CRITICAL text
Piwigo Facetag <0.0.3 - SQL Injection
ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action.
by Touhid M.Shaikh
CVSS 9.8
CVE-2016-2183 EXPLOITDB HIGH text VERIFIED
Redhat Jboss Enterprise Application Platform - Information Disclosure
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
by SecuriTeam
CVSS 7.5
EIP-2026-119686 EXPLOITDB text VERIFIED
Trend Micro Deep Security 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution
by SecuriTeam
CVE-2017-1092 EXPLOITDB CRITICAL text VERIFIED
IBM Informix Open Admin Tool <12.1 - RCE
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.
by SecuriTeam
CVSS 9.8
CVE-2017-8541 EXPLOITDB HIGH text VERIFIED
Microsoft Forefront Security < 1.1.13704.0 - Memory Corruption
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8540.
by Google Security Research
CVSS 7.8
CVE-2017-8540 EXPLOITDB HIGH text VERIFIED
Microsoft Malware Protection Engine - Out-of-Bounds Write
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8541.
by Google Security Research
CVSS 7.8
EIP-2026-104299 EXPLOITDB text
KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting / Remote Code Execution
by SecuriTeam
CVE-2017-8537 EXPLOITDB MEDIUM text VERIFIED
Microsoft Windows Defender - Divide By Zero
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8539, and CVE-2017-8542.
by Google Security Research
CVSS 5.5
CVE-2017-8536 EXPLOITDB MEDIUM text VERIFIED
Microsoft Windows Defender - Divide By Zero
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.
by Google Security Research
CVSS 5.5
CVE-2017-8535 EXPLOITDB MEDIUM text VERIFIED
Microsoft Windows Defender - Divide By Zero
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.
by Google Security Research
CVSS 5.5
CVE-2017-8538 EXPLOITDB HIGH text VERIFIED
Microsoft Forefront Security < 1.1.13704.0 - Memory Corruption
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8540 and CVE-2017-8541.
by Google Security Research
CVSS 7.8
EIP-2026-113815 EXPLOITDB text
WordPress Plugin Huge-IT Video Gallery 2.0.4 - SQL Injection
by defensecode
EIP-2026-101187 EXPLOITDB text
CERIO DT-100G-N/DT-300N/CW-300N - Multiple Vulnerabilities
by LiquidWorm
CVE-2017-9243 EXPLOITDB MEDIUM text
Aries QWR-1104 - XSS
Aries QWR-1104 Wireless-N Router with Firmware Version WRC.253.2.0913 has XSS on the Wireless Site Survey page, exploitable with the name of an access point.
by Touhid M.Shaikh
CVSS 6.1
EIP-2026-118641 EXPLOITDB text VERIFIED
Home Web Server 1.9.1 (build 164) - Remote Code Execution
by Guillaume Kaddouch
EIP-2026-117503 EXPLOITDB text VERIFIED
Microsoft MsMpEng - Multiple Problems Handling ntdll!NtControlChannel Commands
by Google Security Research
CVE-2017-2508 EXPLOITDB MEDIUM text VERIFIED
Apple Safari < 10.1 - XSS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. Safari before 10.1.1 is affected. The issue involves the "WebKit" component. It allows remote attackers to conduct Universal XSS (UXSS) attacks via a crafted web site that improperly interacts with container nodes.
by Google Security Research
CVSS 6.1
By Source
All 31,329 Writeup 57,446 Exploitdb 49,983 Nomisec 21,423 Metasploit 3,217 Github 2,519 Vulncheck_xdb 901 Inthewild 514 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,329 python 5,908 ruby 5,906 c 3,561 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 88 go 53 postscript 25 xml 24