Text Exploits

31,329 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-3061 EXPLOITDB CRITICAL text VERIFIED
Adobe Flash Player < 25.0.0.127 - Memory Corruption
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Successful exploitation could lead to arbitrary code execution.
by Google Security Research
CVSS 9.8
CVE-2017-3068 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player Desktop Runtime < 25.0.0.163 - Out-of-Bounds Write
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
CVE-2017-6982 EXPLOITDB MEDIUM text VERIFIED
Apple <10.3.2 - DoS
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Notifications" component. It allows attackers to cause a denial of service via a crafted app.
by CoffeeBreakers
CVSS 5.5
CVE-2017-0175 EXPLOITDB MEDIUM text VERIFIED
Microsoft Windows 7 - Information Disclosure
The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0220, CVE-2017-0258, and CVE-2017-0259.
by Google Security Research
CVSS 4.7
CVE-2017-0220 EXPLOITDB MEDIUM text VERIFIED
Microsoft Windows 7 - Information Disclosure
The Windows kernel in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 Gold allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0258, and CVE-2017-0259.
by Google Security Research
CVSS 4.7
CVE-2017-8928 EXPLOITDB HIGH text
mailcow <0.14 - CSRF
mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF.
by hyp3rlinx
CVSS 8.8
CVE-2017-9080 EXPLOITDB HIGH text VERIFIED
PlaySMS 1.4 - RCE
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection.
by Touhid M.Shaikh
CVSS 8.8
CVE-2017-8918 EXPLOITDB MEDIUM text
Blackwave Dive Assistant - Desktop Edition 8.0 - Info Disclosure
XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file.
by Trent Gordon
CVSS 5.5
CVE-2017-8798 EXPLOITDB CRITICAL text
Miniupnpd - Memory Corruption
Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
by tintinweb
CVSS 9.8
EIP-2026-111620 EXPLOITDB text
QNAP PhotoStation 5.2.4 / MusicStation 4.8.4 - Authentication Bypass
by Kacper Szurek
CVE-2017-8912 EXPLOITDB HIGH text
CMSMS 2.1.6 - RCE
CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug.
by Osanda Malith Jayathissa
CVSS 7.2
EIP-2026-105388 EXPLOITDB text
BanManager WebUI 1.5.8 - PHP Code Injection
by HaHwul
CVE-2017-0290 EXPLOITDB HIGH text VERIFIED
Microsoft Forefront Security < 1.1.13701.0 - Memory Corruption
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability."
by Google Security Research
CVSS 7.8
EIP-2026-107691 EXPLOITDB text VERIFIED
I_ Librarian 4.6/4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting
by SEC Consult
EIP-2026-107690 EXPLOITDB text VERIFIED
I_ Librarian 4.6/4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting
by SEC Consult
CVE-2017-2800 EXPLOITDB CRITICAL text
Wolfssl < 3.10.2 - Improper Certificate Validation
A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. In order to trigger this vulnerability, the attacker needs to supply a malicious x509 certificate to either a server or a client application using this library.
by Talos
CVSS 9.8
CVE-2017-7314 EXPLOITDB HIGH text
Personify360 e-Business <7.6.1 - Info Disclosure
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available.
by Pesach Zirkind
CVSS 7.5
CVE-2017-7312 EXPLOITDB CRITICAL text
Personify360 e-Business <7.6.1 - Info Disclosure
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data (including usernames and passwords).
by Pesach Zirkind
CVSS 9.8
EIP-2026-100038 EXPLOITDB text VERIFIED
LG G4 MRA58K - 'mkvparser::Tracks constructor' Failure to Initialise Pointers
by Google Security Research
EIP-2026-100037 EXPLOITDB text VERIFIED
LG G4 MRA58K - 'mkvparser::Block::Block' Heap Buffer Overflow
by Google Security Research
EIP-2026-100036 EXPLOITDB text VERIFIED
LG G4 MRA58K - 'liblg_parser_mkv.so' Bad Allocation Calls
by Google Security Research
CVE-2017-6953 EXPLOITDB HIGH text VERIFIED
Gemalto SmartDiag Diagnosis Tool v2.5 - Buffer Overflow
Gemalto SmartDiag Diagnosis Tool v2.5 has a stack-based Buffer Overflow with SEH Overwrite via long "Register a new card" input fields. There may be a risk of local code execution with untrusted input to SmartDiag.exe or SymDiag.exe.
by Majid Alqabandi
CVSS 7.8
EIP-2026-103038 EXPLOITDB text VERIFIED
Xen 64bit PV Guest - pagetable use-after-type-change Breakout
by Google Security Research
EIP-2026-114184 EXPLOITDB text
WordPress Plugin WebDorado Gallery 1.3.29 - SQL Injection
by defensecode
CVE-2017-1000353 EXPLOITDB CRITICAL text
Jenkins <2.56-<2.46.1 LTS - RCE
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to an unauthenticated remote code execution. An unauthenticated remote code execution vulnerability allowed attackers to transfer a serialized Java `SignedObject` object to the Jenkins CLI, that would be deserialized using a new `ObjectInputStream`, bypassing the existing blacklist-based protection mechanism. We're fixing this issue by adding `SignedObject` to the blacklist. We're also backporting the new HTTP CLI protocol from Jenkins 2.54 to LTS 2.46.2, and deprecating the remoting-based (i.e. Java serialization) CLI protocol, disabling it by default.
by SecuriTeam
CVSS 9.8
By Source
All 31,329 Writeup 57,947 Exploitdb 49,983 Nomisec 21,442 Metasploit 3,217 Github 2,520 Vulncheck_xdb 901 Inthewild 514 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,329 python 5,909 ruby 5,906 c 3,561 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 88 go 53 postscript 25 xml 24