Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-9430 EXPLOITDB CRITICAL text VERIFIED
dnstracer < 1.9 - Stack-based Buffer Overflow via Long Command Line Argument
Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv[0]. An example threat model is a web application that launches dnstracer with an untrusted name string.
by FarazPajohan
CVSS 9.8
EIP-2026-100391 EXPLOITDB text
Kronos Telestaff < 2.92EU29 - SQL Injection
by Goran Tuzovic
CVE-2017-9429 EXPLOITDB HIGH text
WordPress Event List <0.7.8 - SQL Injection
SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress allows an authenticated user to execute arbitrary SQL commands via the id parameter to wp-admin/admin.php.
by Dimitrios Tsagkarakis
CVSS 8.8
CVE-2017-20279 EXPLOITDB HIGH text
Joomla Payage 2.05 SQL Injection via aid Parameter
Joomla Payage 2.05 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the aid parameter. Attackers can send GET requests to index.php with malicious aid values in the make_payment task to extract sensitive database information using boolean-based blind or time-based blind techniques.
by Persian Hack Team
CVSS 8.2
CVE-2017-9418 EXPLOITDB HIGH text
WP-Testimonials 3.4.1 - SQL Injection
SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for WordPress allows an authenticated user to execute arbitrary SQL commands via the testid parameter to wp-admin/admin.php.
by Dimitrios Tsagkarakis
CVSS 8.8
EIP-2026-102731 EXPLOITDB text
reiserfstune 3.6.25 - Local Buffer Overflow
by Nassim Asrir
CVE-2016-6566 EXPLOITDB CRITICAL text
Sungard eTRAKiT3 <3.2.1.17 - SQL Injection
The valueAsString parameter inside the JSON payload contained by the ucLogin_txtLoginId_ClientStat POST parameter of the Sungard eTRAKiT3 software version 3.2.1.17 is not properly validated. An unauthenticated remote attacker may be able to modify the POST request and insert a SQL query which may then be executed by the backend server. eTRAKiT 3.2.1.17 was tested, but other versions may also be vulnerable.
by Goran Tuzovic
CVSS 9.8
CVE-2017-18346 EXPLOITDB CRITICAL text
CMS Web-Gooroo < 2013-01-19 - SQL Injection via wbg_login Parameter
SQL injection vulnerability in /wbg/core/_includes/authorization.inc.php in CMS Web-Gooroo through 2013-01-19 allows remote attackers to execute arbitrary SQL commands via the wbg_login parameter.
by Kaimi
CVSS 9.8
CVE-2017-9425 EXPLOITDB MEDIUM text
Facetag 0.0.3 - Stored Cross-Site Scripting via Name Parameter in facetag.changeTag Action
The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action.
by Touhid M.Shaikh
CVSS 6.1
EIP-2026-110413 EXPLOITDB text
OV3 Online Administration 3.0 - SQL Injection
by LiquidWorm
EIP-2026-110412 EXPLOITDB text
OV3 Online Administration 3.0 - Remote Code Execution
by LiquidWorm
EIP-2026-110411 EXPLOITDB text
OV3 Online Administration 3.0 - Directory Traversal
by LiquidWorm
CVE-2017-9426 EXPLOITDB CRITICAL text
Piwigo Facetag <0.0.3 - SQL Injection
ws.php in the Facetag extension 0.0.3 for Piwigo allows SQL injection via the imageId parameter in a facetag.changeTag or facetag.listTags action.
by Touhid M.Shaikh
CVSS 9.8
CVE-2016-2183 EXPLOITDB HIGH text VERIFIED
Redhat Jboss Enterprise Application Platform - Information Disclosure
The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack.
by SecuriTeam
CVSS 7.5
EIP-2026-119686 EXPLOITDB text VERIFIED
Trend Micro Deep Security 6.5 - XML External Entity Injection / Local Privilege Escalation / Remote Code Execution
by SecuriTeam
CVE-2017-1092 EXPLOITDB CRITICAL text VERIFIED
IBM Informix Open Admin Tool <12.1 - RCE
IBM Informix Open Admin Tool 11.5, 11.7, and 12.1 could allow an unauthorized user to execute arbitrary code as system admin on Windows servers. IBM X-Force ID: 120390.
by SecuriTeam
CVSS 9.8
CVE-2017-8541 EXPLOITDB HIGH text VERIFIED
Microsoft Malware Protection Engine < 1.1.13704.0 - Remote Code Execution via Crafted File Scan
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8540.
by Google Security Research
CVSS 7.8
CVE-2017-8540 EXPLOITDB HIGH text VERIFIED
Microsoft Malware Protection Engine 1.1.13701.0-1.1.13704.0 - Remote Code Execution via Crafted File Scan
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8538 and CVE-2017-8541.
by Google Security Research
CVSS 7.8
EIP-2026-104299 EXPLOITDB text
KEMP LoadMaster 7.135.0.13245 - Persistent Cross-Site Scripting / Remote Code Execution
by SecuriTeam
CVE-2017-8537 EXPLOITDB MEDIUM text VERIFIED
Microsoft Malware Protection Engine - Denial of Service via Crafted File Scan
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8536, CVE-2017-8539, and CVE-2017-8542.
by Google Security Research
CVSS 5.5
CVE-2017-8536 EXPLOITDB MEDIUM text VERIFIED
Microsoft Malware Protection Engine - Denial of Service via Crafted File Scan
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8535, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.
by Google Security Research
CVSS 5.5
CVE-2017-8535 EXPLOITDB MEDIUM text VERIFIED
Microsoft Malware Protection Engine - Denial of Service via Crafted File Scan
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to denial of service. aka "Microsoft Malware Protection Engine Denial of Service Vulnerability", a different vulnerability than CVE-2017-8536, CVE-2017-8537, CVE-2017-8539, and CVE-2017-8542.
by Google Security Research
CVSS 5.5
CVE-2017-8538 EXPLOITDB HIGH text VERIFIED
Microsoft Malware Protection Engine < 1.1.13704.0 - Remote Code Execution via Crafted File Scan
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016, Microsoft Exchange Server 2013 and 2016, does not properly scan a specially crafted file leading to memory corruption. aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability", a different vulnerability than CVE-2017-8540 and CVE-2017-8541.
by Google Security Research
CVSS 7.8
EIP-2026-113815 EXPLOITDB text
WordPress Plugin Huge-IT Video Gallery 2.0.4 - SQL Injection
by defensecode
EIP-2026-101187 EXPLOITDB text
CERIO DT-100G-N/DT-300N/CW-300N - Multiple Vulnerabilities
by LiquidWorm