Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-7953 EXPLOITDB MEDIUM text
INFOR EAM V11.0 Build 201410 - Stored Cross-Site Scripting via Comment Fields
INFOR EAM V11.0 Build 201410 has XSS via comment fields.
by Yoroi
CVSS 5.4
CVE-2017-7952 EXPLOITDB HIGH text
INFOR EAM V11.0 Build 201410 - SQL Injection via Search Filter Value Parameter
INFOR EAM V11.0 Build 201410 has SQL injection via search fields, related to the filtervalue parameter.
by Yoroi
CVSS 8.8
CVE-2017-0214 EXPLOITDB HIGH text VERIFIED
Microsoft Windows - Privilege Escalation
Windows COM in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 allows an elevation privilege vulnerability when Windows fails to properly validate input before loading type libraries, aka "Windows COM Elevation of Privilege Vulnerability". This CVE ID is unique from CVE-2017-0213.
by Google Security Research
CVSS 7.0
CVE-2017-3064 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <= 25.0.0.127 - Memory Corruption via Shape Outline Parsing
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability when parsing a shape outline. Successful exploitation could lead to arbitrary code execution.
by Google Security Research
CVSS 7.8
CVE-2017-3061 EXPLOITDB CRITICAL text VERIFIED
Adobe Flash Player <= 25.0.0.127 - Memory Corruption in SWF Parser
Adobe Flash Player versions 25.0.0.127 and earlier have an exploitable memory corruption vulnerability in the SWF parser. Successful exploitation could lead to arbitrary code execution.
by Google Security Research
CVSS 9.8
CVE-2017-3068 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player < 25.0.0.148 - Memory Corruption in Advanced Video Coding Engine
Adobe Flash Player versions 25.0.0.148 and earlier have an exploitable memory corruption vulnerability in the Advanced Video Coding engine. Successful exploitation could lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
CVE-2017-6982 EXPLOITDB MEDIUM text VERIFIED
iPhone OS < 10.3.1 - Denial of Service in Notifications Component
An issue was discovered in certain Apple products. iOS before 10.3.2 is affected. The issue involves the "Notifications" component. It allows attackers to cause a denial of service via a crafted app.
by CoffeeBreakers
CVSS 5.5
CVE-2017-0175 EXPLOITDB MEDIUM text VERIFIED
Windows 7 SP1 and Windows Server 2008 SP2/R2 SP1 - Authenticated Information Disclosure via Crafted Document
The Windows kernel in Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0220, CVE-2017-0258, and CVE-2017-0259.
by Google Security Research
CVSS 4.7
CVE-2017-0220 EXPLOITDB MEDIUM text VERIFIED
Windows 7 SP1, Server 2008 SP2/R2 SP1, 2012 Gold - Authenticated Info Disclosure via Crafted Document
The Windows kernel in Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 Gold allows authenticated attackers to obtain sensitive information via a specially crafted document, aka "Windows Kernel Information Disclosure Vulnerability," a different vulnerability than CVE-2017-0175, CVE-2017-0258, and CVE-2017-0259.
by Google Security Research
CVSS 4.7
CVE-2017-8928 EXPLOITDB HIGH text
mailcow 0.14 - Cross-Site Request Forgery
mailcow 0.14, as used in "mailcow: dockerized" and other products, has CSRF.
by hyp3rlinx
CVSS 8.8
CVE-2017-9080 EXPLOITDB HIGH text VERIFIED
PlaySMS 1.4 - Remote Code Execution
PlaySMS 1.4 allows remote code execution because PHP code in the name of an uploaded .php file is executed. sendfromfile.php has a combination of Unrestricted File Upload and Code Injection.
by Touhid M.Shaikh
CVSS 8.8
CVE-2017-8918 EXPLOITDB MEDIUM text
Blackwave Dive Assistant - Desktop Edition 8.0 - Info Disclosure
XXE in Dive Assistant - Template Builder in Blackwave Dive Assistant - Desktop Edition 8.0 allows attackers to remotely view local files via a crafted template.xml file.
by Trent Gordon
CVSS 5.5
CVE-2017-8798 EXPLOITDB CRITICAL text
MiniUPnP MiniUPnPc 1.4.20101221-2.0 - Denial of Service via Integer Signedness Error
Integer signedness error in MiniUPnP MiniUPnPc v1.4.20101221 through v2.0 allows remote attackers to cause a denial of service or possibly have unspecified other impact.
by tintinweb
CVSS 9.8
EIP-2026-111620 EXPLOITDB text
QNAP PhotoStation 5.2.4 / MusicStation 4.8.4 - Authentication Bypass
by Kacper Szurek
CVE-2017-8912 EXPLOITDB HIGH text
CMS Made Simple 2.1.6 - Authenticated PHP Code Execution via Edit User Tag
CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated administrators to execute arbitrary PHP code via the code parameter to admin/editusertag.php, related to the CreateTagFunction and CallUserTag functions. NOTE: the vendor reportedly has stated this is "a feature, not a bug.
by Osanda Malith Jayathissa
CVSS 7.2
EIP-2026-105388 EXPLOITDB text
BanManager WebUI 1.5.8 - PHP Code Injection
by HaHwul
CVE-2017-0290 EXPLOITDB HIGH text VERIFIED
Microsoft Malware Protection Engine < 1.1.13701.0 - Remote Code Execution via Crafted File Scan
The Microsoft Malware Protection Engine running on Microsoft Forefront and Microsoft Defender on Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, and 1703, and Windows Server 2016 does not properly scan a specially crafted file leading to memory corruption, aka "Microsoft Malware Protection Engine Remote Code Execution Vulnerability."
by Google Security Research
CVSS 7.8
EIP-2026-107691 EXPLOITDB text VERIFIED
I_ Librarian 4.6/4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting
by SEC Consult
EIP-2026-107690 EXPLOITDB text VERIFIED
I_ Librarian 4.6/4.7 - Command Injection / Server Side Request Forgery / Directory Enumeration / Cross-Site Scripting
by SEC Consult
CVE-2017-2800 EXPLOITDB CRITICAL text
wolfSSL < 3.10.2 - Certificate Validation Bypass via Crafted x509 Certificate
A specially crafted x509 certificate can cause a single out of bounds byte overwrite in wolfSSL through 3.10.2 resulting in potential certificate validation vulnerabilities, denial of service and possible remote code execution. In order to trigger this vulnerability, the attacker needs to supply a malicious x509 certificate to either a server or a client application using this library.
by Talos
CVSS 9.8
CVE-2017-7314 EXPLOITDB HIGH text
Personify360 e-Business <7.6.1 - Info Disclosure
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, while creating a new role, a list of database tables and their columns is available.
by Pesach Zirkind
CVSS 7.5
CVE-2017-7312 EXPLOITDB CRITICAL text
Personify360 e-Business <7.6.1 - Info Disclosure
An issue was discovered in Personify360 e-Business 7.5.2 through 7.6.1. When going to the /TabId/275 URI, anyone can add a vendor account or read existing vendor account data (including usernames and passwords).
by Pesach Zirkind
CVSS 9.8
EIP-2026-100038 EXPLOITDB text VERIFIED
LG G4 MRA58K - 'mkvparser::Tracks constructor' Failure to Initialise Pointers
by Google Security Research
EIP-2026-100037 EXPLOITDB text VERIFIED
LG G4 MRA58K - 'mkvparser::Block::Block' Heap Buffer Overflow
by Google Security Research
EIP-2026-100036 EXPLOITDB text VERIFIED
LG G4 MRA58K - 'liblg_parser_mkv.so' Bad Allocation Calls
by Google Security Research