Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-0103 EXPLOITDB HIGH text VERIFIED
Microsoft Windows Privilege Escalation via Registry Object Mishandling
The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, and Windows Server 2012 mishandles registry objects in memory, which allows local users to gain privileges via a crafted application, aka "Windows Registry Elevation of Privilege Vulnerability."
by Google Security Research
CVSS 7.0
CVE-2017-0062 EXPLOITDB MEDIUM text VERIFIED
Microsoft Windows GDI+ - Information Disclosure via Crafted Website
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0073.
by Google Security Research
CVSS 4.7
CVE-2017-0085 EXPLOITDB MEDIUM text VERIFIED
Microsoft Windows Vista SP2/Server 2008 SP2/R2 SP1/7 SP1 Uniscribe Information Disclosure
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, CVE-2017-0127, and CVE-2017-0128.
by Google Security Research
CVSS 4.3
CVE-2017-0128 EXPLOITDB MEDIUM text VERIFIED
Microsoft Windows Vista SP2, Server 2008 SP2/R2 SP1, Windows 7 SP1 Uniscribe Information Disclosure
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "Uniscribe Information Disclosure Vulnerability." CVE-2017-0085, CVE-2017-0091, CVE-2017-0092, CVE-2017-0111, CVE-2017-0112, CVE-2017-0113, CVE-2017-0114, CVE-2017-0115, CVE-2017-0116, CVE-2017-0117, CVE-2017-0118, CVE-2017-0119, CVE-2017-0120, CVE-2017-0121, CVE-2017-0122, CVE-2017-0123, CVE-2017-0124, CVE-2017-0125, CVE-2017-0126, and CVE-2017-0127.
by Google Security Research
CVSS 4.3
CVE-2017-0089 EXPLOITDB HIGH text VERIFIED
Microsoft Windows Uniscribe - Remote Code Execution via Crafted Website
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, and CVE-2017-0090.
by Google Security Research
CVSS 8.8
CVE-2017-0084 EXPLOITDB HIGH text VERIFIED
Windows Uniscribe - Remote Code Execution via Crafted Website
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.
by Google Security Research
CVSS 8.8
CVE-2017-0086 EXPLOITDB HIGH text VERIFIED
Microsoft Windows Vista SP2, Server 2008 SP2/R2 SP1, and 7 SP1 - Remote Code Execution via Uniscribe
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.
by Google Security Research
CVSS 8.8
CVE-2017-0087 EXPLOITDB HIGH text VERIFIED
Microsoft Windows Uniscribe - Remote Code Execution via Crafted Website
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.
by Google Security Research
CVSS 8.8
CVE-2017-0090 EXPLOITDB HIGH text VERIFIED
Microsoft Windows Vista SP2, Server 2008 SP2/R2 SP1, 7 SP1 - Remote Code Execution via Uniscribe
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0072, CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, and CVE-2017-0089.
by Google Security Research
CVSS 8.8
CVE-2017-0088 EXPLOITDB HIGH text VERIFIED
Windows Uniscribe in Vista SP2, Server 2008 SP2/R2 SP1, and 7 SP1 - Remote Code Execution
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability."
by Google Security Research
CVSS 8.8
CVE-2017-0072 EXPLOITDB HIGH text VERIFIED
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 - Remote Code Execution
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Uniscribe Remote Code Execution Vulnerability." This vulnerability is different from those described in CVE-2017-0083, CVE-2017-0084, CVE-2017-0086, CVE-2017-0087, CVE-2017-0088, CVE-2017-0089, and CVE-2017-0090.
by Google Security Research
CVSS 8.8
CVE-2017-0108 EXPLOITDB HIGH text VERIFIED
Microsoft Live Meeting - Memory Corruption
The Windows Graphics Component in Microsoft Office 2007 SP3; 2010 SP2; and Word Viewer; Skype for Business 2016; Lync 2013 SP1; Lync 2010; Live Meeting 2007; Silverlight 5; Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; and Windows 7 SP1 allows remote attackers to execute arbitrary code via a crafted web site, aka "Graphics Component Remote Code Execution Vulnerability." This vulnerability is different from that described in CVE-2017-0014.
by Google Security Research
CVSS 7.8
CVE-2017-0060 EXPLOITDB MEDIUM text VERIFIED
Microsoft Windows GDI - Unauthorized Memory Information Exposure via Crafted Website
The Graphics Device Interface (GDI) in Microsoft Windows Vista SP2; Windows Server 2008 SP2 and R2 SP1; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; and Windows 10 Gold, 1511, and 1607 allows remote attackers to obtain sensitive information from process memory via a crafted web site, aka "GDI+ Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0060 and CVE-2017-0062.
by Google Security Research
CVSS 5.5
CVE-2017-0063 EXPLOITDB MEDIUM text VERIFIED
Windows Color Management Module - Information Disclosure via ICM32.dll Memory Handling
The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2; Windows Server 2008 SP2 and R2; and Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka "Microsoft Color Management Information Disclosure Vulnerability." This vulnerability is different from that described in CVE-2017-0061.
by Google Security Research
CVSS 6.5
CVE-2017-0061 EXPLOITDB MEDIUM text VERIFIED
Windows Vista SP2, Windows Server 2008 SP2/R2, Windows 7 SP1 - ASLR Bypass via ICM32.dll Memory Handling
The Color Management Module (ICM32.dll) memory handling functionality in Windows Vista SP2, Windows Server 2008 SP2 and R2, and Windows 7 SP1 allows remote attackers to bypass ASLR and execute code in combination with another vulnerability through a crafted website, aka "Microsoft Color Management Information Disclosure Vulnerability." This vulnerability is different from that described in CVE-2017-0063.
by Google Security Research
CVSS 5.3
CVE-2017-7183 EXPLOITDB HIGH text
ExtraPuTTY < 0.29 - Denial of Service via Large TFTP Message
The TFTP server in ExtraPuTTY 0.30 and earlier allows remote attackers to cause a denial of service (crash) via a large (1) read or (2) write TFTP protocol message.
by hyp3rlinx
CVSS 7.5
EIP-2026-111119 EXPLOITDB text
phplist 3.2.6 - SQL Injection
by Curesec Research Team
EIP-2026-108735 EXPLOITDB text
Joomla! Component JooCart 2.x - 'product_id' SQL Injection
by Ihsan Sencan
EIP-2026-101019 EXPLOITDB text
Google Nest Cam 5.2.1
 - Buffer Overflow Conditions Over Bluetooth LE
by Jason Doyle
EIP-2026-118659 EXPLOITDB text VERIFIED
HttpServer 1.0 - Directory Traversal
by malwrforensics
EIP-2026-111965 EXPLOITDB text
Secure Download Links - 'dc' SQL Injection
by Ihsan Sencan
EIP-2026-110027 EXPLOITDB text
Omegle Clone - SQL Injection
by Ihsan Sencan
EIP-2026-107762 EXPLOITDB text
iFdate Social Dating Script 2.0 - SQL Injection
by Ihsan Sencan
CVE-2017-6896 EXPLOITDB HIGH text
DIGISOL DG-HR1400 1.00.02 - Privilege Escalation
Privilege escalation vulnerability on the DIGISOL DG-HR1400 1.00.02 wireless router enables an attacker to escalate from user privilege to admin privilege just by modifying the Base64-encoded session cookie value.
by Indrajith.A.N
CVSS 8.8
EIP-2026-106423 EXPLOITDB text
Departmental Store Management System 1.2 - SQL Injection
by Ihsan Sencan