Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2016-3542 EXPLOITDB MEDIUM text
Oracle E- Business Suite <12.2.5 - Info Disclosure
Unspecified vulnerability in the Oracle Knowledge Management component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote administrators to affect confidentiality and integrity via unknown vectors.
by SecuriTeam
CVSS 6.5
CVE-2015-8258 EXPLOITDB HIGH text
AXIS Communications <5.80.x - Code Injection
AXIS Communications products with firmware through 5.80.x allow remote attackers to modify arbitrary files as root via vectors involving Open Script Editor, aka a "resource injection vulnerability."
by Orwelllabs
CVSS 7.5
CVE-2015-8255 EXPLOITDB HIGH text
AXIS Communications Firmware - Cross-Site Request Forgery via admin/pwdgrp.cgi vaconfig.cgi and admin/local_del.cgi
AXIS Communications products allow CSRF, as demonstrated by admin/pwdgrp.cgi, vaconfig.cgi, and admin/local_del.cgi.
by Orwelllabs
CVSS 8.8
CVE-2017-0045 EXPLOITDB MEDIUM text
Windows DVD Maker - Information Disclosure via Crafted .msdvd File Parsing
Windows DVD Maker in Windows 7 SP1, Windows Server 2008 SP2 and R2 SP1, and Windows Vista SP2 does not properly parse crafted .msdvd files, which allows attackers to obtain information to compromise a target system, aka "Windows DVD Maker Cross-Site Request Forgery Vulnerability."
by hyp3rlinx
CVSS 5.5
CVE-2017-6880 EXPLOITDB CRITICAL text
Cerberus FTP Server <8.0.10.3 - Buffer Overflow
Buffer overflow in Cerberus FTP Server 8.0.10.3 allows remote attackers to cause a denial of service (daemon crash) or possibly have unspecified other impact via a long MLST command.
by Nassim Asrir
CVSS 9.8
EIP-2026-119646 EXPLOITDB text
PCAUSA Rawether (ASUS PCE-AC56 WLAN Card Utilities Windows 10 x64) - Local Privilege Escalation
by ReWolf
CVE-2016-7274 EXPLOITDB HIGH text
Microsoft Windows Uniscribe - Remote Code Execution via Crafted Website
Uniscribe in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote attackers to execute arbitrary code via a crafted web site, aka "Windows Uniscribe Remote Code Execution Vulnerability."
by Hossein Lotfi
CVSS 8.8
EIP-2026-108892 EXPLOITDB text
Joomla! Component Vik Rent Items 1.3 - SQL Injection
by Ihsan Sencan
EIP-2026-108891 EXPLOITDB text
Joomla! Component Vik Rent Car 1.11 - SQL Injection
by Ihsan Sencan
EIP-2026-108889 EXPLOITDB text
Joomla! Component Vik Appointments 1.5 - SQL Injection
by Ihsan Sencan
CVE-2017-2932 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player < 24.0.0.186 - Use-After-Free in ActionScript MovieClip
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable use after free vulnerability in the ActionScript MovieClip class. Successful exploitation could lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
CVE-2017-2931 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player < 24.0.0.186 - Memory Corruption via SWF Metadata Parsing
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability related to the parsing of SWF metadata. Successful exploitation could lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
CVE-2017-2935 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player < 24.0.0.186 - Remote Code Execution via Flash Video Container Processing
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when processing the Flash Video container file format. Successful exploitation could lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
CVE-2017-2933 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player < 24.0.0.186 - Remote Code Execution via Texture Compression
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability related to texture compression. Successful exploitation could lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
CVE-2017-2934 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <= 24.0.0.186 - Remote Code Execution via Adobe Texture Format Parsing
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable heap overflow vulnerability when parsing Adobe Texture Format files. Successful exploitation could lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
CVE-2016-8855 EXPLOITDB MEDIUM text
Sitecore Experience Platform 8.1 - XSS
Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. 160519 (8.1 Update-3) allows remote attacks via the Name or Description parameter. This is fixed in 8.2 Update-2.
by Pralhad Chaskar
CVSS 6.1
CVE-2017-6193 EXPLOITDB MEDIUM text
apng_disassembler < 2.8 - Buffer Overflow via Malformed IHDR Chunk
Buffer overflow in APNGDis 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted image containing a malformed image size descriptor in the IHDR chunk.
by Alwin Peppels
CVSS 5.5
CVE-2017-6192 EXPLOITDB MEDIUM text
apng_disassembler < 2.8 - Buffer Overflow via Chunk Size Descriptor
Buffer overflow in APNGDis 2.8 and earlier allows a remote attackers to cause denial of service and possibly execute arbitrary code via a crafted image containing a malformed chunk size descriptor.
by Alwin Peppels
CVSS 5.5
EIP-2026-108855 EXPLOITDB text
Joomla! Component Simple Membership 3.3.3 - 'userId' SQL Injection
by Ihsan Sencan
EIP-2026-108194 EXPLOITDB text
Joomla! Component Advertisement Board 3.0.4 - 'id' SQL Injection
by Ihsan Sencan
CVE-2017-6193 EXPLOITDB MEDIUM text
apng_disassembler < 2.8 - Buffer Overflow via Malformed IHDR Chunk
Buffer overflow in APNGDis 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted image containing a malformed image size descriptor in the IHDR chunk.
by Alwin Peppels
CVSS 5.5
CVE-2017-6191 EXPLOITDB HIGH text
apng_disassembler < 2.8 - Remote Code Execution via Crafted Filename
Buffer overflow in APNGDis 2.8 and below allows a remote attacker to execute arbitrary code via a crafted filename.
by Alwin Peppels
CVSS 7.8
CVE-2017-6192 EXPLOITDB MEDIUM text
apng_disassembler < 2.8 - Buffer Overflow via Chunk Size Descriptor
Buffer overflow in APNGDis 2.8 and earlier allows a remote attackers to cause denial of service and possibly execute arbitrary code via a crafted image containing a malformed chunk size descriptor.
by Alwin Peppels
CVSS 5.5
EIP-2026-112429 EXPLOITDB text
Steam Profile Integration 2.0.11 - SQL injection
by DrWhat
EIP-2026-105721 EXPLOITDB text
Car Workshop System - SQL Injection
by Ihsan Sencan