Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-115748 EXPLOITDB text VERIFIED
Microsoft Office PowerPoint 2010 - 'MSO!Ordinal5429' Missing Length Check Heap Corruption
by Google Security Research
EIP-2026-111542 EXPLOITDB text
ProjectSend r754 - Insecure Direct Object Reference
by Vulnerability-Lab
EIP-2026-108777 EXPLOITDB text
Joomla! Component Magic Deals Web 1.2.0 - SQL Injection
by Ihsan Sencan
EIP-2026-108686 EXPLOITDB text
Joomla! Component J-MultipleHotelReservation Standard 6.0.2 - 'review_id' SQL Injection
by Ihsan Sencan
EIP-2026-108685 EXPLOITDB text
Joomla! Component J-HotelPortal 6.0.2 - 'review_id' SQL Injection
by Ihsan Sencan
EIP-2026-108684 EXPLOITDB text
Joomla! Component J-CruiseReservation Standard 3.0 - 'city' SQL Injection
by Ihsan Sencan
EIP-2026-108680 EXPLOITDB text
Joomla! Component J-BusinessDirectory 4.6.8 - SQL Injection
by Ihsan Sencan
EIP-2026-108643 EXPLOITDB text
Joomla! Component Eventix Events Calendar 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-108623 EXPLOITDB text
Joomla! Component Directorix Directory Manager 1.1.1 - SQL Injection
by Ihsan Sencan
EIP-2026-108208 EXPLOITDB text
Joomla! Component AppointmentBookingPro 4.0.1 - SQL Injection
by Ihsan Sencan
CVE-2017-2986 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player < 24.0.0.194 - Remote Code Execution via FLV Codec Heap Overflow
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability in the Flash Video (FLV) codec. Successful exploitation could lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
CVE-2017-2985 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player < 24.0.0.194 - Use-After-Free in ActionScript 3 BitmapData
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable use after free vulnerability in the ActionScript 3 BitmapData class. Successful exploitation could lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
CVE-2017-2988 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player < 24.0.0.194 - Memory Corruption via Garbage Collection
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability when performing garbage collection. Successful exploitation could lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
CVE-2017-2992 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player < 24.0.0.194 - Remote Code Execution via MP4 Header Parsing
Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable heap overflow vulnerability when parsing an MP4 header. Successful exploitation could lead to arbitrary code execution.
by Google Security Research
CVSS 8.8
EIP-2026-102255 EXPLOITDB text
Lock Photos Album&Videos Safe 4.3 - Directory Traversal
by Vulnerability-Lab
EIP-2026-108825 EXPLOITDB text
Joomla! Component PayPal IPN for DOCman 3.1 - 'id' SQL Injection
by Ihsan Sencan
EIP-2026-108782 EXPLOITDB text
Joomla! Component MaQma Helpdesk 4.2.7 - 'id' SQL Injection
by Ihsan Sencan
EIP-2026-102214 EXPLOITDB text
Album Lock 4.0 iOS - Directory Traversal
by Vulnerability-Lab
EIP-2026-111203 EXPLOITDB text
PHPShell 2.4 - Session Fixation
by hyp3rlinx
CVE-2017-6097 EXPLOITDB HIGH text
Mail Masta 1.0 - Authenticated SQL Injection via camp_id Parameter
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign/count_of_send.php (Requires authentication to Wordpress admin) with the POST Parameter: camp_id.
by Hanley Shun
CVSS 7.2
CVE-2017-6096 EXPLOITDB HIGH text
Mail Masta 1.0 - Authenticated SQL Injection via Filter List Parameter
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/view-list.php (Requires authentication to Wordpress admin) with the GET Parameter: filter_list.
by Hanley Shun
CVSS 7.2
CVE-2017-6095 EXPLOITDB CRITICAL text
Mail Masta 1.0 - Unauthenticated SQL Injection via list_id Parameter
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/lists/csvexport.php (Unauthenticated) with the GET Parameter: list_id.
by Hanley Shun
CVSS 9.8
CVE-2017-5496 EXPLOITDB CRITICAL text
Sawmill Enterprise 8.7.9 - Authentication Bypass via Password Hash
Sawmill Enterprise 8.7.9 allows remote attackers to gain login access by leveraging knowledge of a password hash.
by hyp3rlinx
CVSS 9.8
CVE-2017-6098 EXPLOITDB HIGH text
Mail Masta 1.0 - Authenticated SQL Injection via list_id Parameter
A SQL injection issue was discovered in the Mail Masta (aka mail-masta) plugin 1.0 for WordPress. This affects /inc/campaign_save.php (Requires authentication to Wordpress admin) with the POST Parameter: list_id.
by Hanley Shun
CVSS 7.2
EIP-2026-108849 EXPLOITDB text
Joomla! Component Room Management 1.0 - SQL Injection
by Ihsan Sencan