Text Exploits

31,329 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-108627 EXPLOITDB text
Joomla! Component DT Register - 'cat' SQL Injection
by Elar Lang
EIP-2026-102866 EXPLOITDB text VERIFIED
Google Chrome (Fedora 25 / Ubuntu 16.04) - 'tracker-extract' / 'gnome-video-thumbnailer' + 'totem' Drive-By Download
by Chris Evans
EIP-2026-101098 EXPLOITDB text
TP-LINK TD-W8151N - Denial of Service
by Persian Hack Team
CVE-2016-7626 EXPLOITDB HIGH text VERIFIED
Apple Iphone OS < 10.2 - Memory Corruption
An issue was discovered in certain Apple products. iOS before 10.2 is affected. tvOS before 10.1 is affected. watchOS before 3.1.1 is affected. The issue involves the "Profiles" component. It allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted certificate profile.
by Maksymilian Arciemowicz
CVSS 8.8
EIP-2026-117115 EXPLOITDB text VERIFIED
EasyPHP Devserver 16.1.1 - Insecure File Permissions Privilege Escalation
by Ashiyane Digital Security Team
EIP-2026-101867 EXPLOITDB text
Netgear R7000 - Cross-Site Scripting
by Vincent Yiu
EIP-2026-101525 EXPLOITDB text
ARG-W4 ADSL Router - Multiple Vulnerabilities
by Persian Hack Team
EIP-2026-111798 EXPLOITDB text VERIFIED
Roundcube 1.2.2 - Remote Code Execution
by Robin Peraglie
CVE-2013-5528 EXPLOITDB text
Cisco Unified Communications Manager - Path Traversal
Directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815.
by justpentest
CVE-2016-6277 EXPLOITDB HIGH text VERIFIED
NETGEAR - RCE
NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1.0.1.18.Beta, R6700 before 1.0.1.14.Beta, R6900, R7000 before 1.0.7.6.Beta, R7100LG before 1.0.0.28.Beta, R7300DST before 1.0.0.46.Beta, R7900 before 1.0.1.8.Beta, R8000 before 1.0.3.26.Beta, D6220, D6400, D7000, and possibly other routers allow remote attackers to execute arbitrary commands via shell metacharacters in the path info to cgi-bin/.
by Acew0rm
CVSS 8.8
EIP-2026-117507 EXPLOITDB text
Microsoft PowerShell - XML External Entity Injection
by hyp3rlinx
CVE-2015-6168 EXPLOITDB text VERIFIED
Microsoft Edge - Memory Corruption
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability," a different vulnerability than CVE-2015-6153.
by Skylined
CVE-2016-3222 EXPLOITDB HIGH text
Microsoft Edge - Memory Corruption
Microsoft Edge allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Microsoft Edge Memory Corruption Vulnerability."
by Skylined
CVSS 8.8
EIP-2026-106769 EXPLOITDB text VERIFIED
Edge SkateShop - Authentication bypass
by Delilah
CVE-2016-6707 EXPLOITDB HIGH text VERIFIED
Google Android < 6.0.1 - Access Control
An elevation of privilege vulnerability in System Server in Android 6.x before 2016-11-01 and 7.0 before 2016-11-01 could enable a local malicious application to execute arbitrary code within the context of a privileged process. This issue is rated as High because it could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. Android ID: A-31350622.
by Google Security Research
CVSS 7.8
EIP-2026-100025 EXPLOITDB text VERIFIED
Google Android - 'IOMXNodeInstance::enableNativeBuffers' Unchecked Index
by Google Security Research
EIP-2026-117502 EXPLOITDB text VERIFIED
Microsoft MSINFO32.EXE 6.1.7601 - '.NFO' XML External Entity Injection
by hyp3rlinx
CVE-2019-0948 EXPLOITDB MEDIUM text VERIFIED
Windows Event Viewer - Info Disclosure
An information disclosure vulnerability exists in the Windows Event Viewer (eventvwr.msc) when it improperly parses XML input containing a reference to an external entity. An attacker who successfully exploited this vulnerability could read arbitrary files via an XML external entity (XXE) declaration. To exploit the vulnerability, an attacker could create a file containing specially crafted XML content and convince an authenticated user to import the file. The update addresses the vulnerability by modifying the way that the Event Viewer parses XML input.
by hyp3rlinx
CVSS 4.7
CVE-2016-8742 EXPLOITDB HIGH text VERIFIED
Apache CouchDB <2.0.0 - Privilege Escalation
The Windows installer that the Apache CouchDB team provides was vulnerable to local privilege escalation. All files in the install inherit the file permissions of the parent directory and therefore a non-privileged user can substitute any executable for the nssm.exe service launcher, or CouchDB batch or binary files. A subsequent service or server restart will then run that binary with administrator privilege. This issue affected CouchDB 2.0.0 (Windows platform only) and was addressed in CouchDB 2.0.0.1.
by hyp3rlinx
CVSS 7.8
EIP-2026-114060 EXPLOITDB text VERIFIED
WordPress Plugin Single Personal Message 1.0.3 - SQL Injection
by Lenon Leite
EIP-2026-101446 EXPLOITDB text
Shuttle Tech ADSL Wireless 920 WM - Multiple Vulnerabilities
by Persian Hack Team
EIP-2026-117570 EXPLOITDB text VERIFIED
Microsoft Windows Media Center 6.1.7600 - 'ehshell.exe' XML External Entity Injection
by hyp3rlinx
EIP-2026-117486 EXPLOITDB text
Microsoft Excel Starter 2010 - XML External Entity Injection
by hyp3rlinx
EIP-2026-117477 EXPLOITDB text VERIFIED
Microsoft Authorization Manager 6.1.7601 - 'azman' XML External Entity Injection
by hyp3rlinx
EIP-2026-112228 EXPLOITDB text
Smart Guard Network Manager 6.3.2 - SQL Injection
by Rahul Raz
By Source
All 31,329 Writeup 59,763 Exploitdb 49,983 Nomisec 21,484 Metasploit 3,218 Github 2,526 Vulncheck_xdb 903 Inthewild 514 Gitlab 440 Gitee 415 Patchapalooza 312
By Language
text 31,329 python 5,913 ruby 5,907 c 3,563 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 88 go 53 postscript 25 xml 24