Text Exploits

CVE-2025-34109 EXPLOITDB HIGH text VERIFIED

Panda Security Products <16.1.2 - Code Injection

PSEvents.exe in multiple Panda Security products runs hourly with SYSTEM privileges and loads DLL files from a user-writable directory without proper validation. An attacker with low-privileged access who can write DLL files to the monitored directory can achieve arbitrary code execution with SYSTEM privileges. Affected products include Panda Global Protection 2016, Panda Antivirus Pro 2016, Panda Small Business Protection, and Panda Internet Security 2016 (all versions up to 16.1.2).

by Security-Assessment.com

View

EIP-2026-114137 EXPLOITDB text

WordPress Plugin Ultimate Product Catalog 3.8.6 - Arbitrary File Upload

by i0akiN SEC-LABORATORY

View

EIP-2026-112473 EXPLOITDB text VERIFIED

SugarCRM 6.5.18 - PHP Code Injection

by Egidio Romano

View

EIP-2026-111782 EXPLOITDB text VERIFIED

Riverbed SteelCentral NetProfiler & NetExpress 10.8.7 - Multiple Vulnerabilities

by Security-Assessment.com

View

EIP-2026-110219 EXPLOITDB text VERIFIED

OPAC KpwinSQL - SQL Injection

by bRpsd

View

EIP-2026-108956 EXPLOITDB text VERIFIED

Kagao 3.0 - Multiple Vulnerabilities

by N4TuraL

View

EIP-2026-107706 EXPLOITDB text

iBilling 3.7.0 - Persistent Cross-Site Scripting / Reflected Cross-Site Scripting

by Bikramaditya Guha

View

EIP-2026-106051 EXPLOITDB text VERIFIED

CodoForum 3.4 - Persistent Cross-Site Scripting

by Ahmed Sherif

View

EIP-2026-105471 EXPLOITDB text VERIFIED

BigTree CMS 4.2.11 - SQL Injection

by Mehmet Ince

View

EIP-2026-101907 EXPLOITDB text

Option CloudGate CG0192-11897 - Multiple Vulnerabilities

by LiquidWorm

View

EIP-2026-101039 EXPLOITDB text

Magnet Networks Tesley CPVA 642 Router - Weak WPA-PSK Passphrase Algorithm

by Matt O'Connor

View

EIP-2026-114493 EXPLOITDB text

XuezhuLi FileSharing - Directory Traversal

by HaHwul

View

EIP-2026-107397 EXPLOITDB text

Getsimple CMS 3.3.10 - Arbitrary File Upload

by s0nk3y

View

EIP-2026-107102 EXPLOITDB text

FinderView - Multiple Vulnerabilities

by HaHwul

View

EIP-2026-105082 EXPLOITDB text VERIFIED

Alibaba Clone B2B Script - Arbitrary File Disclosure

by Meisam Monsef

View

CVE-2016-0189 EXPLOITDB HIGH text

Microsoft JScript/VBScript <5.8 - RCE

The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187.

by Brian Pak

CVSS 7.5

View

CVE-2016-3219 EXPLOITDB HIGH text VERIFIED

Microsoft Windows 10 - Access Control

The kernel-mode driver in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."

by Google Security Research

CVSS 7.8

View

CVE-2016-3220 EXPLOITDB HIGH text VERIFIED

Microsoft Windows 10 - Access Control

atmfd.dll in the Adobe Type Manager Font Driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "ATMFD.dll Elevation of Privilege Vulnerability."

by Google Security Research

CVSS 7.8

View

CVE-2016-3216 EXPLOITDB MEDIUM text VERIFIED

Microsoft Windows 10 - Information Disclosure

GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Windows Graphics Component Information Disclosure Vulnerability."

by Google Security Research

CVSS 4.3

View

EIP-2026-114704 EXPLOITDB text

Radiant CMS 1.1.3 - Multiple Persistent Cross-Site Scripting Vulnerabilities

by David Silveiro

View

EIP-2026-114530 EXPLOITDB text

YetiForce CRM < 3.1 - Persistent Cross-Site Scripting

by David Silveiro

View

EIP-2026-108499 EXPLOITDB text VERIFIED

Joomla! Component com_publisher - SQL Injection

by s0nk3y

View

CVE-2016-3976 EXPLOITDB HIGH text

SAP NetWeaver AS Java <7.6 - Path Traversal

Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971.

by ERPScan

CVSS 7.5

View

CVE-2016-3974 EXPLOITDB CRITICAL text

SAP NetWeaver Java AS <7.5 - DoS

XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tc~monitoring~webservice~web/ServerNodesWSService, aka SAP Security Note 2235994.

by ERPScan

CVSS 9.1

View

EIP-2026-119627 EXPLOITDB text VERIFIED

ACROS Security 0patch 2016.05.19.539 - '0PatchServicex64.exe' Unquoted Service Path Privilege Escalation

by LiquidWorm

View