Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2016-3646 EXPLOITDB HIGH text VERIFIED
Symantec ATP/SDCS:S/SEP/SEP for Mac/Linux <12.1 RU6 MP5 - RCE
The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation) via a crafted ZIP archive that is mishandled during decompression.
by Google Security Research
CVSS 8.4
CVE-2016-3644 EXPLOITDB HIGH text VERIFIED
Symantec ATP/SDCS:S 6.x-6.6 MP1, Web Gateway, SEP <12.1 RU6 MP5, SE...
The AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via modified MIME data in a message.
by Google Security Research
CVSS 8.4
CVE-2016-2210 EXPLOITDB HIGH text VERIFIED
Symantec Protection Engine Remote Code Execution via Crafted File
Buffer overflow in Dec2LHA.dll in the AntiVirus Decomposer engine in Symantec Advanced Threat Protection (ATP); Symantec Data Center Security:Server (SDCS:S) 6.x through 6.6 MP1; Symantec Web Gateway; Symantec Endpoint Protection (SEP) before 12.1 RU6 MP5; Symantec Endpoint Protection (SEP) for Mac; Symantec Endpoint Protection (SEP) for Linux before 12.1 RU6 MP5; Symantec Protection Engine (SPE) before 7.0.5 HF01, 7.5.x before 7.5.3 HF03, 7.5.4 before HF01, and 7.8.0 before HF01; Symantec Protection for SharePoint Servers (SPSS) 6.0.3 through 6.0.5 before 6.0.5 HF 1.5 and 6.0.6 before HF 1.6; Symantec Mail Security for Microsoft Exchange (SMSMSE) before 7.0_3966002 HF1.1 and 7.5.x before 7.5_3966008 VHF1.2; Symantec Mail Security for Domino (SMSDOM) before 8.0.9 HF1.1 and 8.1.x before 8.1.3 HF1.2; CSAPI before 10.0.4 HF01; Symantec Message Gateway (SMG) before 10.6.1-4; Symantec Message Gateway for Service Providers (SMG-SP) 10.5 before patch 254 and 10.6 before patch 253; Norton AntiVirus, Norton Security, Norton Internet Security, and Norton 360 before NGC 22.7; Norton Security for Mac before 13.0.2; Norton Power Eraser (NPE) before 5.1; and Norton Bootable Removal Tool (NBRT) before 2016.1 allows remote attackers to execute arbitrary code via a crafted file.
by Google Security Research
CVSS 7.3
CVE-2016-20075 EXPLOITDB HIGH text
WordPress Ultimate Product Catalog 3.8.6 Arbitrary File Upload RCE
WordPress Ultimate Product Catalog 3.8.6 contains an arbitrary file upload vulnerability that allows authenticated users with contributor, editor, author, or administrator roles to upload malicious files by exploiting the custom fields functionality. Attackers can upload PHP shells through the Products tab custom file field and access them via the upcp-product-file-uploads directory to execute arbitrary code on the server.
by i0akiN SEC-LABORATORY
CVSS 8.8
CVE-2025-34109 EXPLOITDB HIGH text VERIFIED
Panda Security Products <16.1.2 - Code Injection
PSEvents.exe in multiple Panda Security products runs hourly with SYSTEM privileges and loads DLL files from a user-writable directory without proper validation. An attacker with low-privileged access who can write DLL files to the monitored directory can achieve arbitrary code execution with SYSTEM privileges. Affected products include Panda Global Protection 2016, Panda Antivirus Pro 2016, Panda Small Business Protection, and Panda Internet Security 2016 (all versions up to 16.1.2).
by Security-Assessment.com
EIP-2026-112473 EXPLOITDB text VERIFIED
SugarCRM 6.5.18 - PHP Code Injection
by Egidio Romano
EIP-2026-111782 EXPLOITDB text VERIFIED
Riverbed SteelCentral NetProfiler & NetExpress 10.8.7 - Multiple Vulnerabilities
by Security-Assessment.com
EIP-2026-110219 EXPLOITDB text VERIFIED
OPAC KpwinSQL - SQL Injection
by bRpsd
EIP-2026-108956 EXPLOITDB text VERIFIED
Kagao 3.0 - Multiple Vulnerabilities
by N4TuraL
EIP-2026-107706 EXPLOITDB text
iBilling 3.7.0 - Persistent Cross-Site Scripting / Reflected Cross-Site Scripting
by Bikramaditya Guha
EIP-2026-106051 EXPLOITDB text VERIFIED
CodoForum 3.4 - Persistent Cross-Site Scripting
by Ahmed Sherif
EIP-2026-105471 EXPLOITDB text VERIFIED
BigTree CMS 4.2.11 - SQL Injection
by Mehmet Ince
EIP-2026-101907 EXPLOITDB text
Option CloudGate CG0192-11897 - Multiple Vulnerabilities
by LiquidWorm
EIP-2026-101039 EXPLOITDB text
Magnet Networks Tesley CPVA 642 Router - Weak WPA-PSK Passphrase Algorithm
by Matt O'Connor
EIP-2026-114493 EXPLOITDB text
XuezhuLi FileSharing - Directory Traversal
by HaHwul
EIP-2026-107397 EXPLOITDB text
Getsimple CMS 3.3.10 - Arbitrary File Upload
by s0nk3y
EIP-2026-107102 EXPLOITDB text
FinderView - Multiple Vulnerabilities
by HaHwul
EIP-2026-105082 EXPLOITDB text VERIFIED
Alibaba Clone B2B Script - Arbitrary File Disclosure
by Meisam Monsef
CVE-2016-0189 EXPLOITDB HIGH text
Microsoft JScript/VBScript <5.8 - RCE
The Microsoft (1) JScript 5.8 and (2) VBScript 5.7 and 5.8 engines, as used in Internet Explorer 9 through 11 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Scripting Engine Memory Corruption Vulnerability," a different vulnerability than CVE-2016-0187.
by Brian Pak
CVSS 7.5
CVE-2016-3219 EXPLOITDB HIGH text VERIFIED
Windows 10 - Local Privilege Escalation via Kernel-Mode Driver
The kernel-mode driver in Microsoft Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability."
by Google Security Research
CVSS 7.8
CVE-2016-3220 EXPLOITDB HIGH text VERIFIED
Windows - Privilege Escalation via Adobe Type Manager Font Driver
atmfd.dll in the Adobe Type Manager Font Driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "ATMFD.dll Elevation of Privilege Vulnerability."
by Google Security Research
CVSS 7.8
CVE-2016-3216 EXPLOITDB MEDIUM text VERIFIED
Windows GDI32.dll - ASLR Bypass via Graphics Component Information Disclosure
GDI32.dll in the Graphics component in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to bypass the ASLR protection mechanism via unspecified vectors, aka "Windows Graphics Component Information Disclosure Vulnerability."
by Google Security Research
CVSS 4.3
EIP-2026-114704 EXPLOITDB text
Radiant CMS 1.1.3 - Multiple Persistent Cross-Site Scripting Vulnerabilities
by David Silveiro
EIP-2026-114530 EXPLOITDB text
YetiForce CRM < 3.1 - Persistent Cross-Site Scripting
by David Silveiro
EIP-2026-108499 EXPLOITDB text VERIFIED
Joomla! Component com_publisher - SQL Injection
by s0nk3y