Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2016-3976 EXPLOITDB HIGH text
SAP NetWeaver AS Java <7.6 - Path Traversal
Directory traversal vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the fileName parameter to CrashFileDownloadServlet, aka SAP Security Note 2234971.
by ERPScan
CVSS 7.5
CVE-2016-3974 EXPLOITDB CRITICAL text
SAP NetWeaver Application Server Java 7.10-7.50 - XML External Entity Injection via ServerNodesWSService
XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tc~monitoring~webservice~web/ServerNodesWSService, aka SAP Security Note 2235994.
by ERPScan
CVSS 9.1
EIP-2026-119627 EXPLOITDB text VERIFIED
ACROS Security 0patch 2016.05.19.539 - '0PatchServicex64.exe' Unquoted Service Path Privilege Escalation
by LiquidWorm
CVE-2016-4309 EXPLOITDB HIGH text
Symphony CMS 2.6.7 - Info Disclosure
Session fixation vulnerability in Symphony CMS 2.6.7, when session.use_only_cookies is disabled, allows remote attackers to hijack web sessions via the PHPSESSID parameter.
by hyp3rlinx
CVSS 7.5
EIP-2026-112267 EXPLOITDB text
sNews CMS 1.7.1 - Multiple Vulnerabilities
by hyp3rlinx
EIP-2026-108290 EXPLOITDB text VERIFIED
Joomla! Component com_bt_media 1.0 - SQL Injection
by Persian Hack Team
EIP-2026-113072 EXPLOITDB text
Vicidial 2.11 - Scripts Persistent Cross-Site Scripting
by David Silveiro
EIP-2026-110922 EXPLOITDB text
phpATM 1.32 - Multiple Vulnerabilities
by Paolo Massenio
CVE-2025-34113 EXPLOITDB HIGH text VERIFIED
Tiki Wiki CMS <14.1-6.14 - Command Injection
An authenticated command injection vulnerability exists in Tiki Wiki CMS versions ≤14.1, ≤12.4 LTS, ≤9.10 LTS, and ≤6.14 via the `viewmode` GET parameter in `tiki-calendar.php`. When the calendar module is enabled and an authenticated user has permission to access it, an attacker can inject and execute arbitrary PHP code. Successful exploitation leads to remote code execution in the context of the web server user.
by Dany Ouellet
EIP-2026-119373 EXPLOITDB text
Gemalto Sentinel License Manager 18.0.1.55505 - Directory Traversal
by LiquidWorm
EIP-2026-114990 EXPLOITDB text VERIFIED
Blat 3.2.14 - Stack Overflow
by Vishnu
EIP-2026-111804 EXPLOITDB text
Roxy Fileman 1.4.4 - Arbitrary File Upload
by Tyrell Sassen
CVE-2016-3643 EXPLOITDB HIGH text
SolarWinds Virtualization Manager <6.3.1 - Privilege Escalation
SolarWinds Virtualization Manager 6.3.1 and earlier allow local users to gain privileges by leveraging a misconfiguration of sudo, as demonstrated by "sudo cat /etc/passwd."
by Nate Kettlewell
CVSS 7.8
EIP-2026-101534 EXPLOITDB text
ATCOM PBX IP01 / IP08 / IP4 / IP2G4A - Authentication Bypass
by i-Hmx
EIP-2026-116729 EXPLOITDB text
AdobeUpdateService 3.6.0.248 - Unquoted Service Path Privilege Escalation
by Cyril Vallicari
CVE-2016-0173 EXPLOITDB HIGH text VERIFIED
Windows - Local Privilege Escalation via Win32k Bitmap Use-After-Free
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0171, CVE-2016-0174, and CVE-2016-0196.
by Nils Sommer
CVSS 7.8
CVE-2016-0171 EXPLOITDB HIGH text VERIFIED
Windows Kernel-Mode Drivers - Local Privilege Escalation via Crafted Application
The kernel-mode drivers in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allow local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0173, CVE-2016-0174, and CVE-2016-0196.
by Nils Sommer
CVSS 7.8
EIP-2026-113170 EXPLOITDB text
w2wiki - Multiple Cross-Site Scripting Vulnerabilities
by HaHwul
EIP-2026-112892 EXPLOITDB text
Ultrabenosaurus ChatBoard - Persistent Cross-Site Scripting
by HaHwul
EIP-2026-108337 EXPLOITDB text VERIFIED
Joomla! Component com_enmasse 5.1 < 6.4 - SQL Injection
by Hamed Izadi
EIP-2026-108067 EXPLOITDB text
jbFileManager - Directory Traversal
by HaHwul
EIP-2026-106507 EXPLOITDB text
Dokeos 2.2.1 - Blind SQL Injection
by Mormoroth
EIP-2026-105591 EXPLOITDB text
BookingWizz Booking System < 5.5 - Multiple Vulnerabilities
by Mehmet Ince
EIP-2026-102617 EXPLOITDB text VERIFIED
Google Chrome - GPU Process MailboxManagerImpl Double-Read
by Google Security Research
EIP-2026-101791 EXPLOITDB text
Hyperoptic (Tilgin) Router HG23xx - Multiple Vulnerabilities
by LiquidWorm