Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-108474 EXPLOITDB text VERIFIED
Joomla! Component com_payplans 3.3.6 - SQL Injection
by Persian Hack Team
EIP-2026-107502 EXPLOITDB text
Grid Gallery 1.0 - Admin Panel Authentication Bypass
by Ali BawazeEer
EIP-2026-107269 EXPLOITDB text VERIFIED
FRticket Ticket System - Persistent Cross-Site Scripting
by Hamit Abis
EIP-2026-106566 EXPLOITDB text
Dream Gallery 2.0 - Admin Panel Authentication Bypass
by Ali BawazeEer
EIP-2026-102594 EXPLOITDB text VERIFIED
Foxit PDF Reader 1.0.1.0925 - kdu_core::kdu_codestream::get_subsampling Memory Corruption
by Google Security Research
EIP-2026-102593 EXPLOITDB text VERIFIED
Foxit PDF Reader 1.0.1.0925 - CPDF_StreamContentParser::~CPDF_StreamContentParser Heap Memory Corruption
by Google Security Research
EIP-2026-102592 EXPLOITDB text VERIFIED
Foxit PDF Reader 1.0.1.0925 - CPDF_DIBSource::TranslateScanline24bpp Out-of-Bounds Read
by Google Security Research
EIP-2026-102591 EXPLOITDB text VERIFIED
Foxit PDF Reader 1.0.1.0925 - CFX_WideString::operator= Invalid Read
by Google Security Research
EIP-2026-102590 EXPLOITDB text VERIFIED
Foxit PDF Reader 1.0.1.0925 - CFX_BaseSegmentedArray::IterateIndex Memory Corruption
by Google Security Research
CVE-2016-20095 EXPLOITDB HIGH text
Matrix42 Remote Control Host 3.20.0031 Unquoted Path Privilege Escalation
Matrix42 Remote Control Host 3.20.0031 contains an unquoted service path vulnerability in the FastViewerRemoteService and FastViewerRemoteProxy services that allows local users to execute arbitrary code with SYSTEM privileges. Attackers can place a malicious executable in the Program Files directory with a crafted name to be executed by the service during startup, gaining elevated privileges.
by Roland C. Redl
CVSS 7.8
EIP-2026-117857 EXPLOITDB text
Riot Games League of Legends - Insecure File Permissions Privilege Escalation
by Cyril Vallicari
EIP-2026-111163 EXPLOITDB text
phpMyFAQ 2.9.0 - Persistent Cross-Site Scripting
by Kacper Szurek
CVE-2016-2494 EXPLOITDB HIGH text VERIFIED
Android 4.x-5.1.x and 6.x before 2016-06-01 - Privilege Escalation via sdcard Off-by-One Error
Off-by-one error in sdcard/sdcard.c in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-06-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 28085658.
by Google Security Research
CVSS 7.8
EIP-2026-103549 EXPLOITDB text VERIFIED
Microsoft Word (Windows/OSX) - Crash (PoC)
by halsten
EIP-2026-106563 EXPLOITDB text
Drale DBTableViewer 100123 - Blind SQL Injection
by HaHwul
CVE-2016-1336 EXPLOITDB HIGH text
Cisco EPC3928 Firmware - Denial of Service via Long LanguageSelect Parameter
goform/Docsis_system on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long LanguageSelect parameter, related to a "Gateway HTTP Corruption Denial of Service" issue, aka Bug ID CSCuy28100.
by Patryk Bogdan
CVSS 7.5
CVE-2016-1328 EXPLOITDB HIGH text
Cisco EPC3928 Firmware - Denial of Service via Long h_sortWireless Parameter
goform/WClientMACList on Cisco EPC3928 devices allows remote attackers to cause a denial of service (device crash) via a long h_sortWireless parameter, related to a "Gateway Client List Denial of Service" issue, aka Bug ID CSCux24948.
by Patryk Bogdan
CVSS 7.5
CVE-2015-6402 EXPLOITDB text
Cisco EPC3928 EDVA 5.5.10, 5.5.11, 5.7.1 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in the management interface on Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allows remote attackers to inject arbitrary web script or HTML via an unspecified value, aka Bug ID CSCux24935.
by Patryk Bogdan
CVE-2015-6401 EXPLOITDB text
Cisco EPC3928 EDVA 5.5.10/5.5.11/5.7.1 - Unauthenticated Admin Function Execution
Cisco EPC3928 devices with EDVA 5.5.10, 5.5.11, and 5.7.1 allow remote attackers to bypass an intended authentication requirement and execute unspecified administrative functions via a crafted HTTP request, aka Bug ID CSCux24941.
by Patryk Bogdan
EIP-2026-117408 EXPLOITDB text
League of Legends Screensaver - Unquoted Service Path Privilege Escalation
by Vincent Yiu
EIP-2026-117407 EXPLOITDB text
League of Legends Screensaver - Insecure File Permissions Privilege Escalation
by Vincent Yiu
CVE-2016-1337 EXPLOITDB HIGH text
Cisco EPC3928 Firmware - Unauthenticated Sensitive Information Exposure via Boot Process Requests
Cisco EPC3928 devices allow remote attackers to obtain sensitive configuration and credential information by making requests during the early part of the boot process, related to a "Boot Information Disclosure" issue, aka Bug ID CSCux17178.
by Patryk Bogdan
CVSS 8.1
CVE-2016-20076 EXPLOITDB HIGH text
WordPress Simple-Backup 2.7.11 Arbitrary File Deletion and Download
WordPress Simple-Backup 2.7.11 contains multiple vulnerabilities that allow unauthenticated attackers to delete arbitrary files and download sensitive files by manipulating the delete_backup_file and download_backup_file parameters in tools.php. Attackers can exploit insufficient input validation using directory traversal techniques to access wp-config.php, database dumps, and other sensitive files, or delete critical files .htaccess to expose backup directories.
by PizzaHatHacker
CVSS 7.5
CVE-2016-5237 EXPLOITDB MEDIUM text
Valve SteamOS < 3.42.16.13 - Local Privilege Escalation via Weak File Permissions
Valve Steam 3.42.16.13 uses weak permissions for the files in the Steam program directory, which allows local users to modify the files and possibly gain privileges as demonstrated by a Trojan horse Steam.exe file.
by Gregory Smiley
CVSS 4.8
EIP-2026-114221 EXPLOITDB text VERIFIED
WordPress Plugin WP Mobile Detector 3.5 - Arbitrary File Upload
by Aaditya Purani