Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-103506 EXPLOITDB text VERIFIED
Graphite2 - GlyphCache::GlyphCache Heap Buffer Overflow
by Google Security Research
EIP-2026-102348 EXPLOITDB text VERIFIED
PowerFolder Server 10.4.321 - Remote Code Execution
by Hans-Martin Muench
EIP-2026-100102 EXPLOITDB text
AfterLogic WebMail Pro ASP.NET 6.2.6 - Administrator Account Disclosure via XML External Entity Injection
by Mehmet Ince
EIP-2026-117725 EXPLOITDB text
Operation Technology ETAP 14.1.0 - Local Privilege Escalation
by LiquidWorm
EIP-2026-116011 EXPLOITDB text
Operation Technology ETAP 14.1.0 - Multiple Stack Buffer Overrun Vulnerabilities
by LiquidWorm
EIP-2026-114419 EXPLOITDB text VERIFIED
XenAPI 1.4.1 for XenForo - Multiple SQL Injections
by Julien Ahrens
CVE-2016-2386 EXPLOITDB CRITICAL text
SAP NetWeaver Application Server Java 7.40 - SQL Injection
SQL injection vulnerability in the UDDI server in SAP NetWeaver J2EE Engine 7.40 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, aka SAP Security Note 2101079.
by ERPScan
CVSS 9.8
CVE-2016-2388 EXPLOITDB MEDIUM text
SAP NetWeaver AS JAVA 7.10-7.50 - Exposure of Sensitive Information via Universal Worklist Configuration
The Universal Worklist Configuration in SAP NetWeaver AS JAVA 7.4 allows remote attackers to obtain sensitive user information via a crafted HTTP request, aka SAP Security Note 2256846.
by ERPScan
CVSS 5.3
CVE-2016-1848 EXPLOITDB HIGH text VERIFIED
Apple OS X <10.11.5 - Memory Corruption
QuickTime in Apple OS X before 10.11.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted file.
by Francis Provencher
CVSS 7.8
EIP-2026-102549 EXPLOITDB text
4digits 1.1.4 - Local Buffer Overflow (PoC)
by N_A
CVE-2016-0168 EXPLOITDB MEDIUM text VERIFIED
Microsoft Windows - Information Disclosure via GDI Crafted Document
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0169.
by Google Security Research
CVSS 6.5
CVE-2016-0169 EXPLOITDB MEDIUM text VERIFIED
Microsoft Windows - Information Disclosure via GDI Crafted Document
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to obtain sensitive information via a crafted document, aka "Windows Graphics Component Information Disclosure Vulnerability," a different vulnerability than CVE-2016-0168.
by Google Security Research
CVSS 6.5
CVE-2016-2208 EXPLOITDB CRITICAL text VERIFIED
Symantec Anti-Virus Engine < 20151.1.0.32 - Remote Code Execution via Malformed PE Header
The kernel component in Symantec Anti-Virus Engine (AVE) 20151.1 before 20151.1.1.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory access violation and system crash) via a malformed PE header file.
by Google Security Research
CVSS 9.1
CVE-2016-0170 EXPLOITDB HIGH text VERIFIED
Microsoft Windows - Remote Code Execution via GDI Crafted Document
GDI in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted document, aka "Windows Graphics Component RCE Vulnerability."
by Google Security Research
CVSS 8.8
CVE-2016-1105 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <=21.0.0.213 FileReference - Type Confusion
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
by Google Security Research
CVSS 7.5
CVE-2016-1106 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <=21.0.0.213 SetNative - Use-After-Free
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
by Google Security Research
CVSS 7.5
CVE-2016-1103 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <=21.0.0.213 Raw 565 Texture Processing Overflow
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
by Google Security Research
CVSS 7.5
CVE-2016-1104 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <=21.0.0.213 Object Placing - Out-of-Bounds Read
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
by Google Security Research
CVSS 7.5
CVE-2016-1102 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <=21.0.0.213 JXR Processing - Out-of-Bounds Read
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
by Google Security Research
CVSS 7.5
CVE-2016-1101 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <21.0.0.213 - Unspecified Vuln
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
by Google Security Research
CVSS 7.5
CVE-2016-4108 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <=21.0.0.213 addProperty - Use-After-Free
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
by Google Security Research
CVSS 7.5
CVE-2016-1096 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <=21.0.0.213 in IE/Edge - Impact Unknown
Unspecified vulnerability in Adobe Flash Player 21.0.0.213 and earlier, as used in the Adobe Flash libraries in Microsoft Internet Explorer 10 and 11 and Microsoft Edge, has unknown impact and attack vectors, a different vulnerability than other CVEs listed in MS16-064.
by Google Security Research
CVSS 7.5
CVE-2016-2389 EXPLOITDB HIGH text
SAP NetWeaver xMII 15.0 - Directory Traversal via GetFileList Path Parameter
Directory traversal vulnerability in the GetFileList function in the SAP Manufacturing Integration and Intelligence (xMII) component 15.0 for SAP NetWeaver 7.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the Path parameter to /Catalog, aka SAP Security Note 2230978.
by ERPScan
CVSS 7.5
CVE-2016-4807 EXPLOITDB MEDIUM text VERIFIED
web2py < 2.14.5 - Reflected Cross-Site Scripting
Web2py versions 2.14.5 and below was affected by Reflected XSS vulnerability, which allows an attacker to perform an XSS attack on logged in user (admin).
by Narendra Bhati
CVSS 4.8
CVE-2016-4806 EXPLOITDB HIGH text VERIFIED
web2py < 2.14.5 - Local File Inclusion
Web2py versions 2.14.5 and below was affected by Local File Inclusion vulnerability, which allows a malicious intended user to read/access web server sensitive files.
by Narendra Bhati
CVSS 7.5