Text Exploits

31,330 exploits tracked across all sources.

Sort: Activity Stars
CVE-2016-3074 EXPLOITDB CRITICAL text
Libgd < 5.5.35 - Buffer Overflow
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.
by Hans Jerry Illikainen
CVSS 9.8
EIP-2026-116985 EXPLOITDB text
CompuSource Systems Real Time Home Banking - Local Privilege Escalation
by Information Paradox
EIP-2026-114703 EXPLOITDB text
NationBuilder - Multiple Persistent Cross-Site Scripting Vulnerabilities
by LiquidWorm
EIP-2026-102539 EXPLOITDB text
Totemomail 4.x/5.x - Persistent Cross-Site Scripting
by Vulnerability-Lab
EIP-2026-102220 EXPLOITDB text
C/C++ Offline Compiler and C For OS - Persistent Cross-Site Scripting
by Vulnerability-Lab
EIP-2026-111122 EXPLOITDB text
phpLiteAdmin 1.9.6 - Multiple Vulnerabilities
by Ozer Goker
CVE-2016-0143 EXPLOITDB HIGH text VERIFIED
Microsoft Windows 10 - Access Control
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0165 and CVE-2016-0167.
by Nils Sommer
CVSS 7.8
CVE-2016-3694 EXPLOITDB CRITICAL text
modified eCommerce Shopsoftware 2.0.0.0 - SQL Injection
Multiple SQL injection vulnerabilities in modified eCommerce Shopsoftware 2.0.0.0 revision 9678, when the easybill-module is not installed, allow remote attackers to execute arbitrary SQL commands via the (1) orders_status or (2) customers_status parameter to api/easybill/easybillcsv.php.
by Felix Maduakor
CVSS 9.8
CVE-2016-10709 EXPLOITDB HIGH text
Pfsense < 2.2.6 - OS Command Injection
pfSense before 2.3 allows remote authenticated users to execute arbitrary OS commands via a '|' character in the status_rrd_graph_img.php graph parameter, related to _rrd_graph_img.php.
by Security-Assessment.com
CVSS 8.8
EIP-2026-113866 EXPLOITDB text
WordPress Plugin leenk.me 2.5.0 - Cross-Site Request Forgery / Cross-Site Scripting
by cor3sm4sh3r
EIP-2026-113853 EXPLOITDB text
WordPress Plugin Kento Post View Counter 2.8 - Cross-Site Request Forgery / Cross-Site Scripting
by cor3sm4sh3r
EIP-2026-113382 EXPLOITDB text VERIFIED
Webutler CMS 3.2 - Cross-Site Request Forgery
by Keerati T.
EIP-2026-101093 EXPLOITDB text
TH692 Outdoor P2P HD Waterproof IP Camera - Hard-Coded Credentials
by DLY
CVE-2015-9266 EXPLOITDB CRITICAL text VERIFIED
UI Airmax AC Firmware < 5.6.2 - Path Traversal
The web management interface of Ubiquiti airMAX, airFiber, airGateway and EdgeSwitch XP (formerly TOUGHSwitch) allows an unauthenticated attacker to upload and write arbitrary files using directory traversal techniques. An attacker can exploit this vulnerability to gain root privileges. This vulnerability is fixed in the following product versions (fixes released in July 2015, all prior versions are affected): airMAX AC 7.1.3; airMAX M (and airRouter) 5.6.2 XM/XW/TI, 5.5.11 XM/TI, and 5.5.10u2 XW; airGateway 1.1.5; airFiber AF24/AF24HD 2.2.1, AF5x 3.0.2.1, and AF5 2.2.1; airOS 4 XS2/XS5 4.0.4; and EdgeSwitch XP (formerly TOUGHSwitch) 1.3.2.
by 93c08539
CVSS 9.8
CVE-2016-0122 EXPLOITDB HIGH text VERIFIED
Microsoft Excel - Memory Corruption
Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2013 SP1, Excel 2013 RT SP1, Excel 2016, Word 2016 for Mac, Office Compatibility Pack SP3, and Excel Viewer allow remote attackers to execute arbitrary code via a crafted Office document, aka "Microsoft Office Memory Corruption Vulnerability."
by Sébastien Morin
CVSS 7.8
EIP-2026-111132 EXPLOITDB text
PHPmongoDB 1.0.0 - Multiple Vulnerabilities
by Ozer Goker
EIP-2026-110566 EXPLOITDB text
pfSense Firewall 2.2.6 - Services Cross-Site Request Forgery
by Aatif Shahdad
EIP-2026-101571 EXPLOITDB text
Brickcom Corporation Network Cameras - Multiple Vulnerabilities
by Orwelllabs
EIP-2026-110425 EXPLOITDB text
Ovidentia troubleticketsModule 7.6 - Remote File Inclusion
by bd0rk
CVE-2016-1595 EXPLOITDB MEDIUM text
Micro Focus Novell Service Desk <7.2 - SQL Injection
LiveTime/WebObjects/LiveTime.woa/wa/DownloadAction/downloadFile in Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to conduct Hibernate Query Language (HQL) injection attacks and obtain sensitive information via the entityName parameter.
by Pedro Ribeiro
CVSS 6.5
CVE-2016-1594 EXPLOITDB MEDIUM text
Micro Focus Novell Service Desk <7.2 - Info Disclosure
Micro Focus Novell Service Desk before 7.2 allows remote authenticated users to read arbitrary attachments via a request to a LiveTime.woa URL, as demonstrated by obtaining sensitive information via a (1) downloadLogFiles or (2) downloadFile action.
by Pedro Ribeiro
CVSS 6.5
CVE-2016-1593 EXPLOITDB HIGH text
Micro Focus Novell Service Desk <7.2 - Path Traversal
Directory traversal vulnerability in the import users feature in Micro Focus Novell Service Desk before 7.2 allows remote authenticated administrators to upload and execute arbitrary JSP files via a .. (dot dot) in a filename within a multipart/form-data POST request to a LiveTime.woa URL.
by Pedro Ribeiro
CVSS 7.2
EIP-2026-116937 EXPLOITDB text
CAM UnZip 5.1 - .'ZIP' File Directory Traversal
by hyp3rlinx
EIP-2026-114383 EXPLOITDB text
WPN-XM Serverstack 0.8.6 - Cross-Site Request Forgery
by hyp3rlinx
EIP-2026-111789 EXPLOITDB text
RockMongo PHP MongoDB Administrator 1.1.8 - Multiple Vulnerabilities
by Ozer Goker
By Source
All 31,330 Writeup 59,903 Exploitdb 49,989 Nomisec 21,534 Metasploit 3,218 Github 2,542 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,330 python 5,924 ruby 5,907 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 53 postscript 25 xml 24