Text Exploits

31,330 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110268 EXPLOITDB text
OpenCart 2.1.0.2 < 2.2.0.0 - json_decode Function Remote Code Execution
by Naser Farhadi
CVE-2016-1596 EXPLOITDB MEDIUM text
Micro Focus Novell Service Desk <7.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain (1) user name, (2) tf_aClientFirstName, (3) tf_aClientLastName, (4) ta_selectedTopicContent, (5) tf_orgUnitName, (6) tf_aManufacturerFullName, (7) tf_aManufacturerName, (8) tf_aManufacturerAddress, or (9) tf_aManufacturerCity parameter.
by Pedro Ribeiro
CVSS 5.4
CVE-2015-8256 EXPLOITDB MEDIUM text
Axis Network Cameras - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Axis network cameras.
by Orwelllabs
CVSS 6.1
CVE-2016-2417 EXPLOITDB CRITICAL text VERIFIED
Google Android - Access Control
media/libmedia/IOMX.cpp in mediaserver in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not initialize a parameter data structure, which allows attackers to obtain sensitive information from process memory, and consequently bypass an unspecified protection mechanism, via unspecified vectors, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26914474.
by Google Security Research
CVSS 9.8
CVE-2016-0846 EXPLOITDB HIGH text VERIFIED
Android <4.4.4, <5.0.2, <5.1.1, <2016-04-01 - Privilege Escalation
libs/binder/IMemory.cpp in the IMemory Native Interface in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-04-01 does not properly consider the heap size, which allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 26877992.
by Google Security Research
CVSS 8.4
CVE-2025-34115 EXPLOITDB HIGH text VERIFIED
OP5 Monitor <7.1.9 - Command Injection
An authenticated command injection vulnerability exists in OP5 Monitor through version 7.1.9 via the 'cmd_str' parameter in the command_test.php endpoint. A user with access to the web interface can exploit the 'Test this command' feature to execute arbitrary shell commands as the unprivileged web application user. The vulnerability resides in the configuration section of the application and requires valid login credentials with access to the command testing functionality. This issue is fixed in version 7.2.0.
by hyp3rlinx
EIP-2026-101922 EXPLOITDB text
PLANET Technology IP Surveillance Cameras - Multiple Vulnerabilities
by Orwelllabs
CVE-2015-7378 EXPLOITDB HIGH text
Watchguard Panda Url Filtering - Incorrect Default Permissions
Panda Security URL Filtering before 4.3.1.9 uses a weak ACL for the "Panda Security URL Filtering" directory and installed files, which allows local users to gain SYSTEM privileges by modifying Panda_URL_Filteringb.exe.
by Kyriakos Economou
CVSS 7.8
CVE-2016-3943 EXPLOITDB HIGH text
Panda Endpoint Administration Agent <7.50.00 - Privilege Escalation
Panda Endpoint Administration Agent before 7.50.00, as used in Panda Security for Business products for Windows, uses a weak ACL for the Panda Security/WaAgent directory and sub-directories, which allows local users to gain SYSTEM privileges by modifying an executable module.
by Kyriakos Economou
CVSS 7.8
EIP-2026-112308 EXPLOITDB text
SocialEngine 4.8.9 - SQL Injection
by High-Tech Bridge SA
CVE-2016-3672 EXPLOITDB HIGH text
Linux kernel <4.5.2 - Privilege Escalation
The arch_pick_mmap_layout function in arch/x86/mm/mmap.c in the Linux kernel through 4.5.2 does not properly randomize the legacy base address, which makes it easier for local users to defeat the intended restrictions on the ADDR_NO_RANDOMIZE flag, and bypass the ASLR protection mechanism for a setuid or setgid program, by disabling stack-consumption resource limits.
by Hector Marco & Ismael Ripoll
CVSS 7.8
EIP-2026-102456 EXPLOITDB text
Asbru Web Content Management System 9.2.7 - Multiple Vulnerabilities
by LiquidWorm
CVE-2014-4113 EXPLOITDB HIGH text
Microsoft Windows - Privilege Escalation
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via a crafted application, as exploited in the wild in October 2014, aka "Win32k.sys Elevation of Privilege Vulnerability."
by MWR InfoSecurity
CVSS 7.8
EIP-2026-102497 EXPLOITDB text
ManageEngine Password Manager Pro 8102 to 8302 - Multiple Vulnerabilities
by S3ba
EIP-2026-101928 EXPLOITDB text
PQI Air Pen Express 6W51-0000R2/6W51-0000R2XXX - Multiple Vulnerabilities
by Orwelllabs
CVE-2016-0094 EXPLOITDB HIGH text VERIFIED
Microsoft Windows 10 - Access Control
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0093, CVE-2016-0095, and CVE-2016-0096.
by Nils Sommer
CVSS 7.8
CVE-2016-0093 EXPLOITDB HIGH text VERIFIED
Microsoft Windows 10 - Access Control
The kernel-mode driver in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Win32k Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0094, CVE-2016-0095, and CVE-2016-0096.
by Nils Sommer
CVSS 7.8
EIP-2026-104667 EXPLOITDB text VERIFIED
PHP 5.5.33 - Invalid Memory Write
by vah_13
CVE-2015-8048 EXPLOITDB text VERIFIED
Adobe Flash Player <18.0.0.268, 19.x, 20.x - RCE
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8426, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454.
by Google Security Research
CVE-2015-8426 EXPLOITDB text VERIFIED
Adobe Flash Player <18.0.0.268, 19.x, 20.x - Use After Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.268 and 19.x and 20.x before 20.0.0.228 on Windows and OS X and before 11.2.202.554 on Linux, Adobe AIR before 20.0.0.204, Adobe AIR SDK before 20.0.0.204, and Adobe AIR SDK & Compiler before 20.0.0.204 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8048, CVE-2015-8049, CVE-2015-8050, CVE-2015-8055, CVE-2015-8056, CVE-2015-8057, CVE-2015-8058, CVE-2015-8059, CVE-2015-8061, CVE-2015-8062, CVE-2015-8063, CVE-2015-8064, CVE-2015-8065, CVE-2015-8066, CVE-2015-8067, CVE-2015-8068, CVE-2015-8069, CVE-2015-8070, CVE-2015-8071, CVE-2015-8401, CVE-2015-8402, CVE-2015-8403, CVE-2015-8404, CVE-2015-8405, CVE-2015-8406, CVE-2015-8410, CVE-2015-8411, CVE-2015-8412, CVE-2015-8413, CVE-2015-8414, CVE-2015-8420, CVE-2015-8421, CVE-2015-8422, CVE-2015-8423, CVE-2015-8424, CVE-2015-8425, CVE-2015-8427, CVE-2015-8428, CVE-2015-8429, CVE-2015-8430, CVE-2015-8431, CVE-2015-8432, CVE-2015-8433, CVE-2015-8434, CVE-2015-8435, CVE-2015-8436, CVE-2015-8437, CVE-2015-8441, CVE-2015-8442, CVE-2015-8447, CVE-2015-8448, CVE-2015-8449, CVE-2015-8450, CVE-2015-8452, and CVE-2015-8454.
by Google Security Research
CVE-2015-5574 EXPLOITDB text VERIFIED
Adobe Flash Player <18.0.0.241, 19.x <19.0.0.185 - RCE
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.241 and 19.x before 19.0.0.185 on Windows and OS X and before 11.2.202.521 on Linux, Adobe AIR before 19.0.0.190, Adobe AIR SDK before 19.0.0.190, and Adobe AIR SDK & Compiler before 19.0.0.190 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5570, CVE-2015-5581, CVE-2015-5584, and CVE-2015-6682.
by Google Security Research
EIP-2026-100024 EXPLOITDB text VERIFIED
Google Android - 'ih264d_process_intra_mb' Memory Corruption
by Google Security Research
EIP-2026-103739 EXPLOITDB text VERIFIED
Wireshark - dissect_pktc_rekey Heap Out-of-Bounds Read
by Google Security Research
CVE-2016-0784 EXPLOITDB MEDIUM text
Apache OpenMeetings <3.1.1 - Path Traversal
Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry.
by Andreas Lindh
CVSS 6.5
EIP-2026-106274 EXPLOITDB text VERIFIED
CubeCart 6.0.10 - Multiple Vulnerabilities
by High-Tech Bridge SA
By Source
All 31,330 Writeup 59,903 Exploitdb 49,989 Nomisec 21,538 Metasploit 3,218 Github 2,542 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,330 python 5,924 ruby 5,907 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 53 postscript 25 xml 24