Text Exploits

31,330 exploits tracked across all sources.

Sort: Activity Stars
CVE-2016-15044 EXPLOITDB CRITICAL text
Kaltura <11.1.0-2 - Code Injection
A remote code execution vulnerability exists in Kaltura versions prior to 11.1.0-2 due to unsafe deserialization of user-controlled data within the keditorservices module. An unauthenticated remote attacker can exploit this issue by sending a specially crafted serialized PHP object in the kdata GET parameter to the redirectWidgetCmd endpoint. Successful exploitation leads to execution of arbitrary PHP code in the context of the web server process.
by Security-Assessment.com
CVE-2015-7563 EXPLOITDB HIGH text VERIFIED
TeamPass <2.1.24 - CSRF
Cross-site request forgery (CSRF) vulnerability in TeamPass 2.1.24 and earlier allows remote attackers to hijack the authentication of an authenticated user.
by Vincent Malguy
CVSS 8.8
CVE-2015-7562 EXPLOITDB MEDIUM text VERIFIED
TeamPass <2.1.24 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.
by Vincent Malguy
CVSS 6.1
CVE-2016-0120 EXPLOITDB MEDIUM text VERIFIED
Microsoft Windows 10 - Improper Input Validation
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to cause a denial of service (system hang) via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."
by Google Security Research
CVSS 6.5
CVE-2016-0121 EXPLOITDB HIGH text VERIFIED
Microsoft Windows 10 - Improper Input Validation
The Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."
by Google Security Research
CVSS 8.8
EIP-2026-114062 EXPLOITDB text VERIFIED
WordPress Plugin Site Import 1.0.1 - Local/Remote File Inclusion
by Wadeek
CVE-2015-7564 EXPLOITDB CRITICAL text VERIFIED
TeamPass <2.1.24 - SQL Injection
Multiple SQL injection vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in an action_on_quick_icon action to item.query.php or the (2) order or (3) direction parameter in an (a) connections_logs, (b) errors_logs or (c) access_logs action to view.query.php.
by Vincent Malguy
CVSS 9.8
CVE-2016-2184 EXPLOITDB MEDIUM text
Linux Kernel < 4.5.0 - Denial of Service
The create_fixed_stream_quirk function in sound/usb/quirks.c in the snd-usb-audio driver in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference or double free, and system crash) via a crafted endpoints value in a USB device descriptor.
by OpenSource Security
CVSS 4.6
CVE-2016-2188 EXPLOITDB MEDIUM text
Novell Suse Linux Enterprise Software... - Denial of Service
The iowarrior_probe function in drivers/usb/misc/iowarrior.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
by OpenSource Security
CVSS 4.6
CVE-2016-10997 EXPLOITDB MEDIUM text
Yourinspirationweb Beauty-premium - CSRF
The beauty-premium theme 1.0.8 for WordPress has CSRF with resultant arbitrary file upload in includes/sendmail.php.
by Colette Chamberland
CVSS 6.5
EIP-2026-113700 EXPLOITDB text
WordPress Plugin DZS Videogallery < 8.60 - Multiple Vulnerabilities
by Colette Chamberland
EIP-2026-115941 EXPLOITDB text VERIFIED
Nitro Pro 10.5.7.32 / Nitro Reader 5.5.3.1 - Heap Memory Corruption
by Francis Provencher
EIP-2026-114204 EXPLOITDB text
WordPress Plugin WP Advanced Comment 0.10 - Persistent Cross-Site Scripting
by Mohammad Khaleghi
EIP-2026-113593 EXPLOITDB text
WordPress Plugin Best Web Soft Captcha 4.1.5 - Multiple Vulnerabilities
by Colette Chamberland
CVE-2016-2563 EXPLOITDB CRITICAL text
9bis Kitty < 0.66.6.3 - Memory Corruption
Stack-based buffer overflow in the SCP command-line utility in PuTTY before 0.67 and KiTTY 0.66.6.3 and earlier allows remote servers to cause a denial of service (stack memory corruption) or execute arbitrary code via a crafted SCP-SINK file-size response to an SCP download request.
by tintinweb
CVSS 9.8
CVE-2016-1531 EXPLOITDB HIGH text VERIFIED
Exim <4.86.2 - Privilege Escalation
Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
by Dawid Golunski
CVSS 7.0
CVE-2016-0954 EXPLOITDB CRITICAL text VERIFIED
Adobe Digital Editions <4.5.1 - Memory Corruption
Adobe Digital Editions before 4.5.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
by Pier-Luc Maltais
CVSS 9.8
EIP-2026-114350 EXPLOITDB text
WordPress Theme SiteMile Project 2.0.9.5 - Multiple Vulnerabilities
by LSE Leading Security Experts GmbH
CVE-2016-3134 EXPLOITDB HIGH text VERIFIED
Novell Suse Linux Enterprise Software... - Memory Corruption
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
by Google Security Research
CVSS 8.4
CVE-2015-7566 EXPLOITDB MEDIUM text
Linux kernel <4.4.1 - DoS
The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
by OpenSource Security
CVSS 4.6
CVE-2016-2782 EXPLOITDB MEDIUM text
Linux Kernel < 4.5.0 - NULL Pointer Dereference
The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.
by OpenSource Security
CVSS 4.6
CVE-2016-3139 EXPLOITDB MEDIUM text
Novell Suse Linux Enterprise Software... - Denial of Service
The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
by OpenSource Security
CVSS 4.6
CVE-2016-3136 EXPLOITDB MEDIUM text
Linux Kernel < 4.5.0 - Denial of Service
The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.
by OpenSource Security
CVSS 4.6
CVE-2016-3140 EXPLOITDB MEDIUM text
Canonical Ubuntu Linux < 4.5.0 - Denial of Service
The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
by OpenSource Security
CVSS 4.6
EIP-2026-102658 EXPLOITDB text
Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - 'cypress_m8' Nullpointer Dereference
by OpenSource Security
By Source
All 31,330 Writeup 59,917 Exploitdb 49,989 Nomisec 21,538 Metasploit 3,218 Github 2,548 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,330 python 5,930 ruby 5,907 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 53 postscript 25 xml 24