Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-103739 EXPLOITDB text VERIFIED
Wireshark - dissect_pktc_rekey Heap Out-of-Bounds Read
by Google Security Research
CVE-2016-0784 EXPLOITDB MEDIUM text
Apache OpenMeetings <3.1.1 - Path Traversal
Directory traversal vulnerability in the Import/Export System Backups functionality in Apache OpenMeetings before 3.1.1 allows remote authenticated administrators to write to arbitrary files via a .. (dot dot) in a ZIP archive entry.
by Andreas Lindh
CVSS 6.5
EIP-2026-106274 EXPLOITDB text VERIFIED
CubeCart 6.0.10 - Multiple Vulnerabilities
by High-Tech Bridge SA
CVE-2016-1769 EXPLOITDB HIGH text VERIFIED
Apple OS X <10.11.4 - Memory Corruption
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Photoshop file.
by Francis Provencher
CVSS 7.8
CVE-2016-1768 EXPLOITDB HIGH text VERIFIED
Apple OS X <10.11.4 - Memory Corruption
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1767.
by Francis Provencher
CVSS 7.8
CVE-2016-1767 EXPLOITDB HIGH text VERIFIED
QuickTime <10.11.4 - Memory Corruption
QuickTime in Apple OS X before 10.11.4 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted FlashPix image, a different vulnerability than CVE-2016-1768.
by Francis Provencher
CVSS 7.8
CVE-2016-2385 EXPLOITDB CRITICAL text
Debian Linux < 4.3.4 - Memory Corruption
Heap-based buffer overflow in the encode_msg function in encode_msg.c in the SEAS module in Kamailio (formerly OpenSER and SER) before 4.3.5 allows remote attackers to cause a denial of service (memory corruption and process crash) or possibly execute arbitrary code via a large SIP packet.
by Stelios Tsampas
CVSS 9.8
CVE-2015-3864 EXPLOITDB text
Android < 5.1.1 - Remote Code Execution via Crafted MPEG-4 Data
Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3824.
by NorthBit
CVE-2016-0998 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <18.0.0.333 & 19.x-21.x - Use After Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0999, and CVE-2016-1000.
by Google Security Research
CVSS 8.8
EIP-2026-104306 EXPLOITDB text
Liferay Portal 5.1.2 - Persistent Cross-Site Scripting
by Sarim Kiani
EIP-2026-102837 EXPLOITDB text VERIFIED
FireEye - Malware Input Processor Privilege Escalation
by Google Security Research
EIP-2026-100022 EXPLOITDB text VERIFIED
Android One - mt_wifi IOCTL_GET_STRUCT Privilege Escalation
by Google Security Research
CVE-2016-20078 EXPLOITDB MEDIUM text VERIFIED
WordPress IMDb Profile Widget 1.0.8 Local File Inclusion via pic.php
WordPress IMDb Profile Widget 1.0.8 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by manipulating the url parameter. Attackers can supply directory traversal sequences in GET requests to pic.php to access sensitive files like wp-config.php containing database credentials and configuration data.
by CrashBandicot
CVSS 6.2
CVE-2016-20077 EXPLOITDB MEDIUM text VERIFIED
WordPress Plugin Photocart Link 1.6 Local File Inclusion via decode.php
WordPress Plugin Photocart Link 1.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting insufficient input validation in decode.php. Attackers can supply base64-encoded file paths in the 'id' parameter to the decode.php endpoint to retrieve sensitive files like wp-config.php containing database credentials and configuration data.
by CrashBandicot
CVSS 6.2
EIP-2026-102080 EXPLOITDB text
Trend Micro Deep Discovery Inspector 3.8/3.7 - Cross-Site Request Forgery
by hyp3rlinx
EIP-2026-118380 EXPLOITDB text VERIFIED
Comodo AntiVirus - Forwards Emulated API Calls to the Real API During Scans
by Google Security Research
EIP-2026-115070 EXPLOITDB text VERIFIED
Comodo AntiVirus - Heap Overflow in LZX Decompression
by Google Security Research
EIP-2026-115069 EXPLOITDB text VERIFIED
Comodo - PackMan Unpacker Insufficient Parameter Validation
by Google Security Research
EIP-2026-115068 EXPLOITDB text VERIFIED
Comodo - LZMA Decoder Heap Overflow via Insufficient Parameter Checks
by Google Security Research
EIP-2026-115067 EXPLOITDB text VERIFIED
Comodo - Integer Overlow Leading to Heap Overflow Parsing Composite Documents
by Google Security Research
EIP-2026-115066 EXPLOITDB text VERIFIED
Comodo - Integer Overflow Leading to Heap Overflow in Win32 Emulation
by Google Security Research
EIP-2026-114962 EXPLOITDB text VERIFIED
Avira - Heap Underflow Parsing PE Section Headers
by Google Security Research
CVE-2016-1001 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player < 18.0.0.333, 19.x-21.x < 21.0.0.182 - Remote Code Execution
Heap-based buffer overflow in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors.
by Google Security Research
CVSS 8.8
CVE-2016-0998 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <18.0.0.333 & 19.x-21.x - Use After Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0999, and CVE-2016-1000.
by Google Security Research
CVSS 8.8
CVE-2016-0997 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <18.0.0.333,19.x-21.x - RCE
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0998, CVE-2016-0999, and CVE-2016-1000.
by Google Security Research
CVSS 8.8