Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2016-0999 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <18.0.0.333,19.x-21.x - RCE
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-1000.
by Google Security Research
CVSS 8.8
CVE-2016-1000 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player < 18.0.0.333, 19.x-21.x < 21.0.0.182, < 11.2.202.577 - Use-After-Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2016-0987, CVE-2016-0988, CVE-2016-0990, CVE-2016-0991, CVE-2016-0994, CVE-2016-0995, CVE-2016-0996, CVE-2016-0997, CVE-2016-0998, and CVE-2016-0999.
by Google Security Research
CVSS 8.8
CVE-2016-1002 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player Remote Code Execution or DoS via Memory Corruption
Adobe Flash Player before 18.0.0.333 and 19.x through 21.x before 21.0.0.182 on Windows and OS X and before 11.2.202.577 on Linux, Adobe AIR before 21.0.0.176, Adobe AIR SDK before 21.0.0.176, and Adobe AIR SDK & Compiler before 21.0.0.176 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0960, CVE-2016-0961, CVE-2016-0962, CVE-2016-0986, CVE-2016-0989, CVE-2016-0992, and CVE-2016-1005.
by Google Security Research
CVSS 8.8
EIP-2026-104339 EXPLOITDB text
MiCollab 7.0 - SQL Injection
by Goran Tuzovic
CVE-2016-1757 EXPLOITDB HIGH text VERIFIED
Apple iOS <9.3 & OS X <10.11.4 - RCE
Race condition in the kernel in Apple iOS before 9.3 and OS X before 10.11.4 allows attackers to execute arbitrary code in a privileged context via a crafted app.
by Google Security Research
CVSS 7.0
EIP-2026-103735 EXPLOITDB text VERIFIED
Wireshark - dissect_ber_integer Static Out-of-Bounds Write
by Google Security Research
CVE-2016-20081 EXPLOITDB HIGH text VERIFIED
WordPress Plugin HB Audio Gallery Lite 1.0.0 Path Traversal File Download
WordPress Plugin HB Audio Gallery Lite 1.0.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the file_path parameter. Attackers can send requests to the audio-download.php endpoint with directory traversal sequences to access sensitive files like wp-config.php outside the intended gallery directory.
by CrashBandicot
CVSS 7.5
CVE-2016-20080 EXPLOITDB MEDIUM text
WordPress Brandfolder Plugin 3.0 Local File Inclusion via callback.php
WordPress Brandfolder plugin version 3.0 and earlier contains a local file inclusion vulnerability in callback.php that allows unauthenticated attackers to include arbitrary files by manipulating the wp_abspath parameter. Attackers can supply path traversal sequences or remote URLs through the wp_abspath parameter to read sensitive files like wp-config.php or execute remote code.
by AMAR^SHG
CVSS 6.2
CVE-2016-20079 EXPLOITDB MEDIUM text
WordPress Dharma Booking 2.28.3 Local File Inclusion via proccess.php
WordPress Dharma Booking 2.28.3 and earlier contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the gateway parameter. Attackers can supply file paths with directory traversal sequences or null byte injection to the gateway parameter in proccess.php to read sensitive files like configuration and system files.
by AMAR^SHG
CVSS 6.2
EIP-2026-113889 EXPLOITDB text VERIFIED
WordPress Plugin Memphis Document Library 3.1.5 - Arbitrary File Download
by Felipe Molina
EIP-2026-108631 EXPLOITDB text VERIFIED
Joomla! Component Easy Youtube Gallery 1.0.2 - SQL Injection
by Persian Hack Team
CVE-2016-20082 EXPLOITDB MEDIUM text
WordPress Plugin Abtest Local File Inclusion via abtest_admin.php
WordPress Plugin Abtest contains a local file inclusion vulnerability that allows unauthenticated attackers to include arbitrary files by manipulating the action parameter. Attackers can send GET requests to abtest_admin.php with malicious action values to include files from the admin directory and execute arbitrary code.
by CrashBandicot
CVSS 6.2
EIP-2026-114466 EXPLOITDB text
XOOPS 2.5.7.2 - Directory Traversal Bypass
by hyp3rlinx
EIP-2026-114465 EXPLOITDB text
Xoops 2.5.7.2 - Cross-Site Request Forgery (Arbitrary User Deletions)
by hyp3rlinx
EIP-2026-113827 EXPLOITDB text
WordPress Plugin Import CSV 1.0 - Directory Traversal
by Wadeek
EIP-2026-113822 EXPLOITDB text
WordPress Plugin Image Export 1.1.0 - Arbitrary File Disclosure
by AMAR^SHG
EIP-2026-113713 EXPLOITDB text VERIFIED
WordPress Plugin eBook Download 1.1 - Directory Traversal
by Wadeek
EIP-2026-111540 EXPLOITDB text
ProjectSend r582 - Multiple Cross-Site Scripting Vulnerabilities
by Michael Helwig
EIP-2026-108022 EXPLOITDB text VERIFIED
iTop 2.2.1 - Cross-Site Request Forgery
by High-Tech Bridge SA
EIP-2026-106464 EXPLOITDB text
Disc ORGanizer (DORG) - Multiple Vulnerabilities
by SECUPENT
EIP-2026-106366 EXPLOITDB text
Dating Pro Genie 2015.7 - Cross-Site Request Forgery
by High-Tech Bridge SA
EIP-2026-101652 EXPLOITDB text
D-Link DWR-932 Firmware 4.00 - Authentication Bypass
by Saeed reza Zamanian
CVE-2016-0793 EXPLOITDB HIGH text VERIFIED
WildFly <10.0.0.Final - Info Disclosure
Incomplete blacklist vulnerability in the servlet filter restriction mechanism in WildFly (formerly JBoss Application Server) before 10.0.0.Final on Windows allows remote attackers to read the sensitive files in the (1) WEB-INF or (2) META-INF directory via a request that contains (a) lowercase or (b) "meaningless" characters.
by Tal Solomon of Palantir Security
CVSS 7.5
EIP-2026-114610 EXPLOITDB text VERIFIED
ZenPhoto 1.4.11 - Remote File Inclusion
by Curesec Research Team
EIP-2026-111288 EXPLOITDB text
PivotX 2.3.11 - Directory Traversal
by Curesec Research Team