Text Exploits

31,392 exploits tracked across all sources.

Sort: Activity Stars
CVE-2016-0954 EXPLOITDB CRITICAL text VERIFIED
Adobe Digital Editions <4.5.1 - Memory Corruption
Adobe Digital Editions before 4.5.1 allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
by Pier-Luc Maltais
CVSS 9.8
EIP-2026-114350 EXPLOITDB text
WordPress Theme SiteMile Project 2.0.9.5 - Multiple Vulnerabilities
by LSE Leading Security Experts GmbH
CVE-2016-3134 EXPLOITDB HIGH text VERIFIED
SUSE Linux Enterprise - Heap Memory Corruption via netfilter IPT_SO_SET_REPLACE
The netfilter subsystem in the Linux kernel through 4.5.2 does not validate certain offset fields, which allows local users to gain privileges or cause a denial of service (heap memory corruption) via an IPT_SO_SET_REPLACE setsockopt call.
by Google Security Research
CVSS 8.4
CVE-2015-7566 EXPLOITDB MEDIUM text
Linux Kernel < 4.4.1 - Denial of Service via USB Device Without Bulk-Out Endpoint
The clie_5_attach function in drivers/usb/serial/visor.c in the Linux kernel through 4.4.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a bulk-out endpoint.
by OpenSource Security
CVSS 4.6
CVE-2016-2782 EXPLOITDB MEDIUM text
Linux Kernel < 4.5 - Denial of Service via USB Device with Missing Endpoints
The treo_attach function in drivers/usb/serial/visor.c in the Linux kernel before 4.5 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by inserting a USB device that lacks a (1) bulk-in or (2) interrupt-in endpoint.
by OpenSource Security
CVSS 4.6
CVE-2016-3139 EXPLOITDB MEDIUM text
Linux Kernel < 3.17 - Denial of Service via Wacom USB Device Descriptor
The wacom_probe function in drivers/input/tablet/wacom_sys.c in the Linux kernel before 3.17 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
by OpenSource Security
CVSS 4.6
CVE-2016-3136 EXPLOITDB MEDIUM text
Linux Kernel < 4.5.1 - Denial of Service via Crafted USB Device
The mct_u232_msr_to_state function in drivers/usb/serial/mct_u232.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device without two interrupt-in endpoint descriptors.
by OpenSource Security
CVSS 4.6
CVE-2016-3140 EXPLOITDB MEDIUM text
Linux Kernel < 4.5.1 - Denial of Service via Crafted USB Device Descriptor
The digi_port_init function in drivers/usb/serial/digi_acceleport.c in the Linux kernel before 4.5.1 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted endpoints value in a USB device descriptor.
by OpenSource Security
CVSS 4.6
EIP-2026-102658 EXPLOITDB text
Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - 'cypress_m8' Nullpointer Dereference
by OpenSource Security
EIP-2026-102657 EXPLOITDB text
Linux Kernel 3.10.0 (CentOS / RHEL 7.1) - 'cdc_acm' Nullpointer Dereference
by OpenSource Security
CVE-2015-7515 EXPLOITDB MEDIUM text
Linux Kernel < 4.4 - Denial of Service via Crafted USB Device in Aiptek Tablet Driver
The aiptek_probe function in drivers/input/tablet/aiptek.c in the Linux kernel before 4.4 allows physically proximate attackers to cause a denial of service (NULL pointer dereference and system crash) via a crafted USB device that lacks endpoints.
by OpenSource Security
CVSS 4.6
CVE-2016-3986 EXPLOITDB HIGH text VERIFIED
Avast - Memory Corruption/Code Injection
Avast allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a crafted PE file, related to authenticode parsing.
by Google Security Research
CVSS 7.8
EIP-2026-103748 EXPLOITDB text VERIFIED
Wireshark - wtap_optionblock_free Use-After-Free
by Google Security Research
CVE-2006-0887 EXPLOITDB text
PHPLib < 7.4a - Remote Code Execution via Base64-Encoded Cookie
Eval injection vulnerability in sessions.inc in PHP Base Library (PHPLib) before 7.4a, when index.php3 from the PHPLib distribution is available on the server, allows remote attackers to execute arbitrary PHP code by including a base64-encoded representation of the code in a cookie. NOTE: this description was significantly updated on 20060605 to reflect new details after an initial vague advisory.
by GulfTech Security
EIP-2026-113611 EXPLOITDB text
WordPress Plugin Bulk Delete 5.5.3 - Privilege Escalation
by Panagiotis Vagenas
CVE-2016-2278 EXPLOITDB HIGH text
Schneider Electric Struxureware Building Operations Automation Server < 1.7 - Authenticated OS Command Execution
Schneider Electric Struxureware Building Operations Automation Server AS 1.7 and earlier and AS-P 1.7 and earlier allows remote authenticated administrators to execute arbitrary OS commands by defeating an msh (aka Minimal Shell) protection mechanism.
by Karn Ganeshen
CVSS 7.2
EIP-2026-119652 EXPLOITDB text
Secret Net 7 and Secret Net Studio 8 - Local Privilege Escalation
by Cr4sh
EIP-2026-116065 EXPLOITDB text VERIFIED
PictureTrails Photo Editor GE.exe 2.0.0 - '.bmp' Crash (PoC)
by redknight99
CVE-2006-1127 EXPLOITDB text
Gallery 2 up to 2.0.2 - Cross-Site Scripting via X-Forwarded-For Header
Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album.
by GulfTech Security
CVE-2016-20067 EXPLOITDB MEDIUM text
WordPress CP Polls 1.0.8 Cross-Site Request Forgery
WordPress CP Polls 1.0.8 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions on behalf of authenticated users. Attackers can craft malicious HTML pages that execute unwanted poll operations when administrators visit the page while logged in.
by i0akiN SEC-LABORATORY
CVSS 4.3
CVE-2016-20066 EXPLOITDB HIGH text
WordPress CP Polls 1.0.8 Persistent Cross-Site Scripting
WordPress CP Polls 1.0.8 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts through unsanitized file upload functionality. Attackers can upload files containing script payloads with event handlers like onerror attributes to execute arbitrary JavaScript in the browsers of users viewing the affected content.
by i0akiN SEC-LABORATORY
CVSS 7.2
EIP-2026-117006 EXPLOITDB text
Crouzet em4 soft 1.1.04 / M3 soft 3.1.2.0 - Insecure File Permissions
by LiquidWorm
EIP-2026-116498 EXPLOITDB text
Viscomsoft Calendar Active-X 2.0 - Multiple Crashes (PoC)
by Shantanu Khandelwal
EIP-2026-115107 EXPLOITDB text
Crouzet em4 soft 1.1.04 - '.pm4' Integer Division By Zero
by LiquidWorm
CVE-2016-20083 EXPLOITDB MEDIUM text
WordPress More Fields Plugin 2.1 Cross-Site Request Forgery
WordPress More Fields Plugin 2.1 contains a cross-site request forgery vulnerability that allows attackers to perform unauthorized actions by disabling CSRF token validation. Attackers can craft malicious web pages that trick logged-in administrators into adding or deleting custom fields and boxes on the Write/Edit page via POST and GET requests to the options-general.php endpoint.
by Aatif Shahdad
CVSS 5.3