Text Exploits

31,392 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-115114 EXPLOITDB text
CyberCop Scanner Smbgrind 5.5 - Buffer Overflow (PoC)
by hyp3rlinx
EIP-2026-113560 EXPLOITDB text
WordPress Plugin ALO EasyMail NewsLetter 2.6.01 - Cross-Site Request Forgery
by Mohsen Lotfi
EIP-2026-111144 EXPLOITDB text
phpMyBackupPro 2.5 - Remote Command Execution / Cross-Site Request Forgery
by hyp3rlinx
EIP-2026-104326 EXPLOITDB text
ManageEngine OPutils 8.0 - Multiple Vulnerabilities
by Kaustubh G. Padwad
EIP-2026-104324 EXPLOITDB text
ManageEngine Network Configuration Management Build 11000 - Privilege Escalation
by Kaustubh G. Padwad
CVE-2015-7547 EXPLOITDB HIGH text VERIFIED
GNU C Library <2.23 - Buffer Overflow
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
by Google Security Research
CVSS 8.1
CVE-2016-0049 EXPLOITDB MEDIUM text VERIFIED
Microsoft Windows Kerberos - Authentication Bypass via Crafted KDC
Kerberos in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 does not properly validate password changes, which allows remote attackers to bypass authentication by deploying a crafted Key Distribution Center (KDC) and then performing a sign-in action, aka "Windows Kerberos Security Feature Bypass."
by Nabeel Ahmed
CVSS 6.2
EIP-2026-114893 EXPLOITDB text
Alternate Pic View 2.150 - '.pgm' Crash (PoC)
by Shantanu Khandelwal
EIP-2026-112700 EXPLOITDB text
Tiny Tiny RSS - Blind SQL Injection
by Kacper Szurek
CVE-2018-4878 EXPLOITDB HIGH text
Adobe Flash Player < 28.0.0.161 - Use-After-Free in Primetime SDK Media Player Listener Handling
A use-after-free vulnerability was discovered in Adobe Flash Player before 28.0.0.161. This vulnerability occurs due to a dangling pointer in the Primetime SDK related to media player handling of listener objects. A successful attack can lead to arbitrary code execution. This was exploited in the wild in January and February 2018.
by smgorelik
CVSS 7.8
EIP-2026-102450 EXPLOITDB text
File Replication Pro 7.2.0 - Multiple Vulnerabilities
by Vantage Point Security
CVE-2015-7570 EXPLOITDB HIGH text
Yeager CMS 1.2.1 - Server-Side Request Forgery via dbhost Parameter
Multiple server-side request forgery (SSRF) vulnerabilities in Yeager CMS 1.2.1 allow remote attackers to trigger outbound requests and enumerate open ports via the dbhost parameter to libs/org/adodb_lite/tests/test_adodb_lite.php, libs/org/adodb_lite/tests/test_datadictionary.php, or libs/org/adodb_lite/tests/test_adodb_lite_sessions.php.
by SEC Consult
CVSS 7.2
CVE-2015-7569 EXPLOITDB HIGH text
Yeager CMS 1.2.1 - SQL Injection via pagedir_orderby Parameter
SQL injection vulnerability in "yeager/y.php/tab_USERLIST" in Yeager CMS 1.2.1 allows local users to execute arbitrary SQL commands via the "pagedir_orderby" parameter.
by SEC Consult
CVSS 8.8
CVE-2015-7568 EXPLOITDB CRITICAL text
Yeager CMS 1.2.1 - SQL Injection via Password Recovery UserEmail Parameter
SQL injection vulnerability in the password recovery feature in Yeager CMS 1.2.1 allows remote attackers to change the account credentials of known users via the "userEmail" parameter.
by SEC Consult
CVSS 9.8
CVE-2015-7567 EXPLOITDB CRITICAL text
Yeager CMS 1.2.1 - SQL Injection via Password Reset Token Parameter
SQL injection vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary SQL commands via the "passwordreset&token" parameter.
by SEC Consult
CVSS 9.8
CVE-2015-7571 EXPLOITDB HIGH text
Yeager CMS 1.2.1 - Unrestricted File Upload
Unrestricted file upload vulnerability in Yeager CMS 1.2.1 allows remote attackers to execute arbitrary code by uploading a file with an executable extension.
by SEC Consult
CVSS 7.8
EIP-2026-119664 EXPLOITDB text
Wieland wieplan 4.1 - Document Parsing Java Code Execution Using XMLDecoder
by LiquidWorm
CVE-2016-0956 EXPLOITDB HIGH text VERIFIED
Apache Sling 2.3.6 - Info Disclosure
The Servlets Post component 2.3.6 in Apache Sling, as used in Adobe Experience Manager 5.6.1, 6.0.0, and 6.1.0, allows remote attackers to obtain sensitive information via unspecified vectors.
by Vulnerability-Lab
CVSS 7.5
EIP-2026-116083 EXPLOITDB text VERIFIED
PotPlayer 1.6.5x - '.mp3' Crash (PoC)
by Shantanu Khandelwal
CVE-2016-0952 EXPLOITDB CRITICAL text VERIFIED
Adobe Photoshop CC <15.2.4 & Bridge CC <6.2 - Memory Corruption
Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0951 and CVE-2016-0953.
by Francis Provencher
CVSS 9.8
CVE-2016-0951 EXPLOITDB CRITICAL text VERIFIED
Adobe Photoshop CC <15.2.4 & Bridge CC <6.2 - Memory Corruption
Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0952 and CVE-2016-0953.
by Francis Provencher
CVSS 9.8
CVE-2016-0953 EXPLOITDB CRITICAL text VERIFIED
Adobe Photoshop CC <15.2.4 & Bridge CC <6.2 - Memory Corruption
Adobe Photoshop CC 2014 before 15.2.4, Photoshop CC 2015 before 16.1.2, and Bridge CC before 6.2 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-0951 and CVE-2016-0952.
by Francis Provencher
CVSS 9.8
CVE-2016-20070 EXPLOITDB MEDIUM text
WordPress Booking Calendar Contact Form 1.0.23 Privilege Escalation Stored XSS
WordPress Booking Calendar Contact Form 1.0.23 contains privilege escalation and stored cross-site scripting vulnerabilities that allow authenticated users to modify plugin options and inject malicious scripts by failing to verify user privileges and sanitize input parameters. Attackers with subscriber-level accounts can inject XSS payloads through parameters like price, name, calendar_language, and email_confirmation_to_user via admin-ajax.php and admin.php endpoints to execute arbitrary JavaScript in administrator browsers.
by i0akiN SEC-LABORATORY
CVSS 6.4
CVE-2016-20069 EXPLOITDB HIGH text
WordPress Booking Calendar Contact Form 1.0.23 SQL Injection
WordPress Booking Calendar Contact Form 1.0.23 contains an unauthenticated blind SQL injection vulnerability in the shortcode function that fails to sanitize the calendar parameter before using it in database queries. Attackers can inject SQL commands through the calendar shortcode parameter to execute arbitrary SQL queries and extract sensitive database information.
by i0akiN SEC-LABORATORY
CVSS 8.2
CVE-2016-20068 EXPLOITDB HIGH text
WordPress Booking Calendar Contact Form 1.0.23 SQL Injection
WordPress Booking Calendar Contact Form version 1.0.23 contains an unauthenticated blind SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' parameter. Attackers can send requests to the admin-ajax.php endpoint with the action parameter set to 'dex_bccf_calendar_ajaxevent' and supply crafted SQL commands in the 'id' parameter to extract sensitive database information.
by i0akiN SEC-LABORATORY
CVSS 8.2