Text Exploits

31,330 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-103622 EXPLOITDB text VERIFIED
pdfium - opj_j2k_read_mcc 'libopenjpeg' Heap Out-of-Bounds Read
by Google Security Research
CVE-2016-0006 EXPLOITDB HIGH text VERIFIED
Microsoft Windows 10 - Access Control
The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which allows local users to gain privileges via a crafted application, aka "Windows Mount Point Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0007.
by Google Security Research
CVSS 7.3
CVE-2016-0007 EXPLOITDB HIGH text VERIFIED
Microsoft Windows 10 - Access Control
The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which allows local users to gain privileges via a crafted application, aka "Windows Mount Point Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0006.
by Google Security Research
CVSS 7.8
CVE-2016-0007 EXPLOITDB HIGH text VERIFIED
Microsoft Windows 10 - Access Control
The sandbox implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandles reparse points, which allows local users to gain privileges via a crafted application, aka "Windows Mount Point Elevation of Privilege Vulnerability," a different vulnerability than CVE-2016-0006.
by Google Security Research
CVSS 7.8
EIP-2026-113602 EXPLOITDB text
WordPress Plugin Booking Calendar Contact Form 1.1.23 - SQL Injection
by i0akiN SEC-LABORATORY
EIP-2026-117727 EXPLOITDB text
Oracle - 'HtmlConverter.exe' Local Buffer Overflow
by hyp3rlinx
CVE-2016-0727 EXPLOITDB HIGH text
NTP Package <4.2.6.p3 - Privilege Escalation via Crontab Script
The crontab script in the ntp package before 1:4.2.6.p3+dfsg-1ubuntu3.11 on Ubuntu 12.04 LTS, before 1:4.2.6.p5+dfsg-3ubuntu2.14.04.10 on Ubuntu 14.04 LTS, on Ubuntu Wily, and before 1:4.2.8p4+dfsg-3ubuntu5.3 on Ubuntu 16.04 LTS allows local users with access to the ntp account to write to arbitrary files and consequently gain privileges via vectors involving statistics directory cleanup.
by halfdog
CVSS 7.8
EIP-2026-116050 EXPLOITDB text
PDF-XChange Viewer 2.5.315.0 - Shading Type 7 Heap Memory Corruption
by Sébastien Morin
CVE-2015-8283 EXPLOITDB MEDIUM text
SeaWell Networks Spectrum SDC <2.05.00 - Path Traversal
Directory traversal vulnerability in configure_manage.php in SeaWell Networks Spectrum SDC 02.05.00.
by Karn Ganeshen
CVSS 6.5
CVE-2015-8282 EXPLOITDB CRITICAL text
SeaWell Networks Spectrum SDC <2.05.00 - Info Disclosure
SeaWell Networks Spectrum SDC 02.05.00 has a default password of "admin" for the "admin" account.
by Karn Ganeshen
CVSS 9.8
EIP-2026-118099 EXPLOITDB text
WEG SuperDrive G2 12.0.0 - Insecure File Permissions
by LiquidWorm
CVE-2015-8284 EXPLOITDB HIGH text
SeaWell Networks Spectrum SDC <2.05.00 - Privilege Escalation
SeaWell Networks Spectrum SDC 02.05.00 allows remote viewer users to perform administrative functions.
by Karn Ganeshen
CVSS 8.8
EIP-2026-104976 EXPLOITDB text
Advanced Electron Forum 1.0.9 - Remote File Inclusion / Cross-Site Request Forgery
by hyp3rlinx
EIP-2026-104975 EXPLOITDB text
Advanced Electron Forum 1.0.9 - Persistent Cross-Site Scripting
by hyp3rlinx
EIP-2026-104974 EXPLOITDB text
Advanced Electron Forum 1.0.9 - Cross-Site Request Forgery
by hyp3rlinx
CVE-2016-10730 EXPLOITDB HIGH text
Zmanda Amanda - Access Control
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path.
by Hacker Fantastic
CVSS 7.8
CVE-2015-8770 EXPLOITDB HIGH text
Roundcube Webmail < 1.0.7 - Path Traversal
Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .. (dot dot) in the _skin parameter to index.php.
by High-Tech Bridge SA
CVSS 7.5
CVE-2015-8356 EXPLOITDB HIGH text
Bitrix mcart.xls <6.5.2 - SQL Injection
Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (3) xls_iblock_section_id, (4) firstRow, (5) titleRow, (6) firstColumn, (7) highestColumn, (8) sku_iblock_id, or (9) xls_iblock_section_id_new parameter to admin/mcart_xls_import_step_2.php.
by High-Tech Bridge SA
CVSS 8.0
EIP-2026-104318 EXPLOITDB text
Manage Engine Applications Manager 12 - Multiple Vulnerabilities
by Bikramaditya Guha
CVE-2016-0015 EXPLOITDB HIGH text VERIFIED
Microsoft Windows 10 - Memory Corruption
DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "DirectShow Heap Corruption Remote Code Execution Vulnerability."
by Google Security Research
CVSS 7.8
CVE-2016-0016 EXPLOITDB HIGH text VERIFIED
Microsoft Windows 10 - Untrusted Search Path
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability."
by Google Security Research
CVSS 7.8
EIP-2026-101274 EXPLOITDB text
FingerTec Fingerprint Reader - Remote Access and Remote Enrolment
by Daniel Lawson
EIP-2026-100987 EXPLOITDB text
Apple watchOS 2 - Crash (PoC)
by Mohammad Reza Espargham
CVE-2015-8634 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player < 18.0.0.268 - Use After Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.
by Google Security Research
CVSS 8.8
CVE-2015-8635 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player < 11.2.202.554 - Use After Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.
by Google Security Research
CVSS 8.8
By Source
All 31,330 Writeup 59,917 Exploitdb 49,989 Nomisec 21,543 Metasploit 3,218 Github 2,549 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,330 python 5,931 ruby 5,907 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 53 postscript 25 xml 24