Text Exploits

31,392 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114157 EXPLOITDB text
WordPress Plugin User Meta Manager 3.4.6 - Information Disclosure
by Panagiotis Vagenas
EIP-2026-104225 EXPLOITDB text
dotDefender Firewall 5.00.12865/5.13-13282 - Cross-Site Request Forgery
by hyp3rlinx
EIP-2026-103391 EXPLOITDB text VERIFIED
Adobe Flash - Processing AVC Causes Stack Corruption
by Google Security Research
EIP-2026-102424 EXPLOITDB text VERIFIED
Solr 3.5.0 - Arbitrary Data Deletion
by N37
EIP-2026-100047 EXPLOITDB text VERIFIED
Samsung Galaxy S6 - libQjpeg je_free Crash
by Google Security Research
EIP-2026-100046 EXPLOITDB text VERIFIED
Samsung Galaxy S6 - 'android.media.process' 'MdConvertLine' Face Recognition Memory Corruption
by Google Security Research
CVE-2016-1524 EXPLOITDB CRITICAL text
NETGEAR Management System NMS300 <1.5.0.11 - RCE
Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using (1) fileUpload.do or (2) lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for a /null URI.
by Pedro Ribeiro
CVSS 9.6
CVE-2016-0861 EXPLOITDB HIGH text VERIFIED
General Electric GE Industrial Solutions UPS SNMP/Web Adapter <4.8 ...
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to execute arbitrary commands via unspecified vectors.
by Karn Ganeshen
CVSS 8.8
CVE-2015-7246 EXPLOITDB CRITICAL text
D-Link DVG-N5402SP Firmware W1000CN-00, W1000CN-03, W2000EN-00 - Use of Hard-coded Credentials
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 has a default password of root for the root account and tw for the tw account, which makes it easier for remote attackers to obtain administrative access.
by Karn Ganeshen
CVSS 9.8
CVE-2015-7245 EXPLOITDB HIGH text
D-Link DVG-N5402SP Firmware W1000CN-00, W1000CN-03, W2000EN-00 - Path Traversal via Errorpage Parameter
Directory traversal vulnerability in D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 allows remote attackers to read sensitive information via a .. (dot dot) in the errorpage parameter.
by Karn Ganeshen
CVSS 7.5
EIP-2026-114158 EXPLOITDB text
WordPress Plugin User Meta Manager 3.4.6 - Privilege Escalation
by Panagiotis Vagenas
EIP-2026-114156 EXPLOITDB text
WordPress Plugin User Meta Manager 3.4.6 - Blind SQL Injection
by Panagiotis Vagenas
EIP-2026-112866 EXPLOITDB text VERIFIED
UliCMS v9.8.1 - SQL Injection
by Manuel García Cárdenas
EIP-2026-112524 EXPLOITDB text
Symphony CMS 2.6.3 - Multiple SQL Injections
by Sachin Wagh
EIP-2026-110285 EXPLOITDB text
OpenDocMan 1.3.4 - Cross-Site Request Forgery
by Curesec Research Team
EIP-2026-105292 EXPLOITDB text
ATutor 2.2 - Multiple Cross-Site Scripting Vulnerabilities
by Curesec Research Team
CVE-2016-1525 EXPLOITDB HIGH text
NETGEAR Management System NMS300 <1.5.0.11 - Path Traversal
Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter.
by Pedro Ribeiro
CVSS 8.6
CVE-2016-0862 EXPLOITDB MEDIUM text VERIFIED
General Electric GE Industrial Solutions UPS SNMP/Web Adapter <4.8 ...
General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors.
by Karn Ganeshen
CVSS 6.5
CVE-2015-7247 EXPLOITDB CRITICAL text
D-Link DVG-N5402SP Firmware W1000CN-00, W1000CN-03, W2000EN-00 - Sensitive Information Exposure
D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information.
by Karn Ganeshen
CVSS 9.8
EIP-2026-112691 EXPLOITDB text
TimeClock Software 0.995 - (Authenticated ) Multiple SQL Injections
by Benetrix
CVE-2014-2045 EXPLOITDB MEDIUM text
Viprinet Multichannel VPN Router 300 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool.
by Portcullis
CVSS 6.1
CVE-2015-4594 EXPLOITDB CRITICAL text
eClinicalWorks Population Health - Session Fixation
eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID.
by Jerold Hoong
CVSS 9.8
CVE-2015-4592 EXPLOITDB HIGH text
eClinicalWorks Population Health - Authenticated SQL Injection via portalUserService.jsp
eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input.
by Jerold Hoong
CVSS 8.8
CVE-2015-4591 EXPLOITDB MEDIUM text
eClinicalWorks Population Health - Unauthenticated Stored Cross-Site Scripting via strMessage Parameter
eClinicalWorks Population Health (CCMR) suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter.
by Jerold Hoong
CVSS 6.1
EIP-2026-104319 EXPLOITDB text
Manage Engine Network Configuration Manager Build 11000 - Cross-Site Request Forgery
by Kaustubh G. Padwad