Text Exploits

31,392 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-104975 EXPLOITDB text
Advanced Electron Forum 1.0.9 - Persistent Cross-Site Scripting
by hyp3rlinx
EIP-2026-104974 EXPLOITDB text
Advanced Electron Forum 1.0.9 - Cross-Site Request Forgery
by hyp3rlinx
CVE-2016-10730 EXPLOITDB HIGH text
Amanda 3.3.1 - Privilege Escalation via Amstar --star-path Argument
An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. Amstar is an Amanda Application API script. It should not be run by users directly. It uses star to backup and restore data. It runs binaries with root permissions when parsing the command line argument --star-path.
by Hacker Fantastic
CVSS 7.8
CVE-2015-8770 EXPLOITDB HIGH text
Roundcube Webmail < 1.0.8 and 1.1.x < 1.1.4 - Authenticated Path Traversal via _skin Parameter
Directory traversal vulnerability in the set_skin function in program/include/rcmail_output_html.php in Roundcube before 1.0.8 and 1.1.x before 1.1.4 allows remote authenticated users with certain permissions to read arbitrary files or possibly execute arbitrary code via a .. (dot dot) in the _skin parameter to index.php.
by High-Tech Bridge SA
CVSS 7.5
CVE-2015-8356 EXPLOITDB HIGH text
Bitrix mcart.xls <6.5.2 - SQL Injection
Multiple SQL injection vulnerabilities in the mcart.xls module 6.5.2 and earlier for Bitrix allow remote authenticated users to execute arbitrary SQL commands via the (1) xls_profile parameter to admin/mcart_xls_import.php or the (2) xls_iblock_id, (3) xls_iblock_section_id, (4) firstRow, (5) titleRow, (6) firstColumn, (7) highestColumn, (8) sku_iblock_id, or (9) xls_iblock_section_id_new parameter to admin/mcart_xls_import_step_2.php.
by High-Tech Bridge SA
CVSS 8.0
EIP-2026-104318 EXPLOITDB text
Manage Engine Applications Manager 12 - Multiple Vulnerabilities
by Bikramaditya Guha
CVE-2016-0015 EXPLOITDB HIGH text VERIFIED
Microsoft Windows - Remote Code Execution via Crafted File in DirectShow
DirectShow in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows 10 Gold and 1511 allows remote attackers to execute arbitrary code via a crafted file, aka "DirectShow Heap Corruption Remote Code Execution Vulnerability."
by Google Security Research
CVSS 7.8
CVE-2016-0016 EXPLOITDB HIGH text VERIFIED
Microsoft Windows - Untrusted Search Path DLL Loading Privilege Escalation
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 mishandle DLL loading, which allows local users to gain privileges via a crafted application, aka "DLL Loading Remote Code Execution Vulnerability."
by Google Security Research
CVSS 7.8
EIP-2026-101274 EXPLOITDB text
FingerTec Fingerprint Reader - Remote Access and Remote Enrolment
by Daniel Lawson
EIP-2026-100987 EXPLOITDB text
Apple watchOS 2 - Crash (PoC)
by Mohammad Reza Espargham
CVE-2015-8634 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player < 18.0.0.268 - Use-After-Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8635, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.
by Google Security Research
CVSS 8.8
CVE-2015-8635 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player < 18.0.0.324, 19.x-20.x < 20.0.0.267, AIR < 20.0.0.233 - Use-After-Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-8634, CVE-2015-8638, CVE-2015-8639, CVE-2015-8640, CVE-2015-8641, CVE-2015-8642, CVE-2015-8643, CVE-2015-8646, CVE-2015-8647, CVE-2015-8648, CVE-2015-8649, and CVE-2015-8650.
by Google Security Research
CVSS 8.8
EIP-2026-104425 EXPLOITDB text
SedSystems D3 Decimator - Multiple Vulnerabilities
by prdelka
CVE-2015-8636 EXPLOITDB HIGH text VERIFIED
Adobe AIR < 20.0.0.233 - Remote Code Execution via Memory Corruption
Adobe Flash Player before 18.0.0.324 and 19.x and 20.x before 20.0.0.267 on Windows and OS X and before 11.2.202.559 on Linux, Adobe AIR before 20.0.0.233, Adobe AIR SDK before 20.0.0.233, and Adobe AIR SDK & Compiler before 20.0.0.233 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-8459, CVE-2015-8460, and CVE-2015-8645.
by Google Security Research
CVSS 8.8
EIP-2026-114243 EXPLOITDB text
WordPress Plugin WP Symposium Pro Social Network Plugin 15.12 - Multiple Vulnerabilities
by Rahul Pratap Singh
CVE-2013-7285 EXPLOITDB CRITICAL text
Oracle Endeca Information Discovery Studio - Remote Code Execution via XStream Input Stream Manipulation
Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed input stream when unmarshaling XML or any supported format. e.g. JSON.
by Brian D. Hysell
CVSS 9.8
EIP-2026-101168 EXPLOITDB text
AVM FRITZ!Box < 6.30 - Remote Buffer Overflow
by RedTeam Pentesting
EIP-2026-101842 EXPLOITDB text
MediaAccess TG788vn - File Disclosure
by 0x4148
CVE-2015-8398 EXPLOITDB MEDIUM text
Confluence < 5.8.16 - Cross-Site Scripting via PATH_INFO to rest/prototype/1/session/check
Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check.
by Sebastian Perez
CVSS 6.1
CVE-2015-8399 EXPLOITDB MEDIUM text
Atlassian Confluence <5.8.17 - Info Disclosure
Atlassian Confluence before 5.8.17 allows remote authenticated users to read configuration files via the decoratorName parameter to (1) spaces/viewdefaultdecorator.action or (2) admin/viewdefaultdecorator.action.
by Sebastian Perez
CVSS 4.3
EIP-2026-112132 EXPLOITDB text
Simple PHP Polling System - Multiple Vulnerabilities
by WICS
EIP-2026-111077 EXPLOITDB text
PHPIPAM 1.1.010 - Multiple Vulnerabilities
by Mickael Dorigny
EIP-2026-110055 EXPLOITDB text
Online Airline Booking System - Multiple Vulnerabilities
by Manish Tanwar
EIP-2026-103627 EXPLOITDB text VERIFIED
pdfium IsFlagSet (v8 memory management) - SIGSEGV
by Google Security Research
CVE-2015-6787 EXPLOITDB text VERIFIED
Google Chrome < 46.0.2490.86 - Denial of Service
Multiple unspecified vulnerabilities in Google Chrome before 47.0.2526.73 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
by Google Security Research