Text Exploits

31,392 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-116546 EXPLOITDB text
WinAsm Studio 5.1.8.8 - Buffer Overflow Crash (PoC)
by Un_N0n
EIP-2026-114113 EXPLOITDB text
WordPress Plugin TheCartPress 1.4.7 - Multiple Vulnerabilities
by KedAns-Dz
EIP-2026-114027 EXPLOITDB text
WordPress Plugin Sell Download 1.0.16 - Local File Disclosure
by KedAns-Dz
EIP-2026-113542 EXPLOITDB text
WordPress Plugin Advanced uploader 2.10 - Multiple Vulnerabilities
by KedAns-Dz
EIP-2026-115584 EXPLOITDB text
Malwarebytes AntiVirus 2.2.0 - Denial of Service (PoC)
by Francis Provencher
EIP-2026-114164 EXPLOITDB text
WordPress Plugin Users Ultra 1.5.50 - Persistent Cross-Site Scripting
by Panagiotis Vagenas
EIP-2026-114163 EXPLOITDB text
WordPress Plugin Users Ultra 1.5.50 - Blind SQL Injection
by Panagiotis Vagenas
CVE-2015-8351 EXPLOITDB CRITICAL text
Gwolle Guestbook < 1.5.3 - Authenticated Remote File Inclusion via abspath Parameter
PHP remote file inclusion vulnerability in the Gwolle Guestbook plugin before 1.5.4 for WordPress, when allow_url_include is enabled, allows remote authenticated users to execute arbitrary PHP code via a URL in the abspath parameter to frontend/captcha/ajaxresponse.php. NOTE: this can also be leveraged to include and execute arbitrary local files via directory traversal sequences regardless of whether allow_url_include is enabled.
by High-Tech Bridge SA
CVSS 9.0
EIP-2026-114609 EXPLOITDB text
ZenPhoto 1.4.10 - Local File Inclusion
by hyp3rlinx
EIP-2026-107919 EXPLOITDB text
Invision Power Board (IP.Board) 4.1.4.x - Persistent Cross-Site Scripting
by Mehdi Alouache
CVE-2015-8368 EXPLOITDB text
ntopng < 2.0.151021 - Authenticated Privilege Escalation via User Cookie and Username Parameter
ntopng (aka ntop) before 2.2 allows remote authenticated users to change the login context and gain privileges via the user cookie and username parameter to admin/password_reset.lua.
by Dolev Farhi
EIP-2026-103290 EXPLOITDB text VERIFIED
Kodi 15 - Web Interface Arbitrary File Access
by Machiel Pronk
EIP-2026-101557 EXPLOITDB text
Belkin N150 Wireless Router F9K1009 v1 - Multiple Vulnerabilities
by Rahul Pratap Singh
EIP-2026-109760 EXPLOITDB text VERIFIED
MyCustomers CMS 1.3.873 - SQL Injection
by Persian Hack Team
EIP-2026-107681 EXPLOITDB text
HumHub 0.11.2/0.20.0-beta.2 - SQL Injection
by LSE Leading Security Experts GmbH
CVE-2013-6025 EXPLOITDB text VERIFIED
SAP Sybase Adaptive Server Enterprise 15.7 ESD 2 - Authenticated XML External Entity Injection via XMLParse Procedure
The XMLParse procedure in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 ESD 2 allows remote authenticated users to read arbitrary files via a SQL statement containing an XML document with an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
by Igor Bulatenko
EIP-2026-114250 EXPLOITDB text
WordPress Plugin WP-Client 3.8.7 - Persistent Cross-Site Scripting
by Pier-Luc Maltais
CVE-2015-7865 EXPLOITDB text VERIFIED
NVIDIA GPU <341.92, <354.35, <358.87 - Privilege Escalation
nvSCPAPISvr.exe in the Stereoscopic 3D Driver Service in the NVIDIA GPU graphics driver R340 before 341.92, R352 before 354.35, and R358 before 358.87 on Windows does not properly restrict access to the stereosvrpipe named pipe, which allows local users to gain privileges via a commandline in a number 2 command, which is stored in the HKEY_LOCAL_MACHINE explorer Run registry key, a different vulnerability than CVE-2011-4784.
by Google Security Research
CVE-2015-4878 EXPLOITDB text
Oracle Fusion Middleware 8.5.0-8.5.2 - Denial of Service in Outside In Filters
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4877.
by Francis Provencher
CVE-2015-4877 EXPLOITDB text
Oracle Fusion Middleware 8.5.0-8.5.2 - Denial of Service in Outside In Filters
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.5.0, 8.5.1, and 8.5.2 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-4878.
by Francis Provencher
CVE-2015-6100 EXPLOITDB text VERIFIED
Microsoft Windows - Use-After-Free in Kernel
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6101.
by Nils Sommer
CVE-2015-6101 EXPLOITDB text VERIFIED
Microsoft Windows - Local Privilege Escalation via Kernel Memory Corruption
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to gain privileges via a crafted application, aka "Windows Kernel Memory Elevation of Privilege Vulnerability," a different vulnerability than CVE-2015-6100.
by Nils Sommer
CVE-2015-6102 EXPLOITDB text VERIFIED
Microsoft Windows - Kernel Memory Information Disclosure via KASLR Bypass
The kernel in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 Gold and 1511 allows local users to bypass the KASLR protection mechanism, and consequently discover a driver base address, via a crafted application, aka "Windows Kernel Memory Information Disclosure Vulnerability."
by Nils Sommer
CVE-2015-6098 EXPLOITDB text VERIFIED
Windows Vista/Server 2008/7 NDIS Buffer Overflow Local Privilege Escalation
Buffer overflow in the Network Driver Interface Standard (NDIS) implementation in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 allows local users to gain privileges via a crafted application, aka "Windows NDIS Elevation of Privilege Vulnerability."
by Nils Sommer
CVE-2015-7622 EXPLOITDB text
Adobe Reader/Acrobat <10.1.16/<11.0.13 - Memory Corruption
Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-6685, CVE-2015-6686, CVE-2015-6693, CVE-2015-6694, and CVE-2015-6695.
by Francis Provencher