Text Exploits

31,392 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-106744 EXPLOITDB text
eBay Magento CE 1.9.2.1 - Unrestricted Cron Script (Code Execution / Denial of Service)
by Dawid Golunski
EIP-2026-119159 EXPLOITDB text
SolarWinds Log and Event Manager/Trigeo SIM 6.1.0 - Remote Command Execution
by Chris Graham
EIP-2026-113913 EXPLOITDB text VERIFIED
WordPress Plugin My Calendar 2.4.10 - Multiple Vulnerabilities
by Mysticism
EIP-2026-102514 EXPLOITDB text
NXFilter 3.0.3 - Multiple Cross-Site Scripting Vulnerabilities
by hyp3rlinx
EIP-2026-102513 EXPLOITDB text
NXFilter 3.0.3 - Cross-Site Request Forgery
by hyp3rlinx
CVE-2015-7808 EXPLOITDB text VERIFIED
vBulletin 5 Connect <5.1.9 - Code Injection
The vB_Api_Hook::decodeArguments method in vBulletin 5 Connect 5.1.2 through 5.1.9 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via a crafted serialized object in the arguments parameter to ajax/api/hook/decodeArguments.
by hhjj
EIP-2026-102595 EXPLOITDB text VERIFIED
FreeType 2.6.1 - TrueType tt_cmap14_validate Parsing Heap Out-of-Bounds Reads
by Google Security Research
EIP-2026-116112 EXPLOITDB text
Python 3.3 < 3.5 - 'product_setstate()' Out-of-Bounds Read
by John Leitch
EIP-2026-116111 EXPLOITDB text
Python 2.7 hotshot Module - 'pack_string' Heap Buffer Overflow (PoC)
by John Leitch
EIP-2026-116110 EXPLOITDB text
Python 2.7 - 'strop.replace()' Method Integer Overflow
by John Leitch
EIP-2026-103642 EXPLOITDB text
Python 2.7 - 'array.fromstring' Method Use-After-Free
by John Leitch
CVE-2015-7898 EXPLOITDB MEDIUM text VERIFIED
Samsung Galaxy S6 - Denial of Service in Samsung Gallery GIF Parser
Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
by Google Security Research
CVSS 5.5
CVE-2015-7895 EXPLOITDB MEDIUM text VERIFIED
Samsung Gallery on Samsung Galaxy S6 - Denial of Service via Bitmap Decoding
Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
by Google Security Research
CVSS 5.5
CVE-2015-7896 EXPLOITDB MEDIUM text VERIFIED
Samsung Galaxy S6 <Oct 2015 - Memory Corruption
LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file.
by Google Security Research
CVSS 6.5
CVE-2015-7897 EXPLOITDB text VERIFIED
Samsung Galaxy S6 Edge - Memory Corruption
The media scanning functionality in the face recognition library in android.media.process in Samsung Galaxy S6 Edge before G925VVRU4B0G9 allows remote attackers to gain privileges or cause a denial of service (memory corruption) via a crafted BMP image file.
by Google Security Research
CVE-2015-7894 EXPLOITDB HIGH text VERIFIED
Samsung Galaxy S6 Edge Firmware - Remote Code Execution via Crafted JPG Image
The DCMProvider service in Samsung LibQjpeg on a Samsung SM-G925V device running build number LRX22G.G925VVRU1AOE2 allows remote attackers to cause a denial of service (segmentation fault and process crash) and execute arbitrary code via a crafted JPG.
by Google Security Research
CVSS 8.8
EIP-2026-119345 EXPLOITDB text
actiTIME 2015.2 - Multiple Vulnerabilities
by LiquidWorm
CVE-2015-2554 EXPLOITDB text VERIFIED
Microsoft Windows - Local Privilege Escalation via Object Reference
The kernel in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows local users to gain privileges via a crafted application, aka "Windows Object Reference Elevation of Privilege Vulnerability."
by Google Security Research
EIP-2026-111342 EXPLOITDB text
Pligg CMS 2.0.2 - Multiple SQL Injections
by Curesec Research Team
EIP-2026-111341 EXPLOITDB text
Pligg CMS 2.0.2 - Directory Traversal
by Curesec Research Team
EIP-2026-111340 EXPLOITDB text
Pligg CMS 2.0.2 - Cross-Site Request Forgery / Code Execution
by Curesec Research Team
EIP-2026-110760 EXPLOITDB text
PHP Server Monitor 3.1.1 - Multiple Cross-Site Request Forgery Vulnerabilities
by hyp3rlinx
CVE-2015-5534 EXPLOITDB text
Oxwall < 1.7.4 - Cross-Site Request Forgery via Maintenance Mode Parameters
Multiple cross-site request forgery (CSRF) vulnerabilities in Oxwall before 1.8 allow remote attackers to hijack the authentication of administrators for requests that (1) put the website under maintenance via the maintenance_enable parameter or (2) conduct cross-site scripting (XSS) attacks via the maintenance_text parameter to admin/pages/maintenance.
by High-Tech Bridge SA
CVE-2015-5161 EXPLOITDB text
Zend Framework < 1.12.14, 2.x < 2.4.6, 2.5.x < 2.5.2 - XML External Entity Injection via Multibyte Encoded Characters
The Zend_Xml_Security::scan in ZendXml before 1.0.1 and Zend Framework before 1.12.14, 2.x before 2.4.6, and 2.5.x before 2.5.2, when running under PHP-FPM in a threaded environment, allows remote attackers to bypass security checks and conduct XML external entity (XXE) and XML entity expansion (XEE) attacks via multibyte encoded characters.
by Dawid Golunski
EIP-2026-101775 EXPLOITDB text
Hitron Router CGN3ACSMR 4.5.8.16 - Arbitrary Code Execution
by Dolev Farhi