Text Exploits

31,392 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-6018 EXPLOITDB CRITICAL text
ZyXEL PMG5318-B20A <1.00(AANC.2)C0 - RCE
The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.00(AANC.2)C0 allows remote attackers to execute arbitrary commands via the PingIPAddr parameter.
by Karn Ganeshen
CVSS 9.8
CVE-2014-8357 EXPLOITDB HIGH text
Zhone zNID GPON 2426A < S3.0.501 - Unauthenticated Password Disclosure via Session Key in URL
backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the sessionKey parameter in a getConfig action to backupsettings.conf.
by Lyon Yang
CVSS 8.8
CVE-2014-8356 EXPLOITDB HIGH text
Zhone zNID 2426A < s3.0.501 - Authenticated Authorization Bypass via Insecure Direct Object Reference
The web administrative portal in Zhone zNID 2426A before S3.0.501 allows remote authenticated users to bypass intended access restrictions via a modified server response, related to an insecure direct object reference.
by Lyon Yang
CVSS 8.8
EIP-2026-116943 EXPLOITDB text
CDex Genre 1.79 - Local Stack Buffer Overflow
by Un_N0n
EIP-2026-108992 EXPLOITDB text
Kerio Control 8.6.1 - Multiple Vulnerabilities
by Raschin Tavakoli
EIP-2026-101872 EXPLOITDB text
Netgear Voice Gateway 2.3.0.23_2.3.23 - Multiple Vulnerabilities
by Karn Ganeshen
CVE-2015-4040 EXPLOITDB text
F5 Enterprise Manager 3.0.0-3.1.1 - Authenticated Path Traversal
Directory traversal vulnerability in the configuration utility in F5 BIG-IP before 12.0.0 and Enterprise Manager 3.0.0 through 3.1.1 allows remote authenticated users to access arbitrary files in the web root via unspecified vectors.
by Karn Ganeshen
CVE-2014-9118 EXPLOITDB HIGH text
Zhone zNID GPON 2426A <S3.0.501 - RCE
The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd.
by Lyon Yang
CVSS 8.8
EIP-2026-109124 EXPLOITDB text
Liferay 6.1.0 CE - Privilege Escalation
by Massimo De Luca
EIP-2026-108510 EXPLOITDB text
Joomla! Component com_realestatemanager 3.7 - SQL Injection
by Omer Ramić
EIP-2026-104678 EXPLOITDB text
PHPMyLicense 3.0.0 < 3.1.4 - Denial of Service
by Aria Akhavan Rezayat
CVE-2015-5285 EXPLOITDB text
Kallithea <0.3 - HTTP Response Splitting
CRLF injection vulnerability in Kallithea before 0.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the came_from parameter to _admin/login.
by LiquidWorm
CVE-2015-7293 EXPLOITDB HIGH text
Plone - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Zope Management Interface 4.3.7 and earlier, and Plone before 5.x.
by hyp3rlinx
CVSS 8.8
EIP-2026-110809 EXPLOITDB text
PHP-Fusion 7.02.07 - Blind SQL Injection
by Manuel García Cárdenas
EIP-2026-107434 EXPLOITDB text
GLPI 0.85.5 - Arbitrary File Upload / Filter Bypass / Remote Code Execution
by Raffaele Forte
CVE-2015-7358 EXPLOITDB HIGH text VERIFIED
CipherShed < 0.7.5.0 and VeraCrypt < 1.15 - Privilege Escalation via Drive Letter Symbolic Link
The IsDriveLetterAvailable method in Driver/Ntdriver.c in TrueCrypt 7.0, VeraCrypt before 1.15, and CipherShed, when running on Windows, does not properly validate drive letter symbolic links, which allows local users to mount an encrypted volume over an existing drive letter and gain privileges via an entry in the /GLOBAL?? directory.
by Google Security Research
CVSS 7.8
EIP-2026-105094 EXPLOITDB text
Alienvault Open Source SIEM (OSSIM) 4.3 - Cross-Site Request Forgery
by MohamadReza Mohajerani
EIP-2026-102502 EXPLOITDB text
ManageEngine ServiceDesk Plus 9.1 build 9110 - Directory Traversal
by xistence
EIP-2026-119371 EXPLOITDB text
FTGate 7 - Cross-Site Request Forgery
by hyp3rlinx
EIP-2026-119370 EXPLOITDB text
FTGate 2009 Build 6.4.00 - Multiple Vulnerabilities
by hyp3rlinx
EIP-2026-118291 EXPLOITDB text VERIFIED
Avast! AntiVirus - X.509 Error Rendering Command Execution
by Google Security Research
CVE-2015-6970 EXPLOITDB CRITICAL text
Bosch Security Systems NBN-498 Dinion2X - XML Injection
The web interface in Bosch Security Systems NBN-498 Dinion2X Day/Night IP Cameras with H.264 Firmware 4.54.0026 allows remote attackers to conduct XML injection attacks via the idstring parameter to rcp.xml.
by neom22
CVSS 9.8
EIP-2026-101408 EXPLOITDB text
PIXORD Vehicle 3G Wi-Fi Router 3GR-431P - Multiple Vulnerabilities
by Karn Ganeshen
CVE-2015-6589 EXPLOITDB HIGH text VERIFIED
Kaseya VSA <=9.1.0.8 Authenticated Path Traversal & Arbitrary File Write via json.ashx
Directory traversal vulnerability in Kaseya Virtual System Administrator (VSA) 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file paths to json.ashx.
by Pedro Ribeiro
CVSS 8.8
CVE-2015-1338 EXPLOITDB text
Apport < 2.19 - Denial of Service and Privilege Escalation via Symlink Attack on vmcore.log
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.
by halfdog