Text Exploits

31,330 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-2455 EXPLOITDB text VERIFIED
Microsoft .net Framework < 5.1.40416.0 - Improper Input Validation
Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, Lync Basic 2013 SP1, Silverlight before 5.1.40728, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allow remote attackers to execute arbitrary code via a crafted TrueType font, aka "TrueType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2456.
by Google Security Research
CVE-2015-2432 EXPLOITDB text VERIFIED
Microsoft Windows - RCE
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."
by Google Security Research
CVE-2015-2461 EXPLOITDB text VERIFIED
Microsoft Windows 10 - Improper Input Validation
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2458 and CVE-2015-2459.
by Google Security Research
CVE-2015-2462 EXPLOITDB text VERIFIED
Microsoft .net Framework - Improper Input Validation
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, Windows 10, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."
by Google Security Research
CVE-2015-2458 EXPLOITDB text VERIFIED
Microsoft Windows 10 - Improper Input Validation
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2459 and CVE-2015-2461.
by Google Security Research
CVE-2015-2460 EXPLOITDB text VERIFIED
Microsoft .net Framework - Improper Input Validation
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and .NET Framework 3.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, 4.5.2, and 4.6 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability."
by Google Security Research
CVE-2015-2459 EXPLOITDB text VERIFIED
Microsoft Windows 10 - Improper Input Validation
ATMFD.DLL in the Windows Adobe Type Manager Library in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT Gold and 8.1, and Windows 10 allows remote attackers to execute arbitrary code via a crafted OpenType font, aka "OpenType Font Parsing Vulnerability," a different vulnerability than CVE-2015-2458 and CVE-2015-2461.
by Google Security Research
CVE-2015-2470 EXPLOITDB text VERIFIED
Microsoft Office - Numeric Error
Integer underflow in Microsoft Office 2007 SP3, Office 2010 SP2, Office 2013 SP1, Office 2013 RT SP1, Office for Mac 2011, and Word Viewer allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Integer Underflow Vulnerability."
by Google Security Research
CVE-2015-2469 EXPLOITDB text VERIFIED
Microsoft Office - Memory Corruption
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, and Office for Mac 2011 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
by Google Security Research
EIP-2026-115743 EXPLOITDB text VERIFIED
Microsoft Office 2007 - 'wwlib.dll' fcPlcfFldMom Uninitialized Heap Usage
by Google Security Research
CVE-2015-2431 EXPLOITDB text VERIFIED
Microsoft Live Meeting - Improper Input Validation
Microsoft Office 2007 SP3 and 2010 SP2, Live Meeting 2007 Console, Lync 2010, Lync 2010 Attendee, Lync 2013 SP1, and Lync Basic 2013 SP1 allow remote attackers to execute arbitrary code via a crafted Office Graphics Library (OGL) font, aka "Microsoft Office Graphics Component Remote Code Execution Vulnerability."
by Google Security Research
CVE-2015-2467 EXPLOITDB text VERIFIED
Microsoft Office - Memory Corruption
Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
by Google Security Research
CVE-2015-2468 EXPLOITDB text VERIFIED
Microsoft Office - Memory Corruption
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office for Mac 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Word Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
by Google Security Research
CVE-2015-6805 EXPLOITDB text
Medhabidotcom Mdc Private Message - XSS
Cross-site scripting (XSS) vulnerability in the MDC Private Message plugin 1.0.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the message field in a private message.
by Chris Kellum
EIP-2026-113798 EXPLOITDB text VERIFIED
WordPress Plugin Googmonify 0.8.1 - Cross-Site Scripting / Cross-Site Request Forgery
by Ehsan Hosseini
EIP-2026-109892 EXPLOITDB text
Netsweeper 4.0.9 - Arbitrary File Upload / Execution
by Anastasios Monachos
CVE-2014-9605 EXPLOITDB text
Netsweeper <3.1.10, <4.0.9, <4.1.2 - Auth Bypass
WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character in the login and password parameters to webupgrade/webupgrade.php. NOTE: this was originally reported as an SQL injection vulnerability, but this may be inaccurate.
by Anastasios Monachos
CVE-2014-9618 EXPLOITDB CRITICAL text
Netsweeper <3.1.10, <4.0.9, <4.1.2 - Auth Bypass
The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.
by Anastasios Monachos
CVSS 9.8
CVE-2014-9610 EXPLOITDB MEDIUM text
Netsweeper <3.1.10, <4.0.9, <4.1.2 - Auth Bypass
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php.
by Anastasios Monachos
CVSS 5.3
CVE-2014-9619 EXPLOITDB HIGH text
Netsweeper <4.1.2 - RCE
Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file with a double extension, then accessing it via a direct request to the file in webadmin/deny/images/, as demonstrated by secuid0.php.gif.
by Anastasios Monachos
CVSS 7.2
CVE-2014-9612 EXPLOITDB CRITICAL text
Netsweeper <4.1.2 - SQL Injection
SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter.
by Anastasios Monachos
CVSS 9.8
CVE-2014-9611 EXPLOITDB CRITICAL text
Netsweeper <4.0.5 - Auth Bypass
Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php.
by Anastasios Monachos
CVSS 9.8
CVE-2014-9613 EXPLOITDB CRITICAL text
Netsweeper <2.6.29.10 - SQL Injection
Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to webadmin/auth/verification.php or (2) dpid parameter to webadmin/deny/index.php.
by Anastasios Monachos
CVSS 9.8
EIP-2026-100598 EXPLOITDB text
Vifi Radio 1.0 - Cross-Site Request Forgery
by KnocKout
CVE-2015-9263 EXPLOITDB CRITICAL text VERIFIED
Idera Uptime Infrastructure Monitor - Unrestricted File Upload
An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands.
by LiquidWorm
CVSS 9.8
By Source
All 31,330 Writeup 59,960 Exploitdb 49,989 Nomisec 21,574 Metasploit 3,218 Github 2,551 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,330 python 5,933 ruby 5,907 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 53 postscript 25 xml 24