Text Exploits

31,392 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101876 EXPLOITDB text
Netgear Wireless Management System 2.1.4.15 (Build 1236) - Privilege Escalation
by Elliott Lewis
EIP-2026-107108 EXPLOITDB text VERIFIED
FireEye Appliance - Unauthorized File Disclosure
by Kristian Erik Hermansen
EIP-2026-104595 EXPLOITDB text VERIFIED
Disconnect.me Mac OSX Client 2.0 - Local Privilege Escalation
by Kristian Erik Hermansen
EIP-2026-102134 EXPLOITDB text
Zhone ADSL2+ 4P Bridge & Router (Broadcom) - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-101777 EXPLOITDB text
HooToo Tripmate HT-TM01 2.000.022 - Cross-Site Request Forgery
by Ken Smith
CVE-2015-5995 EXPLOITDB CRITICAL text VERIFIED
Mediabridge Medialink MWN-WAPR300N/Tenda N3 - Auth Bypass
Mediabridge Medialink MWN-WAPR300N devices with firmware 5.07.50 and Tenda N3 Wireless N150 devices allow remote attackers to obtain administrative access via a certain admin substring in an HTTP Cookie header.
by Mandeep Jadon
CVSS 9.8
EIP-2026-109318 EXPLOITDB text
Mantis Bug Tracker 1.2.19 - Host Header
by Pier-Luc Maltais
CVE-2015-6545 EXPLOITDB text
Cerb < 7.0.3 - Cross-Site Request Forgery via ajax.php saveWorkerPeek Action
Cross-site request forgery (CSRF) vulnerability in ajax.php in Cerb before 7.0.4 allows remote attackers to hijack the authentication of administrators for requests that add an administrator account via a saveWorkerPeek action.
by High-Tech Bridge SA
CVE-2015-5466 EXPLOITDB HIGH text
XGI WindowsXP Display Manager <6.14.10.1090 - Privilege Escalation
Silicon Integrated Systems XGI WindowsXP Display Manager (aka XGI VGA Driver Manager and VGA Display Manager) 6.14.10.1090 allows local users to gain privileges via a crafted 0x96002404 IOCTL call.
by KoreLogic
CVSS 7.8
CVE-2015-5465 EXPLOITDB text
Silicon Integrated Systems WindowsXP Display Manager <6.14.10.3930 ...
Silicon Integrated Systems WindowsXP Display Manager (aka VGA Driver Manager and VGA Display Manager) 6.14.10.3930 allows local users to gain privileges via a crafted (1) 0x96002400 or (2) 0x96002404 IOCTL call.
by KoreLogic
EIP-2026-115875 EXPLOITDB text
Mpxplay MultiMedia Commander 2.00a - '.m3u' Stack Buffer Overflow (PoC)
by Un_N0n
CVE-2015-6809 EXPLOITDB text VERIFIED
BEdita < 3.6.0 - Stored Cross-Site Scripting via Admin Config and Area Parameters
Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection.
by Sébastien Morin
EIP-2026-101688 EXPLOITDB text
Edimax BR6228nS/BR6228nC - Multiple Vulnerabilities
by smash
EIP-2026-111252 EXPLOITDB text
PhpWiki 1.5.4 - Multiple Vulnerabilities
by smash
EIP-2026-101693 EXPLOITDB text
Edimax PS-1206MF - Web Admin Authentication Bypass
by smash
CVE-2015-6811 EXPLOITDB text
CyberoamOS <= 10.6.2 MR-1 - SQL Injection via login.xml Username Parameter
SQL injection vulnerability in the Sophos Cyberoam CR500iNG-XP firewall appliance with CyberoamOS 10.6.2 MR-1 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.xml.
by Dharmendra Kumar Singh
EIP-2026-101970 EXPLOITDB text
Samsung SyncThruWeb 2.01.00.26 - SMB Hash Disclosure
by Shad Malloy
CVE-2015-6567 EXPLOITDB HIGH text
Wolf CMS < 0.8.3.1 - Authenticated Arbitrary File Upload and PHP Code Execution via File Manager
Wolf CMS before 0.8.3.1 allows unrestricted file upload and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not validate the parameter "filename" properly. Exploitation requires a registered user who has access to upload functionality.
by Narendra Bhati
CVSS 8.8
CVE-2015-10144 EXPLOITDB HIGH text VERIFIED
Responsive Thumbnail Slider <1.0.1 - Code Injection
The Responsive Thumbnail Slider plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type sanitization in the via the image uploader in versions up to 1.0.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected sites server using a double extension which may make remote code execution possible.
by Arash Khazaei
CVSS 8.8
CVE-2015-6568 EXPLOITDB HIGH text
Wolf CMS < 0.8.3.1 - Authenticated Arbitrary File Upload and PHP Code Execution via File Manager
Wolf CMS before 0.8.3.1 allows unrestricted file rename and PHP Code Execution because admin/plugin/file_manager/browse/ (aka the filemanager) does not prevent a change of a file extension to ".php" after originally using the parameter "filename" for uploading a JPEG image. Exploitation requires a registered user who has access to upload functionality.
by Narendra Bhati
CVSS 8.8
EIP-2026-111358 EXPLOITDB text
Pluck CMS 4.7.3 - Multiple Vulnerabilities
by smash
EIP-2026-102384 EXPLOITDB text
Jenkins 1.626 - Cross-Site Request Forgery / Code Execution
by smash
EIP-2026-102179 EXPLOITDB text
Photo Transfer (2) 1.0 iOS - Denial of Service
by Vulnerability-Lab
EIP-2026-116597 EXPLOITDB text
Xion Audio Player 1.5 build 155 - Stack Buffer Overflow
by Un_N0n
CVE-2015-6810 EXPLOITDB text
Invision Power Board 4.x < 4.0.12.1 - Authenticated Cross-Site Scripting via Event Location Address Parameter
Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/.
by snop