Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-2467 EXPLOITDB text VERIFIED
Microsoft Office 2007 SP3 - Remote Code Execution via Crafted Document
Microsoft Office 2007 SP3 allows remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
by Google Security Research
CVE-2015-2468 EXPLOITDB text VERIFIED
Microsoft Office - Remote Code Execution via Crafted Document
Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word 2013 SP1, Word 2013 RT SP1, Office for Mac 2011, Office for Mac 2016, Office Compatibility Pack SP3, Word Viewer, Word Automation Services on SharePoint Server 2010 SP2 and 2013 SP1, Word Web Apps 2010 SP2, and Office Web Apps Server 2013 SP1 allow remote attackers to execute arbitrary code via a crafted document, aka "Microsoft Office Memory Corruption Vulnerability."
by Google Security Research
CVE-2015-6805 EXPLOITDB text
MDC Private Message 1.0.0 - Authenticated Stored Cross-Site Scripting via Message Field
Cross-site scripting (XSS) vulnerability in the MDC Private Message plugin 1.0.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the message field in a private message.
by Chris Kellum
EIP-2026-113798 EXPLOITDB text VERIFIED
WordPress Plugin Googmonify 0.8.1 - Cross-Site Scripting / Cross-Site Request Forgery
by Ehsan Hosseini
EIP-2026-109892 EXPLOITDB text
Netsweeper 4.0.9 - Arbitrary File Upload / Execution
by Anastasios Monachos
CVE-2014-9605 EXPLOITDB text
Netsweeper <3.1.10, <4.0.9, <4.1.2 - Auth Bypass
WebUpgrade in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and create a system backup tarball, restart the server, or stop the filters on the server via a ' (single quote) character in the login and password parameters to webupgrade/webupgrade.php. NOTE: this was originally reported as an SQL injection vulnerability, but this may be inaccurate.
by Anastasios Monachos
CVE-2014-9618 EXPLOITDB CRITICAL text
Netsweeper <3.1.10, <4.0.9, <4.1.2 - Auth Bypass
The Client Filter Admin portal in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and subsequently create arbitrary profiles via a showdeny action to the default URL.
by Anastasios Monachos
CVSS 9.8
CVE-2014-9610 EXPLOITDB MEDIUM text
Netsweeper <3.1.10, <4.0.9, <4.1.2 - Auth Bypass
Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to bypass authentication and remove IP addresses from the quarantine via the ip parameter to webadmin/user/quarantine_disable.php.
by Anastasios Monachos
CVSS 5.3
CVE-2014-9619 EXPLOITDB HIGH text
Netsweeper < 3.1.10, 4.0.x < 4.0.9, 4.1.x < 4.1.2 - Authenticated PHP Code Execution via File Upload
Unrestricted file upload vulnerability in webadmin/ajaxfilemanager/ajaxfilemanager.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote authenticated users with admin privileges on the Cloud Manager web console to execute arbitrary PHP code by uploading a file with a double extension, then accessing it via a direct request to the file in webadmin/deny/images/, as demonstrated by secuid0.php.gif.
by Anastasios Monachos
CVSS 7.2
CVE-2014-9612 EXPLOITDB CRITICAL text
Netsweeper < 3.1.10, 4.0.x < 4.0.9, 4.1.x < 4.1.2 - SQL Injection via Server Parameter
SQL injection vulnerability in remotereporter/load_logfiles.php in Netsweeper before 3.1.10, 4.0.x before 4.0.9, and 4.1.x before 4.1.2 allows remote attackers to execute arbitrary SQL commands via the server parameter.
by Anastasios Monachos
CVSS 9.8
CVE-2014-9611 EXPLOITDB CRITICAL text
netsweeper < 4.0.4 - Unauthenticated Authentication Bypass via webadmin/nslam/index.php
Netsweeper before 4.0.5 allows remote attackers to bypass authentication and create arbitrary accounts and policies via a request to webadmin/nslam/index.php.
by Anastasios Monachos
CVSS 9.8
CVE-2014-9613 EXPLOITDB CRITICAL text
Netsweeper <2.6.29.10 - SQL Injection
Multiple SQL injection vulnerabilities in Netsweeper before 2.6.29.10 allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to webadmin/auth/verification.php or (2) dpid parameter to webadmin/deny/index.php.
by Anastasios Monachos
CVSS 9.8
EIP-2026-100598 EXPLOITDB text
Vifi Radio 1.0 - Cross-Site Request Forgery
by KnocKout
CVE-2015-9263 EXPLOITDB CRITICAL text VERIFIED
Idera Up.Time Monitoring Station 7.5.0/7.4.0 - Unrestricted File Upload via post2file.php
An issue was discovered in post2file.php in Up.Time Monitoring Station 7.5.0 (build 16) and 7.4.0 (build 13). It allows an attacker to upload an arbitrary file, such as a .php file that can execute arbitrary OS commands.
by LiquidWorm
CVSS 9.8
CVE-2015-5562 EXPLOITDB text VERIFIED
Adobe Flash Player <18.0.0.232/11.2.202.508 - RCE
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-5554, CVE-2015-5555, and CVE-2015-5558.
by Google Security Research
CVE-2015-3083 EXPLOITDB text VERIFIED
Adobe Flash Player <13.0.0.289 & Adobe AIR <17.0.0.172 - Auth Bypass
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3082 and CVE-2015-3085.
by KeenTeam
CVE-2015-3081 EXPLOITDB text VERIFIED
Adobe Flash Player <13.0.0.289-17.0.0.188 - Info Disclosure
Race condition in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to bypass the Internet Explorer Protected Mode protection mechanism via unspecified vectors.
by KeenTeam
CVE-2015-3082 EXPLOITDB text VERIFIED
Adobe Flash Player <13.0.0.289 & Adobe AIR <17.0.0.172 - Auth Bypass
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow remote attackers to bypass intended restrictions on filesystem write operations via unspecified vectors, a different vulnerability than CVE-2015-3083 and CVE-2015-3085.
by KeenTeam
CVE-2015-3087 EXPLOITDB text VERIFIED
Adobe Flash Player <13.0.0.289-17.0.0.188 - RCE
Integer overflow in Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allows attackers to execute arbitrary code via unspecified vectors.
by Google Security Research
CVE-2015-3089 EXPLOITDB text VERIFIED
Adobe Flash Player <13.0.0.289 & 14.x-17.x - Memory Corruption
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3078, CVE-2015-3090, and CVE-2015-3093.
by bilou
CVE-2015-3093 EXPLOITDB text VERIFIED
Adobe Flash Player <13.0.0.289 & 14.x-17.x <17.0.0.188 - Memory Cor...
Adobe Flash Player before 13.0.0.289 and 14.x through 17.x before 17.0.0.188 on Windows and OS X and before 11.2.202.460 on Linux, Adobe AIR before 17.0.0.172, Adobe AIR SDK before 17.0.0.172, and Adobe AIR SDK & Compiler before 17.0.0.172 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-3078, CVE-2015-3089, and CVE-2015-3090.
by bilou
CVE-2015-5561 EXPLOITDB text VERIFIED
Adobe Flash Player <18.0.0.232 - Use After Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565.
by bilou
CVE-2015-3118 EXPLOITDB text VERIFIED
Adobe Flash Player <13.0.0.302, 14.x-18.x - RCE
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3124, CVE-2015-3127, CVE-2015-3128, CVE-2015-3129, CVE-2015-3131, CVE-2015-3132, CVE-2015-3136, CVE-2015-3137, CVE-2015-4428, CVE-2015-4430, and CVE-2015-5117.
by bilou
CVE-2015-3106 EXPLOITDB text VERIFIED
Adobe Flash Player <13.0.0.292-18.x - RCE
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.292 and 14.x through 18.x before 18.0.0.160 on Windows and OS X and before 11.2.202.466 on Linux, Adobe AIR before 18.0.0.144 on Windows and before 18.0.0.143 on OS X and Android, Adobe AIR SDK before 18.0.0.144 on Windows and before 18.0.0.143 on OS X, and Adobe AIR SDK & Compiler before 18.0.0.144 on Windows and before 18.0.0.143 on OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3103 and CVE-2015-3107.
by bilou
CVE-2015-5130 EXPLOITDB text VERIFIED
Opensuse Evergreen < 11.2.202.491 - Use After Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565.
by Google Security Research