Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-5549 EXPLOITDB text VERIFIED
Adobe Flash Player <18.0.0.232 - Memory Corruption
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5552, and CVE-2015-5553.
by Google Security Research
CVE-2015-5551 EXPLOITDB text VERIFIED
Adobe Flash Player <18.0.0.232 - Use After Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5134, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565.
by Google Security Research
CVE-2015-5134 EXPLOITDB text VERIFIED
Adobe Flash Player < 11.2.202.491 and < 18.0.0.232 - Use-After-Free
Use-after-free vulnerability in Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-5127, CVE-2015-5130, CVE-2015-5539, CVE-2015-5540, CVE-2015-5550, CVE-2015-5551, CVE-2015-5556, CVE-2015-5557, CVE-2015-5559, CVE-2015-5561, CVE-2015-5563, CVE-2015-5564, and CVE-2015-5565.
by Google Security Research
CVE-2015-5554 EXPLOITDB text VERIFIED
Adobe Flash Player <18.0.0.232 - RCE
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code by leveraging an unspecified "type confusion," a different vulnerability than CVE-2015-5555, CVE-2015-5558, and CVE-2015-5562.
by Google Security Research
CVE-2015-4432 EXPLOITDB text VERIFIED
Adobe AIR < 18.0.0.144 - Remote Code Execution via Heap-Based Buffer Overflow
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3135 and CVE-2015-5118.
by Google Security Research
CVE-2015-5118 EXPLOITDB text VERIFIED
Adobe Flash Player < 13.0.0.289 and 14.x-18.x < 18.0.0.203 - Remote Code Execution via Heap-Based Buffer Overflow
Heap-based buffer overflow in Adobe Flash Player before 13.0.0.302 and 14.x through 18.x before 18.0.0.203 on Windows and OS X and before 11.2.202.481 on Linux, Adobe AIR before 18.0.0.180, Adobe AIR SDK before 18.0.0.180, and Adobe AIR SDK & Compiler before 18.0.0.180 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2015-3135 and CVE-2015-4432.
by Google Security Research
CVE-2015-5546 EXPLOITDB text VERIFIED
Adobe Flash Player <18.0.0.232 - Memory Corruption
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5545, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, and CVE-2015-5553.
by Google Security Research
CVE-2015-3042 EXPLOITDB text VERIFIED
Adobe Flash Player <14.x - Memory Corruption
Adobe Flash Player before 13.0.0.281 and 14.x through 17.x before 17.0.0.169 on Windows and OS X and before 11.2.202.457 on Linux allows attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-0347, CVE-2015-0350, CVE-2015-0352, CVE-2015-0353, CVE-2015-0354, CVE-2015-0355, CVE-2015-0360, CVE-2015-3038, CVE-2015-3041, and CVE-2015-3043.
by Google Security Research
CVE-2015-5548 EXPLOITDB text VERIFIED
Adobe Flash Player <18.0.0.232 - Memory Corruption
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5549, CVE-2015-5552, and CVE-2015-5553.
by Google Security Research
CVE-2015-5544 EXPLOITDB text VERIFIED
Adobe Flash Player <18.0.0.232 - Memory Corruption
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5545, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, and CVE-2015-5553.
by Google Security Research
CVE-2015-5547 EXPLOITDB text VERIFIED
Adobe Flash Player <18.0.0.232 - Memory Corruption
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5545, CVE-2015-5546, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, and CVE-2015-5553.
by Google Security Research
CVE-2015-5545 EXPLOITDB text VERIFIED
Adobe Flash Player <18.0.0.232 - Memory Corruption
Adobe Flash Player before 18.0.0.232 on Windows and OS X and before 11.2.202.508 on Linux, Adobe AIR before 18.0.0.199, Adobe AIR SDK before 18.0.0.199, and Adobe AIR SDK & Compiler before 18.0.0.199 allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2015-5544, CVE-2015-5546, CVE-2015-5547, CVE-2015-5548, CVE-2015-5549, CVE-2015-5552, and CVE-2015-5553.
by Google Security Research
CVE-2019-25332 EXPLOITDB HIGH text
FTP Commander Pro 8.03 - Buffer Overflow
FTP Commander Pro 8.03 contains a local stack overflow vulnerability that allows attackers to execute arbitrary code by overwriting the EIP register through a custom command input. Attackers can craft a malicious payload of 4108 bytes to overwrite memory and execute shellcode, demonstrating remote code execution potential.
by Un_N0n
CVSS 8.4
CVE-2014-6271 EXPLOITDB CRITICAL text
Apache mod_cgi Bash Environment Variable Code Injection (Shellshock)
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock." NOTE: the original fix for this issue was incorrect; CVE-2014-7169 has been assigned to cover the vulnerability that is still present after the incorrect fix.
by Bernhard Mueller
CVSS 9.8
EIP-2026-114241 EXPLOITDB text
WordPress Plugin WP Symposium 15.1 - Blind SQL Injection
by dxw
CVE-2015-6522 EXPLOITDB text
WP Symposium < 15.7 - SQL Injection via Size Parameter
SQL injection vulnerability in the WP Symposium plugin before 15.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the size parameter to get_album_item.php.
by PizzaHatHacker
EIP-2026-113013 EXPLOITDB text
vBulletin < 4.2.2 - Memcache Remote Code Execution
by Joshua Rogers
EIP-2026-111050 EXPLOITDB text
PHPfileNavigator 2.3.3 - Privilege Escalation
by hyp3rlinx
EIP-2026-111049 EXPLOITDB text
PHPfileNavigator 2.3.3 - Cross-Site Scripting
by hyp3rlinx
EIP-2026-111048 EXPLOITDB text
PHPfileNavigator 2.3.3 - Cross-Site Request Forgery
by hyp3rlinx
EIP-2026-106050 EXPLOITDB text
CodoForum 3.3.1 - Multiple SQL Injections
by Curesec Research Team
EIP-2026-105472 EXPLOITDB text
BigTree CMS 4.2.3 - (Authenticated) SQL Injection
by Curesec Research Team
EIP-2026-104580 EXPLOITDB text
Apple Mac OSX 10.10.5 - 'XNU' Local Privilege Escalation
by kpwn
CVE-2014-8008 EXPLOITDB text
Cisco Unified Communications Manager - Authenticated Absolute Path Traversal via RTMT API
Absolute path traversal vulnerability in the Real-Time Monitoring Tool (RTMT) API in Cisco Unified Communications Manager (CUCM) allows remote authenticated users to read arbitrary files via a full pathname in an API command, aka Bug ID CSCur49414.
by Bernhard Mueller
CVE-2016-3088 EXPLOITDB CRITICAL text VERIFIED
ActiveMQ web shell upload
The Fileserver web application in Apache ActiveMQ 5.x before 5.14.0 allows remote attackers to upload and execute arbitrary files via an HTTP PUT followed by an HTTP MOVE request.
by David Jorm
CVSS 9.8