Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-3110 EXPLOITDB text VERIFIED
Adobe Photoshop CC < 16.0 and Bridge CC < 6.11 - Remote Code Execution
Integer overflow in Adobe Photoshop CC before 16.0 (aka 2015.0.0) and Adobe Bridge CC before 6.11 allows attackers to execute arbitrary code via unspecified vectors.
by Francis Provencher
EIP-2026-116034 EXPLOITDB text VERIFIED
Paintshop Pro X7 - '.gif' Conversion Heap Memory Corruption 'LZWMinimumCodeSize' (Denial of Service)
by Francis Provencher
CVE-2015-1158 EXPLOITDB text VERIFIED
CUPS < 2.0.3 - Remote Code Execution via IPP Job Request
The add_job function in scheduler/ipp.c in cupsd in CUPS before 2.0.3 performs incorrect free operations for multiple-value job-originating-host-name attributes, which allows remote attackers to trigger data corruption for reference-counted strings via a crafted (1) IPP_CREATE_JOB or (2) IPP_PRINT_JOB request, as demonstrated by replacing the configuration file and consequently executing arbitrary code.
by Google Security Research
CVE-2015-5149 EXPLOITDB text
ManageEngine SupportCenter Plus 7.90 - Path Traversal & Arbitrary File Write via Attachment.jsp
Directory traversal vulnerability in Zoho ManageEngine SupportCenter Plus 7.90 allows remote authenticated users to write to arbitrary files via a .. (dot dot) in the component parameter in the Request component to workorder/Attachment.jsp.
by Vulnerability-Lab
CVE-2015-5150 EXPLOITDB text
ManageEngine SupportCenter Plus 7.90 - Authenticated Cross-Site Scripting via Query Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Zoho ManageEngine SupportCenter Plus 7.90 allow remote authenticated users to inject arbitrary web script or HTML via the (1) query parameter in the run_query_editor_query module to CustomReportHandler.do, (2) compAcct parameter to jsp/ResetADPwd.jsp, or (3) redirectTo parameter to jsp/CacheScreenWidth.jsp.
by Vulnerability-Lab
CVE-2015-5148 EXPLOITDB text VERIFIED
LivelyCart 1.2.0 - SQL Injection via Search Query Parameter
SQL injection vulnerability in LivelyCart 1.2.0 allows remote attackers to execute arbitrary SQL commands via the search_query parameter to product/search.
by Manish Tanwar
EIP-2026-102141 EXPLOITDB text
ZTE ZXV10 W300 v3.1.0c_DR0 - UI Session Delete
by Vulnerability-Lab
CVE-2015-5079 EXPLOITDB HIGH text
BlackCat CMS < 1.1.2 - Path Traversal via widgets/logs.php dl Parameter
Directory traversal vulnerability in widgets/logs.php in BlackCat CMS before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the dl parameter.
by d4rkr0id
CVSS 7.5
CVE-2015-2803 EXPLOITDB text
Akronymmanager < 0.5.0 - Authenticated SQL Injection via id Parameter
SQL injection vulnerability in mod1/index.php in the Akronymmanager (sb_akronymmanager) extension before 7.0.0 for TYPO3 allows remote authenticated users with permission to maintain acronyms to execute arbitrary SQL commands via the id parameter.
by RedTeam Pentesting
CVE-2015-3624 EXPLOITDB text
ektron Content Management System < 9.1 - Cross-Site Request Forgery via Menu Actions Endpoint
Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.120) allows remote attackers to hijack the authentication of content administrators for requests that delete content via a delete action.
by Jerold Hoong
EIP-2026-106625 EXPLOITDB text
E-Detective Lawful Interception System - Multiple Vulnerabilities
by Mustafa Al-Bassam
CVE-2015-1328 EXPLOITDB HIGH text VERIFIED
Linux kernel <3.19.0-21.21 - Privilege Escalation
The overlayfs implementation in the linux (aka Linux kernel) package before 3.19.0-21.21 in Ubuntu through 15.04 does not properly check permissions for file creation in the upper filesystem directory, which allows local users to obtain root access by leveraging a configuration in which overlayfs is permitted in an arbitrary mount namespace.
by rebel
CVSS 7.8
EIP-2026-101522 EXPLOITDB text VERIFIED
Apexis IP CAM - Information Disclosure
by Sunplace Solutions
CVE-2015-4658 EXPLOITDB text VERIFIED
Milw0rm Clone Script 1.0 - SQL Injection via usr or pwd Parameter
Multiple SQL injection vulnerabilities in admin/login.php in Milw0rm Clone Script 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) usr or (2) pwd parameter.
by walid naceri
CVE-2015-7346 EXPLOITDB CRITICAL text VERIFIED
ZCMS 1.1 - SQL Injection
SQL injection vulnerability in ZCMS 1.1.
by hyp3rlinx
CVSS 9.8
CVE-2015-4414 EXPLOITDB text VERIFIED
SE HTML5 Album Audio Player < 1.1.0 - Path Traversal via File Parameter
Directory traversal vulnerability in download_audio.php in the SE HTML5 Album Audio Player (se-html5-album-audio-player) plugin 1.1.0 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
by Larry W. Cashdollar
CVE-2015-4455 EXPLOITDB CRITICAL text
Aviary Image Editor Add-on for Gravity Forms < 3.0 - Unauthenticated Arbitrary File Upload via upload.php
Unrestricted file upload vulnerability in includes/upload.php in the Aviary Image Editor Add-on For Gravity Forms plugin 3.0 beta for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/gform_aviary.
by Larry W. Cashdollar
CVSS 9.8
EIP-2026-109830 EXPLOITDB text
Nakid CMS - Multiple Vulnerabilities
by hyp3rlinx
CVE-2015-4659 EXPLOITDB text
ClickHeat < 1.1.4 - Cross-Site Request Forgery via Config Action
Cross-site request forgery (CSRF) vulnerability in ClickHeat 1.14 and earlier allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via a config action to index.php.
by David Shanahan
CVE-2015-4420 EXPLOITDB text
Opsview < 4.6.2 - Cross-Site Scripting via Crafted Check Plugin or Host Profile Description
Multiple cross-site scripting (XSS) vulnerabilities in Opsview 4.6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via a (1) crafted check plugin, the (2) description in a host profile, or the (3) plugin_args parameter to a Test service check page.
by Dolev Farhi
CVE-2015-7347 EXPLOITDB MEDIUM text VERIFIED
ZCMS 1.1 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in ZCMS JavaServer Pages Content Management System 1.1.
by hyp3rlinx
CVSS 4.8
CVE-2015-3222 EXPLOITDB HIGH text
OSSEC 2.7-2.8.1 - Local Privilege Escalation via syscheck/seechanges.c
syscheck/seechanges.c in OSSEC 2.7 through 2.8.1 on NIX systems allows local users to execute arbitrary code as root.
by Andrew Widdersheim
CVSS 7.0
CVE-2015-9480 EXPLOITDB HIGH text
RobotCPA 5 for WordPress - Path Traversal via f.php l Parameter
The RobotCPA plugin 5 for WordPress has directory traversal via the f.php l parameter.
by T3N38R15
CVSS 7.5
CVE-2015-4118 EXPLOITDB text
ISPConfig < 3.0.5.4 - Authenticated SQL Injection via server Parameter
SQL injection vulnerability in monitor/show_sys_state.php in ISPConfig before 3.0.5.4p7 allows remote authenticated users with monitor permissions to execute arbitrary SQL commands via the server parameter. NOTE: this can be leveraged by remote attackers using CVE-2015-4119.2.
by High-Tech Bridge SA
CVE-2015-2125 EXPLOITDB text
HP WebInspect 7.8-10.4 - Authenticated XML External Entity Injection
Unspecified vulnerability in HP WebInspect 7.x through 10.4 before 10.4 update 1 allows remote authenticated users to bypass intended access restrictions via unknown vectors.
by Jakub Palaczynski