Text Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-7910 EXPLOITDB text
Google Chrome < 39.0.2171.45 - Denial of Service
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
by Roberto Suggi Liverani
CVE-2015-2166 EXPLOITDB text
Ericsson Drutt Mobile Service Delivery Platform - Path Traversal
Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI.
by Anastasios Monachos
CVE-2014-9147 EXPLOITDB HIGH text
Fiyo CMS 2.0.1.8 - Info Disclosure
Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/.
by Mahendra
CVSS 7.5
EIP-2026-114077 EXPLOITDB text
WordPress Plugin SP Project & Document Manager 2.5.3 - Blind SQL Injection
by Catsecurity
CVE-2014-9148 EXPLOITDB CRITICAL text
Fiyo CMS 2.0.1.8 - Auth Bypass
Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur.
by Mahendra
CVSS 9.8
CVE-2015-1579 EXPLOITDB text
Elegant Themes Divi - Path Traversal
Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734.
by Claudio Viviani
EIP-2026-113570 EXPLOITDB text
WordPress Plugin aspose-doc-exporter 1.0 - Arbitrary File Download
by ACC3SS
CVE-2015-2798 EXPLOITDB CRITICAL text
Web-dorado Contact Form Maker - SQL Injection
SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by TUNISIAN CYBER
CVSS 9.8
EIP-2026-108356 EXPLOITDB text
Joomla! Component com_gallery_wd - SQL Injection
by CrashBandicot
EIP-2026-103064 EXPLOITDB text
Apache Spark Cluster 1.3.x - Arbitrary Code Execution
by Akhil Das
CVE-2015-1815 EXPLOITDB text
Selinux Setroubleshoot < 3.2.21 - Command Injection
The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name.
by Sebastian Krahmer
CVE-2015-2780 EXPLOITDB CRITICAL text
Berta Cms < 0.8.9b - Unrestricted File Upload
Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
by Simon Waters
CVSS 9.8
CVE-2015-2294 EXPLOITDB text
Netgate Pfsense < 2.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the WebGUI in pfSense before 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) zone parameter to status_captiveportal.php; (2) if or (3) dragtable parameter to firewall_rules.php; (4) queue parameter in an add action to firewall_shaper.php; (5) id parameter in an edit action to services_unbound_acls.php; or (6) filterlogentries_time, (7) filterlogentries_sourceipaddress, (8) filterlogentries_sourceport, (9) filterlogentries_destinationipaddress, (10) filterlogentries_interfaces, (11) filterlogentries_destinationport, (12) filterlogentries_protocolflags, or (13) filterlogentries_qty parameter to diag_logs_filter.php.
by High-Tech Bridge SA
CVE-2015-2097 EXPLOITDB text
Webgate Embedded Standard Protocol SDK - Memory Corruption
Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control, (3) ChangePassword function in the WESPCONFIGLib.UserItem control, Connect function in the (4) WESPSerialPort.WESPSerialPortCtrl.1 or (5) WESPPLAYBACKLib.WESPPlaybackCtrl control, or (6) AddID function in the WESPCONFIGLib.IDList control or a (7) long string to the second argument to the ConnectEx3 function in the WESPPLAYBACKLib.WESPPlaybackCtrl control.
by Praveen Darshanam
CVE-2015-2295 EXPLOITDB text
Netgate Pfsense < 2.2 - CSRF
Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter.
by High-Tech Bridge SA
CVE-2015-0313 EXPLOITDB CRITICAL text
Adobe Flash Player < 11.2.202.442 - Use After Free
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.
by SecurityObscurity
CVSS 9.8
CVE-2014-9014 EXPLOITDB MEDIUM text
WP Marketplace <2.4.1 - Path Traversal
Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter.
by Kacper Szurek
CVSS 4.3
EIP-2026-108870 EXPLOITDB text
Joomla! Component Spider FAQ - SQL Injection
by Manish Tanwar
CVE-2014-5144 EXPLOITDB MEDIUM text
Telescope < 0.9.0 - XSS
Cross-site scripting (XSS) vulnerability in Telescope before 0.9.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted markdown.
by shubs
CVSS 5.4
CVE-2015-2682 EXPLOITDB text
Citrix Command Center <5.1-5.2 - Info Disclosure
Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml.
by Han Sahin
EIP-2026-117559 EXPLOITDB text
Microsoft Windows 8.1 - Local WebDAV NTLM Reflection Privilege Escalation
by Google Security Research
CVE-2015-2562 EXPLOITDB text
Web-Dorado ECommerce WD for Joomla! search_category_id SQL Injection Scanner
Multiple SQL injection vulnerabilities in the Web-Dorado ECommerce WD (com_ecommercewd) component 1.2.5 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) search_category_id, (2) sort_order, or (3) filter_manufacturer_ids in a displayproducts action to index.php.
by Brandon Perry
EIP-2026-105809 EXPLOITDB text
Chamilo LMS 1.9.10 - Multiple Vulnerabilities
by Rehan Ahmed
CVE-2015-2838 EXPLOITDB text
Citrix Netscaler - CSRF
Cross-site request forgery (CSRF) vulnerability in Nitro API in Citrix NetScaler before 10.5 build 52.3nc allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary commands as nsroot via shell metacharacters in the file_name JSON member in params/xen_hotfix/0 to nitro/v1/config/xen_hotfix.
by Han Sahin
CVE-2015-0516 EXPLOITDB text
EMC Vipr Srm < 3.6.0 - Path Traversal
Directory traversal vulnerability in EMC M&R (aka Watch4Net) before 6.5u1 and ViPR SRM before 3.6.1 allows remote authenticated users to read arbitrary files via a crafted URL.
by Han Sahin
By Source
All 31,337 Writeup 59,977 Exploitdb 49,996 Nomisec 21,600 Metasploit 3,218 Github 2,556 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,936 ruby 5,907 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 53 postscript 25 xml 24