Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-21995 EXPLOITDB CRITICAL text
Inim Smartliving Firmware < 6.0 - Use of Hard-coded Credentials
Inim Electronics Smartliving SmartLAN/G/SI <=6.x uses default hardcoded credentials. An attacker could exploit this to gain Telnet, SSH and FTP access to the system.
by LiquidWorm
CVSS 9.8
CVE-2019-25335 EXPLOITDB HIGH text
7070 Hazr Profesyonel Web Sitesi 1.0 - Authentication Bypass via SQL Injection
PRO-7070 Hazır Profesyonel Web Sitesi version 1.0 contains an authentication bypass vulnerability in the administration panel login page. Attackers can bypass authentication by using '=' 'or' as both username and password to gain unauthorized access to the administrative interface.
by Ahmet Ümit BAYRAM
CVSS 7.5
CVE-2019-25264 EXPLOITDB MEDIUM text VERIFIED
Snipe-IT 4.7.5 - XSS
Snipe-IT 4.7.5 contains a persistent cross-site scripting vulnerability that allows authorized users to upload malicious SVG files with embedded JavaScript. Attackers can craft SVG files with script tags to execute arbitrary JavaScript when the accessory is viewed by other users.
by Metin Yunus Kandemir
CVSS 6.4
EIP-2026-102417 EXPLOITDB text
Oracle Siebel Sales 8.1 - Persistent Cross-Site Scripting
by omurugur
CVE-2019-25271 EXPLOITDB HIGH text
NETGATE Data Backup 3.0.620 - Code Injection
NETGATE Data Backup 3.0.620 contains an unquoted service path vulnerability in its NGDatBckpSrv Windows service configuration. Attackers can exploit the unquoted path to inject and execute malicious code with LocalSystem privileges by placing executable files in specific directory locations.
by ZwX
CVSS 7.8
CVE-2019-25269 EXPLOITDB HIGH text
Amiti Antivirus <25.0.640 - Code Injection
Amiti Antivirus 25.0.640 contains an unquoted service path vulnerability in its Windows service configurations. Attackers can exploit the unquoted path to inject and execute malicious code with elevated LocalSystem privileges by placing executable files in specific directory locations.
by ZwX
CVSS 7.8
CVE-2019-25337 EXPLOITDB CRITICAL text
OwnCloud 8.1.8 - Username Enumeration via Share Endpoint Wildcard Search
OwnCloud 8.1.8 contains a username enumeration vulnerability that allows remote attackers to discover user accounts by manipulating the share.php endpoint. Attackers can send crafted GET requests to /index.php/core/ajax/share.php with a wildcard search parameter to retrieve comprehensive user information.
by Daniel Moreno
CVSS 9.8
EIP-2026-119660 EXPLOITDB text
Microsoft Visual Basic 2010 Express - XML External Entity Injection
by ZwX
EIP-2026-110070 EXPLOITDB text VERIFIED
Online Clinic Management System 2.2 - HTML Injection
by Cemal Cihad ÇİFTÇİ
CVE-2019-15276 EXPLOITDB MEDIUM text
Cisco Wireless LAN Controller Software 8.4-8.9 - Denial of Service via Crafted URL
A vulnerability in the web interface of Cisco Wireless LAN Controller Software could allow a low-privileged, authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability exists due to a failure of the HTTP parsing engine to handle specially crafted URLs. An attacker could exploit this vulnerability by authenticating with low privileges to an affected controller and submitting the crafted URL to the web interface of the affected device. Conversely, an unauthenticated attacker could exploit this vulnerability by persuading a user of the web interface to click the crafted URL. A successful exploit could allow the attacker to cause an unexpected restart of the device, resulting in a DoS condition.
by SecuNinja
CVSS 6.5
EIP-2026-119661 EXPLOITDB text VERIFIED
Microsoft Windows Media Center 2002 - XML External Entity MotW Bypass
by hyp3rlinx
EIP-2026-110124 EXPLOITDB text
Online Invoicing System 2.6 - 'description' Persistent Cross-Site Scripting
by Cemal Cihad ÇİFTÇİ
CVE-2019-19516 EXPLOITDB MEDIUM text
Intelbras WRN 150 1.0.18 - Cross-Site Request Forgery via Password Change
Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a password.
by Prof. Joas Antonio
CVSS 6.5
CVE-2019-25338 EXPLOITDB MEDIUM text
DokuWiki 2018-04-22b - Info Disclosure
DokuWiki 2018-04-22b contains a username enumeration vulnerability in its password reset functionality that allows attackers to identify valid user accounts. Attackers can submit different usernames to the password reset endpoint and distinguish between existing and non-existing accounts by analyzing the server's error response messages.
by Talha ŞEN
CVSS 5.3
CVE-2019-25234 EXPLOITDB MEDIUM text
SmartHouse Webapp 6.5.33 - CSRF/XSS
SmartHouse Webapp 6.5.33 contains multiple cross-site request forgery and cross-site scripting vulnerabilities that allow attackers to perform unauthorized actions. Attackers can exploit these vulnerabilities by tricking logged-in users into visiting malicious websites or injecting malicious scripts into various application parameters.
by LiquidWorm
CVSS 5.3
EIP-2026-119663 EXPLOITDB text VERIFIED
Visual Studio 2008 - XML External Entity Injection
by hyp3rlinx
EIP-2026-119659 EXPLOITDB text
Microsoft Excel 2016 1901 - XML External Entity Injection
by hyp3rlinx
EIP-2026-117443 EXPLOITDB text
Max Secure Anti Virus Plus 19.0.4.020 - Insecure File Permissions
by hyp3rlinx
CVE-2019-25272 EXPLOITDB HIGH text
TexasSoft CyberPlanet 6.4.131 - Code Injection
TexasSoft CyberPlanet 6.4.131 contains an unquoted service path vulnerability in the CCSrvProxy service that allows local attackers to execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files (x86)\TenaxSoft\CyberPlanet\SrvProxy.exe' to inject malicious executables and gain elevated system privileges.
by Cristian Ayala G
CVSS 7.8
CVE-2019-25265 EXPLOITDB MEDIUM text
Online Inventory Manager 3.2 - Stored Cross-Site Scripting in Group Description Field
Online Inventory Manager 3.2 contains a stored cross-site scripting vulnerability in the group description field of the admin edit groups section. Attackers can inject malicious JavaScript through the description field that will execute when the groups page is viewed, allowing potential cookie theft and client-side script execution.
by Cemal Cihad ÇİFTÇİ
CVSS 6.4
EIP-2026-113507 EXPLOITDB text
WordPress Core 5.3 - User Disclosure
by SajjadBnd
CVE-2019-25273 EXPLOITDB HIGH text
Easy-Hide-IP 5.0.0.3 - Code Injection
Easy-Hide-IP 5.0.0.3 contains an unquoted service path vulnerability in the EasyRedirect service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Easy-Hide-IP\rdr\EasyRedirect.exe' to inject malicious executables and escalate privileges.
by Rene Cortes S
CVSS 7.8
EIP-2026-118093 EXPLOITDB text
Waves MaxxAudio Drivers 1.1.6.0 - 'WavesSysSvc64' Unquoted Service Path
by Luis Martínez
EIP-2026-117560 EXPLOITDB text
Microsoft Windows AppXsvc Deployment Extension - Privilege Escalation
by Abdelhamid Naceri
CVE-2019-25274 EXPLOITDB HIGH text
ProShow Producer 9.0.3797 - Code Injection
ProShow Producer 9.0.3797 contains an unquoted service path vulnerability in the ScsiAccess service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted binary path to inject malicious executables that will be run with LocalSystem privileges during service startup.
by ZwX
CVSS 7.8
By Source
All 31,386 Writeup 62,507 Exploitdb 50,076 Nomisec 22,465 Github 3,690 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,604 ruby 6,006 c 3,632 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 133 go 73 postscript 25 typescript 25