Text Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-10685 EXPLOITDB MEDIUM text
Heidelberg Prinect Archiver - XSS
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Heidelberg Prinect Archiver v2013 release 1.0.
by alt3kx
CVSS 6.1
CVE-2019-25503 EXPLOITDB HIGH text VERIFIED
PHPads 2.0 - SQL Injection
PHPads 2.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the bannerID parameter in click.php3. Attackers can submit crafted bannerID values using SQL comment syntax and functions like extractvalue to extract sensitive database information such as the current database name.
by felipe andrian
CVSS 7.1
CVE-2019-25366 EXPLOITDB HIGH text VERIFIED
microASP Portal+ CMS - SQL Injection
microASP Portal+ CMS contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the explode_tree parameter. Attackers can send crafted requests to pagina.phtml with SQL injection payloads using extractvalue and concat functions to extract sensitive database information like the current database name.
by felipe andrian
CVSS 8.2
CVE-2025-34078 EXPLOITDB HIGH text
NSClient++ <0.5.2.35 - Privilege Escalation
A local privilege escalation vulnerability exists in NSClient++ 0.5.2.35 when both the web interface and ExternalScripts features are enabled. The configuration file (nsclient.ini) stores the administrative password in plaintext and is readable by local users. By extracting this password, an attacker can authenticate to the NSClient++ web interface (typically accessible on port 8443) and abuse the ExternalScripts plugin to inject and execute arbitrary commands as SYSTEM by registering a custom script, saving the configuration, and triggering it via the API. This behavior is documented but insecure, as the plaintext credential exposure undermines access isolation between local users and administrative functions.
by bzyo
CVSS 7.8
CVE-2018-20580 EXPLOITDB HIGH text
Smartbear Readyapi - Improper Input Validation
The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
by Gilson Camelo
CVSS 8.8
EIP-2026-118885 EXPLOITDB text VERIFIED
Microsoft Windows PowerShell ISE - Remote Code Execution
by hyp3rlinx
CVE-2019-9017 EXPLOITDB HIGH text
Solarwinds Dameware Mini Remote Control - Out-of-Bounds Write
DWRCC in SolarWinds DameWare Mini Remote Control 10.0 x64 has a Buffer Overflow associated with the size field for the machine name.
by Dino Barlattani
CVSS 7.5
EIP-2026-107872 EXPLOITDB text
Instagram Auto Follow - Authentication Bypass
by Veyselxan
CVE-2019-11504 EXPLOITDB MEDIUM text
Zotonic <0.47 - XSS
Zotonic before version 0.47 has mod_admin XSS.
by Ramòn Janssen
CVSS 4.8
CVE-2019-3929 EXPLOITDB CRITICAL text
Crestron Am-100 Firmware < 2.4.1.19 - OS Command Injection
The Crestron AM-100 firmware 1.6.0.2, Crestron AM-101 firmware 2.7.0.1, Barco wePresent WiPG-1000P firmware 2.3.0.10, Barco wePresent WiPG-1600W before firmware 2.4.1.19, Extron ShareLink 200/250 firmware 2.0.3.4, Teq AV IT WIPS710 firmware 1.1.0.7, SHARP PN-L703WA firmware 1.4.2.3, Optoma WPS-Pro firmware 1.0.0.5, Blackbox HD WPS firmware 1.0.0.5, InFocus LiteShow3 firmware 1.0.16, and InFocus LiteShow4 2.0.0.7 are vulnerable to command injection via the file_transfer.cgi HTTP endpoint. A remote, unauthenticated attacker can use this vulnerability to execute operating system commands as root.
by Jacob Baines
CVSS 9.8
CVE-2019-11429 EXPLOITDB MEDIUM text
CentOS-WebPanel.com <0.9.8.793,0.9.8.753,0.9.8.807 - XSS
CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.793 (Free/Open Source Version), 0.9.8.753 (Pro) and 0.9.8.807 (Pro) is vulnerable to Reflected XSS for the "Domain" field on the "DNS Functions > "Add DNS Zone" screen.
by DKM
CVSS 4.8
CVE-2019-14298 EXPLOITDB MEDIUM text
Veeam ONE Reporter <9.5.0.3201 - XSS
Veeam ONE Reporter 9.5.0.3201 allows XSS via a crafted Description(config) field to addDashboard or editDashboard in CommonDataHandlerReadOnly.ashx.
by Seyed Sadegh Khatami
CVSS 5.4
CVE-2019-14297 EXPLOITDB MEDIUM text
Veeam ONE Reporter <9.5.0.3201 - XSS
Veeam ONE Reporter 9.5.0.3201 allows XSS via the Add/Edit Widget with a crafted Caption field to setDashboardWidget in CommonDataHandlerReadOnly.ashx.
by Seyed Sadegh Khatami
CVSS 5.4
EIP-2026-108725 EXPLOITDB text
Joomla! Component JiFile 2.3.1 - Arbitrary File Download
by Mr Winst0n
EIP-2026-108211 EXPLOITDB text
Joomla! Component ARI Quiz 3.7.4 - SQL Injection
by Mr Winst0n
EIP-2026-107689 EXPLOITDB text
Hyvikk Fleet Manager - Shell Upload
by saxgy1331
CVE-2019-11564 EXPLOITDB MEDIUM text
HumHub 1.3.12 - XSS
A cross-site scripting (XSS) vulnerability in HumHub 1.3.12 allows remote attackers to inject arbitrary web script or HTML via a /protected/vendor/codeception/codeception/tests/data/app/view/index.php POST request.
by Kağan EĞLENCE
CVSS 6.1
EIP-2026-105023 EXPLOITDB text
Agent Tesla Botnet - Information Disclosure
by n4pst3r
CVE-2019-11599 EXPLOITDB HIGH text VERIFIED
Linux kernel <5.0.10 - Info Disclosure
The coredump implementation in the Linux kernel before 5.0.10 does not use locking or other mechanisms to prevent vma layout or vma flags changes while it runs, which allows local users to obtain sensitive information, cause a denial of service, or possibly have unspecified other impact by triggering a race condition with mmget_not_zero or get_task_mm calls. This is related to fs/userfaultfd.c, mm/mmap.c, fs/proc/task_mmu.c, and drivers/infiniband/core/uverbs_main.c.
by Google Security Research
CVSS 7.0
CVE-2019-11569 EXPLOITDB HIGH text
Veeam ONE Reporter <9.5.0.3201 - CSRF
Veeam ONE Reporter 9.5.0.3201 allows CSRF.
by Seyed Sadegh Khatami
CVSS 8.8
CVE-2019-3844 EXPLOITDB HIGH text VERIFIED
Systemd - Privilege Escalation
It was discovered that a systemd service that uses DynamicUser property can get new privileges through the execution of SUID binaries, which would allow to create binaries owned by the service transient group with the setgid bit set. A local attacker may use this flaw to access resources that will be owned by a potentially different service in the future, when the GID will be recycled.
by Google Security Research
CVSS 7.8
CVE-2019-0186 EXPLOITDB MEDIUM text
Apache Pluto < 3.1.0 - XSS
The input fields of the Apache Pluto "Chat Room" demo portlet 3.0.0 and 3.0.1 are vulnerable to Cross-Site Scripting (XSS) attacks. Mitigation: * Uninstall the ChatRoomDemo war file - or - * migrate to version 3.1.0 of the chat-room-demo war file
by Dhiraj Mishra
CVSS 6.1
CVE-2019-11537 EXPLOITDB MEDIUM text VERIFIED
osTicket <1.12 - XSS
In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. The XSS can lead to local file inclusion.
by AkkuS
CVSS 6.1
CVE-2019-7438 EXPLOITDB MEDIUM text
JioFi 4G M2S 1.0.2 - XSS
cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices has XSS and HTML injection via the mask POST parameter.
by Vikas Chaudhary
CVSS 6.1
CVE-2019-7439 EXPLOITDB MEDIUM text
JioFi 4G M2S 1.0.2 - DoS
cgi-bin/qcmap_web_cgi on JioFi 4G M2S 1.0.2 devices allows a DoS (Hang) via the mask POST parameter.
by Vikas Chaudhary
CVSS 6.5
By Source
All 31,346 Exploitdb 50,135 Writeup 48,129 Nomisec 21,326 Metasploit 3,228 Github 2,557 Vulncheck_xdb 901 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,959 python 5,901 c 3,575 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 249 shell 95 go 52 postscript 25 xml 24