Text Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
CVE-2019-25496 EXPLOITDB HIGH text
osCommerce 2.3.4.1 - SQL Injection
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products_id parameter. Attackers can modify the products_id value in product_info.php requests and append boolean-based SQL injection payloads to extract sensitive database information.
by Mehmet EMIROGLU
CVSS 8.2
CVE-2019-25495 EXPLOITDB HIGH text
osCommerce 2.3.4.1 - SQL Injection
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the reviews_id parameter. Attackers can send GET requests to product_reviews_write.php with malicious reviews_id values using boolean-based SQL injection payloads to extract sensitive database information.
by Mehmet EMIROGLU
CVSS 8.2
EIP-2026-103651 EXPLOITDB text VERIFIED
Skia - Incorrect Convexity Assumptions Leading to Buffer Overflows
by Google Security Research
CVE-2019-25250 EXPLOITDB MEDIUM text
Devolo dLAN 500 AV Wireless+ <3.1.0-1 - CSRF
Devolo dLAN 500 AV Wireless+ 3.1.0-1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without proper request validation. Attackers can craft malicious web pages that trigger unauthorized configuration changes by exploiting predictable URL actions when a logged-in user visits the site.
by sm
CVSS 5.3
CVE-2019-25249 EXPLOITDB CRITICAL text
devolo dLAN 500 AV Wireless+ <3.1.0-1 - Auth Bypass
devolo dLAN 500 AV Wireless+ 3.1.0-1 contains an authentication bypass vulnerability that allows attackers to enable hidden services through the htmlmgr CGI script. Attackers can enable telnet and remote shell services, reboot the device, and gain root access without a password by manipulating system configuration parameters.
by sm
CVSS 9.8
CVE-2019-25248 EXPLOITDB HIGH text
Beward N100 M2.1.6.04C014 - Info Disclosure
Beward N100 M2.1.6.04C014 contains an unauthenticated vulnerability that allows remote attackers to access live video streams without credentials. Attackers can directly retrieve the camera's RTSP stream by exploiting the lack of authentication in the video access mechanism.
by LiquidWorm
CVSS 7.5
CVE-2019-25246 EXPLOITDB HIGH text
Beward N100 H.264 VGA IP Camera M2.1.6 - Info Disclosure
Beward N100 H.264 VGA IP Camera M2.1.6 contains an authenticated file disclosure vulnerability that allows attackers to read arbitrary system files via the 'READ.filePath' parameter. Attackers can exploit the fileread script or SendCGICMD API to access sensitive files like /etc/passwd and /etc/issue by supplying absolute file paths.
by LiquidWorm
CVSS 8.8
CVE-2018-19276 EXPLOITDB CRITICAL text
OpenMRS Java Deserialization RCE
OpenMRS before 2.24.0 is affected by an Insecure Object Deserialization vulnerability that allows an unauthenticated user to execute arbitrary commands on the targeted system via crafted XML data in a request body.
by Bishop Fox
CVSS 9.8
EIP-2026-101562 EXPLOITDB text
BEWARD N100 H.264 VGA IP Camera M2.1.6 - Remote Code Execution
by LiquidWorm
CVE-2019-25664 EXPLOITDB HIGH text
SuiteCRM 7.10.7 SQL Injection via record Parameter
SuiteCRM 7.10.7 contains a time-based SQL injection vulnerability in the record parameter of the Users module DetailView action that allows authenticated attackers to manipulate database queries. Attackers can append SQL code to the record parameter in GET requests to the index.php endpoint to extract sensitive database information through time-based blind SQL injection techniques.
by Mehmet EMIROGLU
CVSS 7.1
CVE-2019-25663 EXPLOITDB HIGH text
SuiteCRM 7.10.7 SQL Injection via parentTab Parameter
SuiteCRM 7.10.7 contains a SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the parentTab parameter. Attackers can send GET requests to the email module with malicious parentTab values using boolean-based SQL injection techniques to extract sensitive database information.
by Mehmet EMIROGLU
CVSS 7.1
CVE-2019-25662 EXPLOITDB HIGH text
ResourceSpace 8.6 SQL Injection via watched_searches.php
ResourceSpace 8.6 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'ref' parameter. Attackers can send GET requests to the watched_searches.php endpoint with crafted SQL payloads to extract sensitive database information including usernames and credentials.
by dd_
CVSS 8.2
EIP-2026-104392 EXPLOITDB text
pfSense 2.4.4-p1 - Cross-Site Scripting
by Ozer Goker
EIP-2026-104355 EXPLOITDB text
Nessus 8.2.1 - Cross-Site Scripting
by Ozer Goker
CVE-2018-15657 EXPLOITDB HIGH text
42gears Suremdm < 2018-11-27 - SSRF
An SSRF issue was discovered in 42Gears SureMDM before 2018-11-27 via the /api/DownloadUrlResponse.ashx "url" parameter.
by Digital Interruption
CVSS 7.3
EIP-2026-111821 EXPLOITDB text
Rukovoditel Project Management CRM 2.4.1 - 'lists_id' SQL Injection
by Mehmet EMIROGLU
EIP-2026-110527 EXPLOITDB text
PDF Signer 3.0 - Server-Side Template Injection leading to Remote Command Execution (via Cross-Site Request Forgery Cookie)
by dd_
CVE-2019-25693 EXPLOITDB HIGH text
ResourceSpace 8.6 SQL Injection via collection_edit.php
ResourceSpace 8.6 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL queries by injecting malicious code through the keywords parameter in collection_edit.php. Attackers can submit POST requests with crafted SQL payloads in the keywords field to extract sensitive database information including schema names, user credentials, and other confidential data.
by dd_
CVSS 7.1
CVE-2019-25699 EXPLOITDB HIGH text
Newsbull Haber Script 1.0.0 Authenticated SQL Injection via search parameter
Newsbull Haber Script 1.0.0 contains multiple SQL injection vulnerabilities in the search parameter that allow authenticated attackers to extract database information through time-based, blind, and boolean-based injection techniques. Attackers can inject malicious SQL code through the search parameter in endpoints like /admin/comment/records, /admin/category/records, /admin/news/records, and /admin/menu/childs to manipulate database queries and retrieve sensitive data.
by Mehmet EMIROGLU
CVSS 7.1
CVE-2019-25697 EXPLOITDB HIGH text
CMSsite 1.0 SQL Injection via category.php
CMSsite 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the cat_id parameter. Attackers can send GET requests to category.php with malicious cat_id values to extract sensitive database information including usernames and credentials.
by Majid kalantari
CVSS 8.2
EIP-2026-113530 EXPLOITDB text
WordPress Plugin Ad Manager WD 1.0.11 - Arbitrary File Download
by 41!kh4224rDz
EIP-2026-112579 EXPLOITDB text VERIFIED
Teameyo Project Management System 1.0 - SQL Injection
by Ihsan Sencan
CVE-2019-6979 EXPLOITDB MEDIUM text
MyBB 1.0.2 - XSS
An issue was discovered in the User IP History Logs (aka IP_History_Logs) plugin 1.0.2 for MyBB. There is XSS via the admin/modules/tools/ip_history_logs.php useragent field.
by 0xB9
CVSS 6.1
EIP-2026-109426 EXPLOITDB text
Mess Management System 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-106035 EXPLOITDB text
CMSsite 1.0 - 'search' SQL Injection
by Majid kalantari
By Source
All 31,346 Writeup 50,618 Exploitdb 50,135 Nomisec 21,371 Metasploit 3,228 Github 2,573 Vulncheck_xdb 901 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,959 python 5,911 c 3,576 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 52 postscript 25 xml 24