Text Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-108681 EXPLOITDB text
Joomla! Component J-BusinessDirectory 4.9.7 - 'type' SQL Injection
by Ihsan Sencan
EIP-2026-118890 EXPLOITDB text
Microsoft Windows VCF or Contact' File - URL Manipulation-Spoof Arbitrary Code Execution
by Eduardo Braun Prado
EIP-2026-108630 EXPLOITDB text
Joomla! Component Easy Shop 1.2.3 - Local File Inclusion
by Ihsan Sencan
CVE-2018-25257 EXPLOITDB HIGH text
Adianti Framework 5.5.0 and 5.6.0 SQL Injection via Profile
Adianti Framework 5.5.0 and 5.6.0 contains an SQL injection vulnerability that allows authenticated users to manipulate database queries by injecting SQL code through the name field in SystemProfileForm. Attackers can submit crafted SQL statements in the profile edit endpoint to modify user credentials and gain administrative access.
by Joner de Mello Assolin
CVSS 7.1
CVE-2019-25576 EXPLOITDB HIGH text VERIFIED
Kepler Wallpaper Script 1.1 SQL Injection via category
Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to extract database information including usernames, database names, and MySQL version details.
by Ihsan Sencan
CVSS 8.2
EIP-2026-111739 EXPLOITDB text VERIFIED
Reservic 1.0 - 'id' SQL Injection
by Ihsan Sencan
EIP-2026-110777 EXPLOITDB text
PHP Uber-style GeoTracking 1.1 - SQL Injection
by Ihsan Sencan
EIP-2026-110682 EXPLOITDB text
PHP Dashboards NEW 5.8 - Local File Inclusion
by Ihsan Sencan
EIP-2026-110681 EXPLOITDB text VERIFIED
PHP Dashboards NEW 5.8 - 'dashID' SQL Injection
by Ihsan Sencan
EIP-2026-109554 EXPLOITDB text VERIFIED
MoneyFlux 1.0 - 'id' SQL Injection
by Ihsan Sencan
EIP-2026-106068 EXPLOITDB text VERIFIED
Coman 1.0 - 'id' SQL Injection
by Ihsan Sencan
CVE-2019-25579 EXPLOITDB HIGH text
phpTransformer 2016.9 Directory Traversal via jQueryFileUpload
phpTransformer 2016.9 contains a directory traversal vulnerability that allows unauthenticated attackers to access arbitrary files by manipulating the path parameter. Attackers can send requests to the jQueryFileUploadmaster server endpoint with traversal sequences ../../../../../../ to list and retrieve files outside the intended directory.
by Ihsan Sencan
CVSS 7.5
CVE-2019-25578 EXPLOITDB HIGH text
phpTransformer 2016.9 SQL Injection via GeneratePDF.php
phpTransformer 2016.9 contains an SQL injection vulnerability that allows remote attackers to execute arbitrary SQL queries by injecting malicious code through the idnews parameter. Attackers can send crafted GET requests to GeneratePDF.php with SQL payloads in the idnews parameter to extract sensitive database information or manipulate queries.
by Ihsan Sencan
CVSS 8.2
CVE-2019-25577 EXPLOITDB MEDIUM text
SeoToaster Ecommerce 3.0.0 Local File Inclusion via backend_theme
SeoToaster Ecommerce 3.0.0 contains a local file inclusion vulnerability that allows authenticated attackers to read arbitrary files by manipulating path parameters in backend theme endpoints. Attackers can send POST requests to /backend/backend_theme/editcss/ or /backend/backend_theme/editjs/ with directory traversal sequences in the getcss or getjs parameters to retrieve file contents.
by Ihsan Sencan
CVSS 5.5
CVE-2019-0539 EXPLOITDB HIGH text VERIFIED
Microsoft Chakracore < 1.11.5 - Out-of-Bounds Write
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0567, CVE-2019-0568.
by Google Security Research
CVSS 7.5
CVE-2019-0567 EXPLOITDB HIGH text VERIFIED
Microsoft Edge - Memory Corruption
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka "Chakra Scripting Engine Memory Corruption Vulnerability." This affects Microsoft Edge, ChakraCore. This CVE ID is unique from CVE-2019-0539, CVE-2019-0568.
by Google Security Research
CVSS 7.5
CVE-2013-6227 EXPLOITDB text
Ajaxplorer < 5.0.3 - Unrestricted File Upload
Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format parameter of a move operation.
by _jazz______
CVE-2019-6263 EXPLOITDB MEDIUM text
Joomla! < 3.9.2 - XSS
An issue was discovered in Joomla! before 3.9.2. Inadequate checks of the Global Configuration Text Filter settings allowed stored XSS.
by Praveen Sutar
CVSS 4.8
EIP-2026-117563 EXPLOITDB text VERIFIED
Microsoft Windows CONTACT - Remote Code Execution
by hyp3rlinx
EIP-2026-116956 EXPLOITDB text VERIFIED
Check Point ZoneAlarm 8.8.1.110 - Local Privilege Escalation
by Chris Anastasio
CVE-2019-2413 EXPLOITDB MEDIUM text VERIFIED
Oracle Reports Developer 12.2.1.3 - Info Disclosure
Vulnerability in the Oracle Reports Developer component of Oracle Fusion Middleware (subcomponent: Valid Session). The supported version that is affected is 12.2.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Reports Developer. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Reports Developer, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Reports Developer accessible data as well as unauthorized read access to a subset of Oracle Reports Developer accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
by Mohamed M.Fouad
CVSS 6.1
CVE-2019-6274 EXPLOITDB HIGH text
Gl-inet Gl-ar300m-lite Firmware - Path Traversal
Directory traversal vulnerability in storage_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to have unspecified impact via directory traversal sequences.
by Pasquale Turi
CVSS 8.8
CVE-2019-6273 EXPLOITDB MEDIUM text
Gl-inet Gl-ar300m-lite Firmware - Path Traversal
download_file in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to download arbitrary files.
by Pasquale Turi
CVSS 6.5
CVE-2019-6272 EXPLOITDB HIGH text
Gl-inet Gl-ar300m-lite Firmware - Command Injection
Command injection vulnerability in login_cgi in GL.iNet GL-AR300M-Lite devices with firmware 2.27 allows remote attackers to execute arbitrary code.
by Pasquale Turi
CVSS 8.8
CVE-2019-0555 EXPLOITDB HIGH text VERIFIED
Microsoft XmlDocument - Privilege Escalation
An elevation of privilege vulnerability exists in the Microsoft XmlDocument class that could allow an attacker to escape from the AppContainer sandbox in the browser, aka "Microsoft XmlDocument Elevation of Privilege Vulnerability." This affects Windows Server 2012 R2, Windows RT 8.1, Windows Server 2012, Windows Server 2019, Windows Server 2016, Windows 8.1, Windows 10, Windows 10 Servers.
by Google Security Research
CVSS 7.8
By Source
All 31,346 Writeup 50,618 Exploitdb 50,135 Nomisec 21,371 Metasploit 3,228 Github 2,573 Vulncheck_xdb 901 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,959 python 5,911 c 3,576 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 52 postscript 25 xml 24