Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-105144 EXPLOITDB text
Alumni Tracer SMS Notification - SQL Injection / Cross-Site Request Forgery
by Ihsan Sencan
EIP-2026-104163 EXPLOITDB text
Apache OFBiz 16.11.05 - Cross-Site Scripting
by DKM
CVE-2018-15961 EXPLOITDB CRITICAL text
Adobe ColdFusion July 12 release (2018.0.0.310739) Update 6 and earlier Update 14 and earlier - Unrestricted File Upload
Adobe ColdFusion versions July 12 release (2018.0.0.310739), Update 6 and earlier, and Update 14 and earlier have an unrestricted file upload vulnerability. Successful exploitation could lead to arbitrary code execution.
by Vahagn Vardanyan
CVSS 9.8
CVE-2018-4435 EXPLOITDB HIGH text VERIFIED
iPhone OS < 12.1.1, macOS < 10.14.2, tvOS < 12.1.1, watchOS < 5.1.2 - Logic Issue
A logic issue was addressed with improved restrictions. This issue affected versions prior to iOS 12.1.1, macOS Mojave 10.14.2, tvOS 12.1.1, watchOS 5.1.2.
by Google Security Research
CVSS 7.8
CVE-2018-7358 EXPLOITDB MEDIUM text VERIFIED
ZTE ZXHN H168N Firmware V2.2.0_PK1.2T5 V2.2.0_PK1.2T2 V2.2.0_PK11T7 V2.2.0_PK11T - Improper Authentication
ZTE ZXHN H168N product with versions V2.2.0_PK1.2T5, V2.2.0_PK1.2T2, V2.2.0_PK11T7 and V2.2.0_PK11T have an improper change control vulnerability, which may allow an unauthorized user to perform unauthorized operations.
by Usman Saeed
CVSS 6.5
CVE-2018-13134 EXPLOITDB MEDIUM text
TP-Link Archer C1200 Firmware 1.13 Build 20299 - Stored Cross-Site Scripting via PATH_INFO to /webpages/data URI
TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI.
by Usman Saeed
CVSS 6.1
CVE-2018-7921 EXPLOITDB MEDIUM text
Huawei B315s-22 <21.318.01.00.26 - Info Disclosure
Huawei B315s-22 products with software of 21.318.01.00.26 have an information leak vulnerability. Unauthenticated adjacent attackers may exploit this vulnerability to obtain device information.
by Usman Saeed
CVSS 6.5
EIP-2026-106535 EXPLOITDB text
DomainMOD 4.11.01 - 'DisplayName' Cross-Site Scripting
by Mohammed Abdul Raheem
CVE-2018-19877 EXPLOITDB MEDIUM text
Adiscon LogAnalyzer < 4.1.7 - Cross-Site Scripting via Login Button Referer Field
login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field.
by Gustavo Sorondo
CVSS 6.1
EIP-2026-107556 EXPLOITDB text
HasanMWB 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-108995 EXPLOITDB text
KeyBase Botnet 1.5 - SQL Injection
by n4pst3r
CVE-2018-19782 EXPLOITDB MEDIUM text
FreshRSS 1.11.1 - Cross-Site Scripting via GET Parameters
Multiple cross-site scripting (XSS) vulnerabilities in GET requests in FreshRSS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) c parameter or (2) a parameter.
by Netsparker
CVSS 6.1
CVE-2018-19752 EXPLOITDB MEDIUM text
DomainMOD 4.09.03-4.11.01 - Stored Cross-Site Scripting via Registrar Notes Field
DomainMOD through 4.11.01 has XSS via the assets/add/registrar.php notes field for the Registrar.
by Mohammed Abdul Raheem
CVSS 4.8
CVE-2018-19749 EXPLOITDB MEDIUM text
DomainMOD < 4.11.01 - Stored Cross-Site Scripting via Account Owner Name Field
DomainMOD through 4.11.01 has XSS via the assets/add/account-owner.php Owner name field.
by Mohammed Abdul Raheem
CVSS 4.8
CVE-2018-19751 EXPLOITDB MEDIUM text
DomainMOD 4.09.03-4.11.01 - Stored Cross-Site Scripting via Custom SSL Fields Notes Parameter
DomainMOD through 4.11.01 has XSS via the admin/ssl-fields/add.php notes field for Custom SSL Fields.
by Mohammed Abdul Raheem
CVSS 4.8
CVE-2018-19750 EXPLOITDB MEDIUM text
DomainMOD < 4.11.01 - Stored Cross-Site Scripting via Custom Domain Field Notes
DomainMOD through 4.11.01 has XSS via the admin/domain-fields/ notes field in an Add Custom Field action for Custom Domain Fields.
by Mohammed Abdul Raheem
CVSS 5.4
CVE-2018-19799 EXPLOITDB MEDIUM text
Dolibarr ERP/CRM <= 8.0.3 - Cross-Site Scripting via Export Datatoexport Parameter
Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS.
by AkkuS
CVSS 6.1
CVE-2018-19627 EXPLOITDB HIGH text VERIFIED
Wireshark <2.6.5-2.4.11 - Buffer Overflow
In Wireshark 2.6.0 to 2.6.4 and 2.4.0 to 2.4.10, the IxVeriWave file parser could crash. This was addressed in wiretap/vwr.c by adjusting a buffer boundary.
by Google Security Research
CVSS 7.5
EIP-2026-103726 EXPLOITDB text VERIFIED
Wireshark - 'cdma2k_message_ACTIVE_SET_RECORD_FIELDS' Stack Corruption
by Google Security Research
CVE-2018-19616 EXPLOITDB HIGH text
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Client-Side Access Control Bypass to Administrator Manipulation
An issue was discovered in Rockwell Automation Allen-Bradley PowerMonitor 1000. An unauthenticated user can add/edit/remove administrators because access control is implemented on the client side via a disabled attribute for a BUTTON element.
by Luca.Chiou
CVSS 8.1
CVE-2018-19615 EXPLOITDB MEDIUM text
Rockwell Automation Allen-Bradley PowerMonitor 1000 - Code Injection
Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. A remote attacker could inject arbitrary code into a targeted user’s web browser to gain access to the affected device.
by Luca.Chiou
CVSS 6.1
EIP-2026-115866 EXPLOITDB text
Mozilla Firefox 63.0.1 - Denial of Service (PoC)
by SAIKUMAR CHEBROLU
EIP-2026-113544 EXPLOITDB text
WordPress Plugin Advanced-Custom-Fields 5.7.7 - Cross-Site Scripting
by Loading Kura Kura
EIP-2026-110761 EXPLOITDB text
PHP Server Monitor 3.3.1 - Cross-Site Request Forgery
by Javier Olmedo
EIP-2026-102569 EXPLOITDB text
Budabot 4.0 - Denial of Service (PoC)
by Ryan Delaney
By Source
All 31,386 Writeup 62,573 Exploitdb 50,076 Nomisec 22,496 Github 3,735 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 480 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,630 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,334 bash 462 java 371 c++ 261 javascript 231 shell 137 go 73 postscript 25 typescript 25