Text Exploits

31,346 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110696 EXPLOITDB text
PHP File Browser Script 1 - Directory Traversal
by AkkuS
EIP-2026-109589 EXPLOITDB text
mooSocial Store Plugin 2.6 - SQL Injection
by Andrea Bocchetti
CVE-2018-25207 EXPLOITDB HIGH text
Online Quiz Maker 1.0 SQL Injection via catid Parameter
Online Quiz Maker 1.0 contains SQL injection vulnerabilities in the catid and usern parameters that allow authenticated attackers to execute arbitrary SQL commands. Attackers can submit malicious POST requests to quiz-system.php or add-category.php with crafted SQL payloads in POST parameters to extract sensitive database information or bypass authentication.
by AkkuS
CVSS 7.1
CVE-2018-16252 EXPLOITDB LOW text
Fspro Event Log Explorer - XXE
FsPro Labs Event Log Explorer 4.6.1.2115 has ".elx" FileType XML External Entity Injection.
by hyp3rlinx
CVSS 3.3
EIP-2026-104955 EXPLOITDB text
Admidio 3.3.5 - Cross-Site Request Forgery (Change Permissions)
by Nawaf Alkeraithe
CVE-2018-15839 EXPLOITDB CRITICAL text
Dlink Dir-615 Firmware - Memory Corruption
D-Link DIR-615 devices have a buffer overflow via a long Authorization HTTP header.
by Aniket Dinda
CVSS 9.8
CVE-2018-15844 EXPLOITDB HIGH text
Damicms - CSRF
An issue was discovered in DamiCMS 6.0.0. There is an CSRF vulnerability that can revise the administrator account's password via /admin.php?s=/Admin/doedit.
by Autism_JH
CVSS 8.8
EIP-2026-102108 EXPLOITDB text VERIFIED
Vox TG790 ADSL Router - Cross-Site Scripting
by cakes
CVE-2018-17140 EXPLOITDB MEDIUM text
WordPress Quizlord <2.0 - XSS
The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS via the title parameter in a ql_insert action to wp-admin/admin.php.
by Renos Nikolaou
CVSS 5.4
CVE-2018-17138 EXPLOITDB MEDIUM text
Jibu Pro <1.7 - XSS
The Jibu Pro plugin through 1.7 for WordPress is prone to Stored XSS via the wp-content/plugins/jibu-pro/quiz_action.php name (aka Quiz Name) field.
by Renos Nikolaou
CVSS 5.4
CVE-2018-16133 EXPLOITDB MEDIUM text VERIFIED
Cybrotech Cybrohttpserver - Path Traversal
Cybrotech CyBroHttpServer 1.0.3 allows Directory Traversal via a ../ in the URI.
by Emre ÖVÜNÇ
CVSS 5.3
CVE-2018-16134 EXPLOITDB MEDIUM text VERIFIED
Cybrotech Cybrohttpserver - XSS
Cybrotech CyBroHttpServer 1.0.3 allows XSS via a URI.
by Emre ÖVÜNÇ
CVSS 6.1
CVE-2018-12710 EXPLOITDB HIGH text
D-Link DIR-601 2.02NA - Info Disclosure
An issue was discovered on D-Link DIR-601 2.02NA devices. Being local to the network and having only "User" account (which is a low privilege account) access, an attacker can intercept the response from a POST request to obtain "Admin" rights due to the admin password being displayed in XML.
by Kevin Randall
CVSS 8.0
CVE-2018-15745 EXPLOITDB HIGH text VERIFIED
Argus Surveillance DVR 4.0.0.0 - Directory Traversal
Argus Surveillance DVR 4.0.0.0 devices allow Unauthenticated Directory Traversal, leading to File Disclosure via a ..%2F in the WEBACCOUNT.CGI RESULTPAGE parameter.
by hyp3rlinx
CVSS 7.5
CVE-2017-1000499 EXPLOITDB HIGH text VERIFIED
phpMyAdmin <4.7.6.1/4.7.7 - CSRF
phpMyAdmin versions 4.7.x (prior to 4.7.6.1/4.7.7) are vulnerable to a CSRF weakness. By deceiving a user to click on a crafted URL, it is possible to perform harmful database operations such as deleting records, dropping/truncating tables etc.
by VulnSpy
CVSS 8.8
EIP-2026-117518 EXPLOITDB text
Microsoft Windows - Advanced Local Procedure Call (ALPC) Local Privilege Escalation
by SandboxEscaper
EIP-2026-103031 EXPLOITDB text
VirtualBox 5.2.6.r120293 - VM Escape
by Reno Robert
CVE-2018-15535 EXPLOITDB HIGH text VERIFIED
Tecrail Responsive Filemanager < 9.13.4 - Path Traversal
/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize get_file sequences such as ".." that can resolve to a location that is outside of that directory, aka Directory Traversal.
by Simon Uvarov
CVSS 7.5
EIP-2026-119590 EXPLOITDB text
Firefox 55.0.3 - Denial of Service (PoC)
by L0RD
EIP-2026-119421 EXPLOITDB text
Sentrifugo HRMS 3.2 - 'deptid' SQL Injection
by Javier Olmedo
CVE-2018-15536 EXPLOITDB MEDIUM text VERIFIED
Tecrail Responsive Filemanager < 9.13.4 - Path Traversal
/filemanager/ajax_calls.php in tecrail Responsive FileManager before 9.13.4 does not properly validate file paths in archives, allowing for the extraction of crafted archives to overwrite arbitrary files via an extract action, aka Directory Traversal.
by Simon Uvarov
CVSS 5.5
CVE-2018-15845 EXPLOITDB HIGH text
Gleezcms Gleez Cms - CSRF
There is a CSRF vulnerability that can add an administrator account in Gleez CMS 1.2.0 via admin/users/add.
by GunEggWang
CVSS 8.8
CVE-2018-15685 EXPLOITDB HIGH text VERIFIED
Electron < 1.7.16 - Remote Code Execution
GitHub Electron 1.7.15, 1.8.7, 2.0.7, and 3.0.0-beta.6, in certain scenarios involving IFRAME elements and "nativeWindowOpen: true" or "sandbox: true" options, is affected by a WebPreferences vulnerability that can be leveraged to perform remote code execution.
by Matt Austin
CVSS 8.1
CVE-2018-12827 EXPLOITDB HIGH text VERIFIED
Adobe Flash Player <30.0.0.134 - Info Disclosure
Adobe Flash Player 30.0.0.134 and earlier have an out-of-bounds read vulnerability. Successful exploitation could lead to information disclosure.
by Google Security Research
CVSS 7.5
EIP-2026-101974 EXPLOITDB text
Seagate Personal Cloud SRN21C 4.3.16.0 / 4.3.18.0 - SQL Injection
by Yorick Koster
By Source
All 31,346 Writeup 52,991 Exploitdb 50,135 Nomisec 21,420 Metasploit 3,228 Github 2,580 Vulncheck_xdb 903 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,346 ruby 5,959 python 5,917 c 3,577 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 52 postscript 25 xml 24