Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-104681 EXPLOITDB text VERIFIED
Symfony 2.7.0 < 4.0.10 - Denial of Service
by Federico Stange
CVE-2018-25206 EXPLOITDB HIGH text
KomSeo Cart 1.3 SQL Injection via edit.php
KomSeo Cart 1.3 contains an SQL injection vulnerability that allows attackers to inject SQL commands through the 'my_item_search' parameter in edit.php. Attackers can submit POST requests with malicious SQL payloads to extract sensitive database information using boolean-based blind or error-based injection techniques.
by AkkuS
CVSS 8.2
CVE-2018-11430 EXPLOITDB MEDIUM text
Moderator Log Notes 1.1 - Stored Cross-Site Scripting in Mod Notes Textarea
An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB. It allows moderators to save notes and display them in a list in the modCP. The XSS is located in the mod notes textarea.
by 0xB9
CVSS 5.4
CVE-2018-2791 EXPLOITDB HIGH text VERIFIED
Oracle WebCenter Sites <12.2.1.3.0 - Info Disclosure
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Advanced UI). Supported versions that are affected are 11.1.1.8.0, 12.2.1.2.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Sites. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle WebCenter Sites, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebCenter Sites accessible data as well as unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data. CVSS 3.0 Base Score 8.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N).
by Richard Alviarez
CVSS 8.2
CVE-2017-10033 EXPLOITDB MEDIUM text
Oracle WebCenter Sites <12.2.1.2.0 - Unauthorized Update
Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware (subcomponent: Support Tools). Supported versions that are affected are 11.1.1.8.0 and 12.2.1.2.0. Difficult to exploit vulnerability allows unauthenticated attacker with logon to the infrastructure where Oracle WebCenter Sites executes to compromise Oracle WebCenter Sites. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle WebCenter Sites accessible data as well as unauthorized read access to a subset of Oracle WebCenter Sites accessible data. Note: Please refer to Doc ID <a href="http://support.oracle.com/CSP/main/article?cmd=show&type=NOT&id=2318213.1">My Oracle Support Note 2318213.1 for instructions on how to address this issue. CVSS 3.0 Base Score 4.0 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N).
by Sebastian Cornejo
CVSS 4.0
CVE-2018-25205 EXPLOITDB HIGH text
ASP.NET jVideo Kit 1.0 SQL Injection via query Parameter
ASP.NET jVideo Kit 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to inject SQL commands through the 'query' parameter in the search functionality. Attackers can submit malicious SQL payloads via GET or POST requests to the /search endpoint to extract sensitive database information using boolean-based blind or error-based techniques.
by AkkuS
CVSS 8.2
EIP-2026-110493 EXPLOITDB text
PaulNews 1.0 - 'keyword' SQL Injection / Cross-Site Scripting
by AkkuS
CVE-2014-3110 EXPLOITDB text
Honeywell FALCON XLWeb Linux Controller < 2.04.01 and XLWebExe < 2.02.11 - Cross-Site Scripting
Multiple cross-site scripting (XSS) vulnerabilities on Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to inject arbitrary web script or HTML via invalid input.
by t4rkd3vilz
EIP-2026-103278 EXPLOITDB text
EU MRV Regulatory Complete Solution 1 - Authentication Bypass
by Veyselxan
CVE-2018-25335 EXPLOITDB CRITICAL text
WordPress Plugin Peugeot Music 1.0 Arbitrary File Upload
WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to execute code from the uploads directory.
by Mr.7z
CVSS 9.8
CVE-2018-25204 EXPLOITDB HIGH text
Library CMS 1.0 SQL Injection via admin login
Library CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can send POST requests to the admin login endpoint with boolean-based blind SQL injection payloads in the username field to manipulate database queries and gain unauthorized access.
by AkkuS
CVSS 8.2
CVE-2018-25203 EXPLOITDB HIGH text
Online Store System CMS 1.0 SQL Injection via clientaccess
Online Store System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the email parameter. Attackers can send POST requests to index.php with the action=clientaccess parameter using boolean-based blind or time-based blind SQL injection payloads in the email field to extract sensitive database information.
by AkkuS
CVSS 8.2
CVE-2018-25202 EXPLOITDB HIGH text
SAT CFDI 3.3 SQL Injection via signIn endpoint
SAT CFDI 3.3 contains an SQL injection vulnerability that allows attackers to manipulate database queries by injecting SQL code through the 'id' parameter in the signIn endpoint. Attackers can submit POST requests with boolean-based blind, stacked queries, or time-based blind SQL injection payloads to extract sensitive data or compromise the application.
by AkkuS
CVSS 8.2
CVE-2018-25201 EXPLOITDB HIGH text
School Management System CMS 1.0 Admin Login SQL Injection
School Management System CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious payloads using boolean-based blind SQL injection techniques to the processlogin endpoint to authenticate as administrator without valid credentials.
by AkkuS
CVSS 7.1
CVE-2018-25195 EXPLOITDB HIGH text
Wecodex Hotel CMS 1.0 SQL Injection via Admin Login
Wecodex Hotel CMS 1.0 contains an SQL injection vulnerability in the admin login functionality that allows unauthenticated attackers to bypass authentication by injecting SQL code. Attackers can submit malicious SQL payloads through the username parameter in POST requests to index.php with action=processlogin to extract sensitive database information or gain unauthorized administrative access.
by AkkuS
CVSS 8.2
CVE-2018-25185 EXPLOITDB HIGH text
Wecodex Restaurant CMS 1.0 SQL Injection via Login
Wecodex Restaurant CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the username parameter. Attackers can send POST requests to the login endpoint with malicious SQL payloads using boolean-based blind or time-based blind techniques to extract sensitive database information.
by AkkuS
CVSS 8.2
CVE-2018-25183 EXPLOITDB HIGH text
Shipping System CMS 1.0 SQL Injection via admin login
Shipping System CMS 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to bypass authentication by injecting SQL code through the username parameter. Attackers can submit malicious SQL payloads using boolean-based blind techniques in POST requests to the admin login endpoint to authenticate without valid credentials.
by AkkuS
CVSS 8.2
EIP-2026-119470 EXPLOITDB text
FTPShell Server 6.80 - Denial of Service
by Hashim Jawad
EIP-2026-113389 EXPLOITDB text
Wecodex Store Paypal 1.0 - SQL Injection
by AkkuS
EIP-2026-110677 EXPLOITDB text
PHP Dashboards 4.5 - SQL Injection
by AkkuS
EIP-2026-110676 EXPLOITDB text
PHP Dashboards 4.5 - 'email' SQL Injection
by AkkuS
EIP-2026-109800 EXPLOITDB text
MySQL Smart Reports 1.0 - 'id' SQL Injection / Cross-Site Scripting
by AkkuS
EIP-2026-109797 EXPLOITDB text
MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection / Cross-Site Scripting
by AkkuS
EIP-2026-109796 EXPLOITDB text
MySQL Blob Uploader 1.7 - 'home-filet-edit.php' SQL Injection
by AkkuS
EIP-2026-109795 EXPLOITDB text
MySQL Blob Uploader 1.7 - 'home-file-edit.php' SQL Injection / Cross-Site Scripting
by AkkuS