Text Exploits

31,364 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109941 EXPLOITDB text
NixCMS 1.0 - 'category_id' SQL Injection
by Bora Bozdogan
EIP-2026-109342 EXPLOITDB text
Matrimonial Website Script 2.1.6 - 'uid' SQL Injection
by L0RD
CVE-2018-6582 EXPLOITDB CRITICAL text
ZH Googlemap - SQL Injection
SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6605 EXPLOITDB CRITICAL text
ZH Baidumap - SQL Injection
SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6609 EXPLOITDB CRITICAL text
Jsp Tickets - SQL Injection
SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via the ticketcode parameter in a ticketlist edit action, or the id parameter in a statuslist (or prioritylist) edit action.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6317 EXPLOITDB CRITICAL text
Claymore Dual Miner < 10.5 - Format String Vulnerability
The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service.
by res1n
CVSS 9.1
CVE-2018-6190 EXPLOITDB MEDIUM text
Netis WF2419 V3.2.41381 - XSS
Netis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page.
by Sajibe Kanti
CVSS 5.4
EIP-2026-111703 EXPLOITDB text
Real Estate Custom Script - 'route' SQL Injection
by 8bitsec
CVE-2018-6581 EXPLOITDB CRITICAL text
Joommasters Jms Music - SQL Injection
SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6580 EXPLOITDB CRITICAL text
Janguo Jimtawl - Unrestricted File Upload
Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&task=upload&pop=true&tmpl=component request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6579 EXPLOITDB CRITICAL text
Jextn Reverse Auction - SQL Injection
SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&uid= request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6575 EXPLOITDB CRITICAL text
Jextn Classified - SQL Injection
SQL Injection exists in the JEXTN Classified 1.0.0 component for Joomla! via a view=boutique&sid= request.
by Ihsan Sencan
CVSS 9.8
EIP-2026-107044 EXPLOITDB text
Fancy Clone Script - 'search_browse_product' SQL Injection
by 8bitsec
CVE-2018-6576 EXPLOITDB CRITICAL text
Ezcode Event Manager - SQL Injection
SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter.
by Ihsan Sencan
CVSS 9.8
EIP-2026-104971 EXPLOITDB text
Advance Loan Management System - 'id' SQL Injection
by 8bitsec
EIP-2026-101731 EXPLOITDB text
FiberHome AN5506 - Remote DNS Change
by r0ots3c
EIP-2026-100653 EXPLOITDB text
IPSwitch MOVEit 8.1 < 9.4 - Cross-Site Scripting
by 1n3
CVE-2018-25118 EXPLOITDB CRITICAL text
GeoVision embedded IP devices - Command Injection
GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. The vulnerable models have been declared end-of-life (EOL) by the vendor. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-19 08:55:13.141502 UTC.
by bashis
CVE-2017-5792 EXPLOITDB CRITICAL text
HP Intelligent Management Center - Insecure Deserialization
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
by Chris Lyne
CVSS 9.8
CVE-2018-6395 EXPLOITDB CRITICAL text
Joomlacalendars Visual Calendar - SQL Injection
SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! via the id parameter in a view=load action.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6397 EXPLOITDB HIGH text
Joomlacalendars Picture Calendar - Path Traversal
Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php folder parameter.
by Ihsan Sencan
CVSS 7.5
CVE-2018-6398 EXPLOITDB CRITICAL text
Joomlacalendars Event Calendar - SQL Injection
SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a task=load action.
by Ihsan Sencan
CVSS 9.8
CVE-2017-18078 EXPLOITDB HIGH text
Systemd < 237 - Symlink Following
systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.
by Michael Orlitzky
CVSS 7.8
CVE-2018-25124 EXPLOITDB HIGH text
PacsOne Server <6.6.2 - Path Traversal
PacsOne Server version 6.6.2 (prior versions are likely affected) contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the 'nocache.php' endpoint with a crafted 'path' parameter. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.
by Carlos Avila
CVE-2018-6365 EXPLOITDB CRITICAL text
Datacomponents Tsitebuilder - SQL Injection
SQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site.php, /pagelist.php, or /page_new.php.
by Ihsan Sencan
CVSS 9.8
By Source
All 31,364 Writeup 54,687 Exploitdb 50,186 Nomisec 21,443 Metasploit 3,228 Github 2,587 Vulncheck_xdb 904 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,364 ruby 5,960 python 5,949 c 3,580 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 55 postscript 25 xml 24