Text Exploits

31,364 exploits tracked across all sources.

Sort: Activity Stars
CVE-2018-6363 EXPLOITDB CRITICAL text
Taskrabbit Clone - SQL Injection
SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter.
by Ihsan Sencan
CVSS 9.8
EIP-2026-110444 EXPLOITDB text
PACSOne Server 6.6.2 DICOM Web Viewer - SQL Injection
by Carlos Avila
CVE-2018-6364 EXPLOITDB CRITICAL text
Multilanguage Real Estate Mlm Script < 3.0 - SQL Injection
SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6008 EXPLOITDB HIGH text
Jtag Members Directory 5.3.7 - Info Disclosure
Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter.
by Ihsan Sencan
CVSS 7.5
CVE-2017-17612 EXPLOITDB CRITICAL text
Hot Scripts Clone - SQL Injection
Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6367 EXPLOITDB CRITICAL text
Vastal I-tech Buddy Zone Facebook Clone - SQL Injection
SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5759 EXPLOITDB MEDIUM text
Artifex MuJS <1.0.2 - DoS
jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the AST depth for binary expressions, which allows remote attackers to cause a denial of service (excessive recursion) via a crafted file.
by Andrea Sindoni
CVSS 5.5
CVE-2018-6191 EXPLOITDB MEDIUM text
Artifex Mujs < 1.0.2 - Integer Overflow
The js_strtod function in jsdtoa.c in Artifex MuJS through 1.0.2 has an integer overflow because of incorrect exponent validation.
by Andrea Sindoni
CVSS 5.5
EIP-2026-101131 EXPLOITDB text
Sony Playstation 3 (PS3) 4.82 - 'Jailbreak' (ROP)
by PS3Xploit
EIP-2026-113864 EXPLOITDB text
WordPress Plugin Learning Management System - 'course_id' SQL Injection
by Esecurity.ir
CVE-2018-5973 EXPLOITDB CRITICAL text
Professional Local Directory Script 1.0 - SQL Injection
SQL Injection exists in Professional Local Directory Script 1.0 via the sellers_subcategories.php IndustryID parameter, or the suppliers.php IndustryID or CategoryID parameter.
by Ihsan Sencan
CVSS 9.8
EIP-2026-116908 EXPLOITDB text VERIFIED
Blizzard Update Agent - JSON RPC DNS Rebinding
by Google Security Research
CVE-2018-5978 EXPLOITDB CRITICAL text
Facebook Style Php Ajax Chat Zechat 1.5 - SQL Injection
SQL Injection exists in Facebook Style Php Ajax Chat Zechat 1.5 via the login.php User field.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5979 EXPLOITDB CRITICAL text
Wchat Fully Responsive PHP AJAX Chat Script 1.5 - SQL Injection
SQL Injection exists in Wchat Fully Responsive PHP AJAX Chat Script 1.5 via the login.php User field.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5984 EXPLOITDB CRITICAL text
Tumder 2.1 - Joomla! - SQL Injection
SQL Injection exists in the Tumder (An Arcade Games Platform) 2.1 component for Joomla! via the PATH_INFO to the category/ URI.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5972 EXPLOITDB CRITICAL text
Classified Ads CMS Quickad 4.0 - SQL Injection
SQL Injection exists in Classified Ads CMS Quickad 4.0 via the keywords, placeid, cat, or subcat parameter to the listing URI.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5985 EXPLOITDB CRITICAL text
LiveCRM SaaS Cloud 1.0 - SQL Injection
SQL Injection exists in the LiveCRM SaaS Cloud 1.0 component for Joomla! via an r=site/login&company_id= request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5988 EXPLOITDB CRITICAL text
Flexible Poll 1.2 - SQL Injection
SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5986 EXPLOITDB CRITICAL text
Easy Car Script 2014 - SQL Injection
SQL Injection exists in Easy Car Script 2014 via the s_order or s_row parameter to site_search.php.
by Ihsan Sencan
CVSS 9.8
EIP-2026-105775 EXPLOITDB text
CentOS Web Panel 0.9.8.12 - 'row_id' / 'domain' SQL Injection
by Vulnerability-Lab
CVE-2018-5977 EXPLOITDB CRITICAL text
Affiligator Affiliate Webshop Mgmt Sys <2.1.0 - SQL Injection
SQL Injection exists in Affiligator Affiliate Webshop Management System 2.1.0 via a search/?q=&price_type=range&price= request.
by Ihsan Sencan
CVSS 9.8
EIP-2026-104354 EXPLOITDB text
NEC Univerge SV9100/SV8100 WebPro 10.0 - Configuration Download
by LiquidWorm
CVE-2018-5999 EXPLOITDB CRITICAL text
AsusWRT <3.0.0.4.384_10007 - Info Disclosure
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. In the handle_request function in router/httpd/httpd.c, processing of POST requests continues even if authentication fails.
by Pedro Ribeiro
CVSS 9.8
CVE-2018-6000 EXPLOITDB CRITICAL text
AsusWRT <3.0.0.4.384_10007 - Privilege Escalation
An issue was discovered in AsusWRT before 3.0.0.4.384_10007. The do_vpnupload_post function in router/httpd/web.c in vpnupload.cgi provides functionality for setting NVRAM configuration values, which allows attackers to set the admin password and launch an SSH daemon (or enable infosvr command mode), and consequently obtain remote administrative access, via a crafted request. This is available to unauthenticated attackers in conjunction with CVE-2018-5999.
by Pedro Ribeiro
CVSS 9.8
EIP-2026-105776 EXPLOITDB text
CentOS Web Panel 0.9.8.12 - Multiple Vulnerabilities
by Vulnerability-Lab
By Source
All 31,364 Writeup 54,687 Exploitdb 50,186 Nomisec 21,443 Metasploit 3,228 Github 2,587 Vulncheck_xdb 904 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,364 ruby 5,960 python 5,949 c 3,580 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 55 postscript 25 xml 24