Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-112296 EXPLOITDB text
Social Oauth Login PHP - Authentication Bypass
by L0RD
EIP-2026-112280 EXPLOITDB text
SOA School Management - 'access_login' SQL Injection
by L0RD
CVE-2018-1213 EXPLOITDB HIGH text VERIFIED
Dell EMC Isilon OneFS CSRF (7.1.1.11, 7.2.1.0-7.2.1.5, 8.0.0.0-8.0.0.6, 8.0.1.0-8.0.1.2, 8.1.0.0-8.1.0.2)
Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized requests to the server on behalf of authenticated users of the application.
by Core Security
CVSS 8.8
CVE-2018-6928 EXPLOITDB CRITICAL text
News Website Script 2.0.4 - SQL Injection via Search Term
PHP Scripts Mall News Website Script 2.0.4 has SQL Injection via a search term.
by Varun Bagaria
CVSS 9.8
CVE-2018-6889 EXPLOITDB HIGH text
Typesetter 5.1 - Host Header Injection
An issue was discovered in Typesetter 5.1. It suffers from a Host header injection vulnerability, Using this attack, a malicious user can poison the web cache or perform advanced password reset attacks or even trigger arbitrary user re-direction.
by Navina Asrani
CVSS 8.8
CVE-2019-25258 EXPLOITDB HIGH text
LogicalDOC Enterprise 7.7.4 - Info Disclosure
LogicalDOC Enterprise 7.7.4 contains multiple post-authentication file disclosure vulnerabilities that allow attackers to read arbitrary files through unverified 'suffix' and 'fileVersion' parameters. Attackers can exploit directory traversal techniques in /thumbnail and /convertpdf endpoints to access sensitive system files like win.ini and /etc/passwd by manipulating path traversal sequences.
by LiquidWorm
CVSS 7.5
CVE-2019-25257 EXPLOITDB MEDIUM text
LogicalDOC Enterprise 7.7.4 - Command Injection
LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration parameters like antivirus.command, ocr.Tesseract.path, and other system paths to execute arbitrary system commands with elevated privileges.
by LiquidWorm
CVSS 6.5
EIP-2026-102396 EXPLOITDB text
LogicalDOC Enterprise 7.7.4 - User Enumeration
by LiquidWorm
EIP-2026-111700 EXPLOITDB text
Readymade Video Sharing Script 3.2 - 'search' SQL Injection
by Varun Bagaria
EIP-2026-110503 EXPLOITDB text
Paypal Clone Script 1.0.9 - 'id' / 'acctype' SQL Injection
by L0RD
EIP-2026-109838 EXPLOITDB text
Naukri Clone Script 3.0.3 - 'indus' SQL Injection
by L0RD
CVE-2018-6845 EXPLOITDB MEDIUM text
PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 - Stored Cross-Site Scripting via Leave Comment Field
PHP Scripts Mall Multi Language Olx Clone Script 2.0.6 has XSS via the Leave Comment field.
by Varun Bagaria
CVSS 6.1
EIP-2026-110189 EXPLOITDB text VERIFIED
Online Test Script 2.0.7 - 'cid' SQL Injection
by L0RD
EIP-2026-106890 EXPLOITDB text VERIFIED
Entrepreneur Dating Script 2.0.2 - Authentication Bypass
by L0RD
CVE-2017-13236 EXPLOITDB HIGH text VERIFIED
Android 8.0-8.1 - Incorrect Permission Assignment for Critical Resource in KeyStore Service
In the KeyStore service, there is a permissions bypass that allows access to protected resources. This could lead to local escalation of privilege with system execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: 8.0, 8.1. Android ID: A-68217699.
by Google Security Research
CVSS 7.8
CVE-2017-14521 EXPLOITDB HIGH text VERIFIED
WonderCMS 2.3.1 - Unrestricted Upload of File with Dangerous Type
In WonderCMS 2.3.1, the upload functionality accepts random application extensions and leads to malicious File Upload.
by Samrat Das
CVSS 8.8
CVE-2017-14523 EXPLOITDB HIGH text
WonderCMS 2.3.1 - HTTP Host Header Injection
WonderCMS 2.3.1 is vulnerable to an HTTP Host header injection attack. It uses user-entered values to redirect pages. NOTE: the vendor reports that exploitation is unlikely because the attack can only come from a local machine or from the administrator as a self attack
by Samrat Das
CVSS 7.5
EIP-2026-112452 EXPLOITDB text
Student Profile Management System Script 2.0.6 - Authentication Bypass
by L0RD
EIP-2026-109941 EXPLOITDB text
NixCMS 1.0 - 'category_id' SQL Injection
by Bora Bozdogan
EIP-2026-109342 EXPLOITDB text
Matrimonial Website Script 2.1.6 - 'uid' SQL Injection
by L0RD
CVE-2018-6582 EXPLOITDB CRITICAL text
Zh GoogleMap 8.4.0.0 - SQL Injection via id Parameter
SQL Injection exists in the Zh GoogleMap 8.4.0.0 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6605 EXPLOITDB CRITICAL text
Zh BaiduMap 3.0.0.1 - SQL Injection via id Parameter
SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in a getPlacemarkDetails, getPlacemarkHoverText, getPathHoverText, or getPathDetails request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6609 EXPLOITDB CRITICAL text
jsp_tickets 1.1 - SQL Injection via Ticketcode or ID Parameter
SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via the ticketcode parameter in a ticketlist edit action, or the id parameter in a statuslist (or prioritylist) edit action.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6317 EXPLOITDB CRITICAL text
Claymore Dual Miner < 10.5 - Unauthenticated Format String Vulnerability
The remote management interface in Claymore Dual Miner 10.5 and earlier is vulnerable to an unauthenticated format string vulnerability, allowing remote attackers to read memory or cause a denial of service.
by res1n
CVSS 9.1
CVE-2018-6190 EXPLOITDB MEDIUM text
Netis WF2419 V3.2.41381 - Stored Cross-Site Scripting via MAC Filtering Description Field
Netis WF2419 V3.2.41381 devices allow XSS via the Description field on the MAC Filtering page.
by Sajibe Kanti
CVSS 5.4