Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-111703 EXPLOITDB text
Real Estate Custom Script - 'route' SQL Injection
by 8bitsec
CVE-2018-6581 EXPLOITDB CRITICAL text
jms_music 1.1.1 - SQL Injection via Search Parameter
SQL Injection exists in the JMS Music 1.1.1 component for Joomla! via a search with the keyword, artist, or username parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6580 EXPLOITDB CRITICAL text
Jimtawl 2.1.6 and 2.2.5 - Unrestricted File Upload via Component Request
Arbitrary file upload exists in the Jimtawl 2.1.6 and 2.2.5 component for Joomla! via a view=upload&task=upload&pop=true&tmpl=component request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6579 EXPLOITDB CRITICAL text
JEXTN Reverse Auction 3.1.0 - SQL Injection via view=products&uid= Parameter
SQL Injection exists in the JEXTN Reverse Auction 3.1.0 component for Joomla! via a view=products&uid= request.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6575 EXPLOITDB CRITICAL text
JEXTN Classified 1.0.0 - SQL Injection via view=boutique&sid Parameter
SQL Injection exists in the JEXTN Classified 1.0.0 component for Joomla! via a view=boutique&sid= request.
by Ihsan Sencan
CVSS 9.8
EIP-2026-107044 EXPLOITDB text
Fancy Clone Script - 'search_browse_product' SQL Injection
by 8bitsec
CVE-2018-6576 EXPLOITDB CRITICAL text
Event Manager 1.0 - SQL Injection via event.php id or page.php slug Parameter
SQL Injection exists in Event Manager 1.0 via the event.php id parameter or the page.php slug parameter.
by Ihsan Sencan
CVSS 9.8
EIP-2026-104971 EXPLOITDB text
Advance Loan Management System - 'id' SQL Injection
by 8bitsec
EIP-2026-101731 EXPLOITDB text
FiberHome AN5506 - Remote DNS Change
by r0ots3c
EIP-2026-100653 EXPLOITDB text
IPSwitch MOVEit 8.1 < 9.4 - Cross-Site Scripting
by 1n3
CVE-2018-25118 EXPLOITDB CRITICAL text
GeoVision embedded IP devices - Command Injection
GeoVision embedded IP devices, confirmed on GV-BX1500 and GV-MFD1501, contain a remote command injection vulnerability via /PictureCatch.cgi that enables an attacker to execute arbitrary commands on the device. The vulnerable models have been declared end-of-life (EOL) by the vendor. VulnCheck has observed this vulnerability being exploited in the wild as of 2025-10-19 08:55:13.141502 UTC.
by bashis
CVE-2017-5792 EXPLOITDB CRITICAL text
HPE Intelligent Management Center PLAT 7.3 E0504P2 - Remote Code Execution via Untrusted Data Deserialization
A Remote Code Execution vulnerability in HPE Intelligent Management Center (iMC) PLAT version 7.3 E0504P2 was found.
by Chris Lyne
CVSS 9.8
CVE-2018-6395 EXPLOITDB CRITICAL text
Visual Calendar 3.1.3 - SQL Injection via id Parameter
SQL Injection exists in the Visual Calendar 3.1.3 component for Joomla! via the id parameter in a view=load action.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6397 EXPLOITDB HIGH text
Picture Calendar 3.1.4 - Path Traversal via List.php Folder Parameter
Directory Traversal exists in the Picture Calendar 3.1.4 component for Joomla! via the list.php folder parameter.
by Ihsan Sencan
CVSS 7.5
CVE-2018-6398 EXPLOITDB CRITICAL text
CP Event Calendar 3.0.1 - SQL Injection via id Parameter
SQL Injection exists in the CP Event Calendar 3.0.1 component for Joomla! via the id parameter in a task=load action.
by Ihsan Sencan
CVSS 9.8
CVE-2017-18078 EXPLOITDB HIGH text
systemd < 237 - Local Privilege Escalation via Hard Link Ownership Bypass
systemd-tmpfiles in systemd before 237 attempts to support ownership/permission changes on hardlinked files even if the fs.protected_hardlinks sysctl is turned off, which allows local users to bypass intended access restrictions via vectors involving a hard link to a file for which the user lacks write access, as demonstrated by changing the ownership of the /etc/passwd file.
by Michael Orlitzky
CVSS 7.8
CVE-2018-25124 EXPLOITDB HIGH text
PacsOne Server <6.6.2 - Path Traversal
PacsOne Server version 6.6.2 (prior versions are likely affected) contains a directory traversal vulnerability within the web-based DICOM viewer component. Successful exploitation allows a remote unauthenticated attacker to read arbitrary files via the 'nocache.php' endpoint with a crafted 'path' parameter. Exploitation evidence was observed by the Shadowserver Foundation on 2025-02-02 UTC.
by Carlos Avila
CVE-2018-6365 EXPLOITDB CRITICAL text
TSiteBuilder 1.0 - SQL Injection via id Parameter
SQL Injection exists in TSiteBuilder 1.0 via the id parameter to /site.php, /pagelist.php, or /page_new.php.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6363 EXPLOITDB CRITICAL text
Task Rabbit Clone 1.0 - SQL Injection via single_blog.php id Parameter
SQL Injection exists in Task Rabbit Clone 1.0 via the single_blog.php id parameter.
by Ihsan Sencan
CVSS 9.8
EIP-2026-110444 EXPLOITDB text
PACSOne Server 6.6.2 DICOM Web Viewer - SQL Injection
by Carlos Avila
CVE-2018-6364 EXPLOITDB CRITICAL text
Multilanguage Real Estate MLM Script <= 3.0 - SQL Injection via srch Parameter
SQL Injection exists in Multilanguage Real Estate MLM Script through 3.0 via the /product-list.php srch parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6008 EXPLOITDB HIGH text
Jtag Members Directory 5.3.7 - Info Disclosure
Arbitrary File Download exists in the Jtag Members Directory 5.3.7 component for Joomla! via the download_file parameter.
by Ihsan Sencan
CVSS 7.5
CVE-2017-17612 EXPLOITDB CRITICAL text
Hot Scripts Clone 3.1 - SQL Injection via Categories Subctid or Mctid Parameter
Hot Scripts Clone 3.1 has SQL Injection via the /categories subctid or mctid parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-6367 EXPLOITDB CRITICAL text
Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 - SQL Injection via chat_window.php or search_events.php
SQL Injection exists in Vastal I-Tech Buddy Zone Facebook Clone 2.9.9 via the /chat_im/chat_window.php request_id parameter or the /search_events.php category parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2018-5759 EXPLOITDB MEDIUM text
Artifex MuJS < 1.0.2 - Denial of Service via Uncontrolled Recursion in Binary Expression Parsing
jsparse.c in Artifex MuJS through 1.0.2 does not properly maintain the AST depth for binary expressions, which allows remote attackers to cause a denial of service (excessive recursion) via a crafted file.
by Andrea Sindoni
CVSS 5.5