Text Exploits

31,364 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-15974 EXPLOITDB CRITICAL text
Datacomponents Tpanel - SQL Injection
tPanel 2009 allows SQL injection for Authentication Bypass via 'or 1=1 or ''=' to login.php.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15973 EXPLOITDB CRITICAL text
Sokial - SQL Injection
Sokial Social Network Script 1.0 allows SQL Injection via the id parameter to admin/members_view.php.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15972 EXPLOITDB CRITICAL text
Softdatepro Dating Software - SQL Injection
SoftDatepro Dating Social Network 1.3 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15971.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15979 EXPLOITDB CRITICAL text
Odallated Shareet - SQL Injection
Shareet - Photo Sharing Social Network 1.0 allows SQL Injection via the photo parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15971 EXPLOITDB CRITICAL text
Softdatepro Same Date Pro - SQL Injection
Same Sex Dating Software Pro 1.0 allows SQL Injection via the viewprofile.php profid parameter, the viewmessage.php sender_id parameter, or the /admin Email field, a related issue to CVE-2017-15972.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15977 EXPLOITDB CRITICAL text
Protectedlinks Expiring Download Links - SQL Injection
Protected Links - Expiring Download Links 1.0 allows SQL Injection via the username parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15990 EXPLOITDB CRITICAL text
Savsofteproducts Phpinventory - Unrestricted File Upload
Php Inventory & Invoice Management System allows Arbitrary File Upload via dashboard/edit_myaccountdetail/.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15970 EXPLOITDB CRITICAL text
Phpcityportal - SQL Injection
PHP CityPortal 2.0 allows SQL Injection via the nid parameter to index.php in a page=news action, or the cat parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15969 EXPLOITDB CRITICAL text
Pilotgroup Allsharevideo - SQL Injection
PG All Share Video 1.0 allows SQL Injection via the PATH_INFO to search/tag, friends/index, users/profile, or video_catalog/category.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15989 EXPLOITDB CRITICAL text
Online Exam Test Application - SQL Injection
Online Exam Test Application allows SQL Injection via the resources.php sort parameter in a category action.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15988 EXPLOITDB CRITICAL text
Nicephpscripts Nice Php Faq Script - SQL Injection
Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15981 EXPLOITDB CRITICAL text
Geniusocean Newspaper - SQL Injection
Responsive Newspaper Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15982 EXPLOITDB CRITICAL text
Geniusocean News - SQL Injection
Dynamic News Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15983 EXPLOITDB CRITICAL text
Geniusocean Mymagazine Magazine & Blog Cms - SQL Injection
MyMagazine Magazine & Blog CMS 1.0 allows SQL Injection via the id parameter to admin/admin_process.php for form editing.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15968 EXPLOITDB CRITICAL text
Contractorscripts Mybuildersite - SQL Injection
MyBuilder Clone 1.0 allows SQL Injection via the phpsqlsearch_genxml.php subcategory parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15967 EXPLOITDB CRITICAL text
Mailing-manager Mailing List Manager Pro - SQL Injection
Mailing List Manager Pro 3.0 allows SQL Injection via the edit parameter to admin/users in a sort=login action, or the edit parameter to admin/template.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15966 EXPLOITDB CRITICAL text
ZH Yandexmap - SQL Injection
The Zh YandexMap (aka com_zhyandexmap) component 6.1.1.0 for Joomla! allows SQL Injection via the placemarklistid parameter to index.php.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15965 EXPLOITDB CRITICAL text
Nswd NS Download Shop - SQL Injection
The NS Download Shop (aka com_ns_downloadshop) component 2.2.6 for Joomla! allows SQL Injection via the id parameter in an invoice.create action.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15964 EXPLOITDB CRITICAL text
Nicephpscripts Job Board Script - SQL Injection
Job Board Script Software allows SQL Injection via the PATH_INFO to a /job-details URI.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15963 EXPLOITDB CRITICAL text
Itechscripts Gigs Script - SQL Injection
iTech Gigs Script 1.21 allows SQL Injection via the browse-scategory.php sc parameter or the service-provider.php ser parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15962 EXPLOITDB CRITICAL text
Istock Management System - Unrestricted File Upload
iStock Management System 1.0 allows Arbitrary File Upload via user/profile.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15961 EXPLOITDB CRITICAL text
Iproject Management System - SQL Injection
iProject Management System 1.0 allows SQL Injection via the ID parameter to index.php.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15957 EXPLOITDB HIGH text
Ingenious School Management System - Unrestricted File Upload
my_profile.php in Ingenious School Management System 2.3.0 allows a student or teacher to upload an arbitrary file.
by Ihsan Sencan
CVSS 8.8
CVE-2017-15987 EXPLOITDB CRITICAL text
Fake Magazine Cover Script - SQL Injection
Fake Magazine Cover Script allows SQL Injection via the rate.php value parameter or the content.php id parameter.
by Ihsan Sencan
CVSS 9.8
CVE-2017-15958 EXPLOITDB CRITICAL text
Domainzaar D-park Pro - SQL Injection
D-Park Pro Domain Parking Script 1.0 allows SQL Injection via the username to admin/loginform.php.
by Ihsan Sencan
CVSS 9.8
By Source
All 31,364 Writeup 55,491 Exploitdb 50,186 Nomisec 21,460 Metasploit 3,228 Github 2,591 Vulncheck_xdb 904 Inthewild 518 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,364 ruby 5,960 python 5,953 c 3,580 perl 2,854 html 2,056 php 1,334 bash 459 java 362 javascript 260 c++ 250 shell 95 go 55 postscript 25 xml 24