Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2017-16522 EXPLOITDB HIGH text
MitraStar GPT-2541GNAC and DSL-100HN-T1 - Authenticated Privilege Escalation via Command Execution
MitraStar GPT-2541GNAC (HGU) 1.00(VNJ0)b1 and DSL-100HN-T1 ES_113WJY0b16 devices allow remote authenticated users to obtain root access by specifying /bin/sh as the command to execute.
by j0lama
CVSS 8.8
CVE-2017-15727 EXPLOITDB MEDIUM text
phpmyfaq < 2.9.8 - Stored Cross-Site Scripting via HTML Attachment
In phpMyFAQ before 2.9.9, there is Stored Cross-site Scripting (XSS) via an HTML attachment.
by Nikhil Mittal
CVSS 5.4
CVE-2017-15081 EXPLOITDB CRITICAL text
PHP Melody CMS 2.6.1 - SQL Injection via Playlist Parameter
In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.
by Venkat Rajgor
CVSS 9.8
EIP-2026-104112 EXPLOITDB text
Uniview - Remote Command Execution / Export Config (PoC)
by bashis
CVE-2017-15730 EXPLOITDB HIGH text
phpmyfaq < 2.9.8 - Cross-Site Request Forgery in admin/stat.ratings.php
In phpMyFAQ before 2.9.9, there is Cross-Site Request Forgery (CSRF) in admin/stat.ratings.php.
by Nikhil Mittal
CVSS 8.8
CVE-2017-6008 EXPLOITDB HIGH text
Sophos HitmanPro < 3.7.20 - Local Privilege Escalation via Malformed IOCTL Call
A kernel pool overflow in the driver hitmanpro37.sys in Sophos SurfRight HitmanPro before 3.7.20 Build 286 (included in the HitmanPro.Alert solution and Sophos Clean) allows local users to escalate privileges via a malformed IOCTL call.
by cbayet
CVSS 7.8
CVE-2017-15879 EXPLOITDB HIGH text
KeystoneJS < 4.0.0-beta.7 - CSV Injection via CSV Export
CSV Injection (aka Excel Macro Injection or Formula Injection) exists in admin/server/api/download.js and lib/list/getCSVData.js in KeystoneJS before 4.0.0-beta.7 via a value that is mishandled in a CSV export.
by Ishaq Mohammed
CVSS 8.8
CVE-2017-15878 EXPLOITDB MEDIUM text
KeystoneJS < 4.0.0 - Stored Cross-Site Scripting via Contact Us Feature
A cross-site scripting (XSS) vulnerability exists in fields/types/markdown/MarkdownType.js in KeystoneJS before 4.0.0-beta.7 via the Contact Us feature.
by Ishaq Mohammed
CVSS 6.1
EIP-2026-107291 EXPLOITDB text
FS Trademe Clone - 'id' SQL Injection
by 8bitsec
EIP-2026-107290 EXPLOITDB text
FS Thumbtack Clone - 'ser' SQL Injection
by 8bitsec
EIP-2026-107289 EXPLOITDB text
FS Shutter Stock Clone - 'keywords' SQL Injection
by 8bitsec
EIP-2026-107287 EXPLOITDB text
FS Realtor Clone - 'id' SQL Injection
by 8bitsec
EIP-2026-107285 EXPLOITDB text
FS Monster Clone - 'id' SQL Injection
by 8bitsec
EIP-2026-107274 EXPLOITDB text
FS Crowdfunding Script - 'id' SQL Injection
by 8bitsec
EIP-2026-107273 EXPLOITDB text
FS Care Clone - 'sitterService' SQL Injection
by 8bitsec
CVE-2017-15639 EXPLOITDB MEDIUM text
Mura CMS < 6.1 - XML External Entity Injection via RSS Feed Parser
tasks/feed/readRSS.cfm in Mura CMS before 6.2 allows attackers to bypass intended access restrictions by leveraging the "draggable feeds" feature.
by Anthony Cole
CVSS 6.5
EIP-2026-107286 EXPLOITDB text
FS OLX Clone - 'catg_id' SQL Injection
by 8bitsec
EIP-2026-107283 EXPLOITDB text
FS Lynda Clone - 'category' SQL Injection
by 8bitsec
EIP-2026-107282 EXPLOITDB text
FS Indiamart Clone - 'keywords' SQL Injection
by 8bitsec
EIP-2026-107280 EXPLOITDB text
FS Groupon Clone - 'category' SQL Injection
by 8bitsec
EIP-2026-107279 EXPLOITDB text
FS Freelancer Clone - 'sk' SQL Injection
by 8bitsec
EIP-2026-107278 EXPLOITDB text
FS Food Delivery Script - 'keywords' SQL Injection
by 8bitsec
EIP-2026-107276 EXPLOITDB text
FS Expedia Clone - 'hid' SQL Injection
by 8bitsec
EIP-2026-107275 EXPLOITDB text
FS Ebay Clone - 'pd_maincat_id' SQL Injection
by 8bitsec
EIP-2026-107272 EXPLOITDB text
FS Car Rental Script - 'pickup_location' SQL Injection
by 8bitsec