Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110156 EXPLOITDB text
Online Print Business 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-109661 EXPLOITDB text
My Builder Marketplace 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-109077 EXPLOITDB text
Law Firm 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-108942 EXPLOITDB text
Just Dial Marketplace 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-108098 EXPLOITDB text
Job Board Software 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-106907 EXPLOITDB text
Escort Marketplace 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-105370 EXPLOITDB text
Babysitter Website Script 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-110123 EXPLOITDB text
Online Invoice System 3.0 - SQL Injection
by Ihsan Sencan
EIP-2026-107012 EXPLOITDB text
EzInvoice 6.02 - SQL Injection
by Ihsan Sencan
EIP-2026-107006 EXPLOITDB text
EzBan 5.3 - 'id' SQL Injection
by Ihsan Sencan
CVE-2017-14219 EXPLOITDB MEDIUM text
Intelbras Wireless N 150Mbps router WRN 240 - XSS
XSS (persistent) on the Intelbras Wireless N 150Mbps router with firmware WRN 240 allows attackers to steal wireless credentials without being connected to the network, related to userRpm/popupSiteSurveyRpm.htm and userRpm/WlanSecurityRpm.htm. The attack vector is a crafted ESSID, as demonstrated by an "airbase-ng -e" command.
by Elber Tavares
CVSS 6.1
EIP-2026-101784 EXPLOITDB text
Huawei HG255s - Directory Traversal
by Ahmet Mersin
EIP-2026-110500 EXPLOITDB text
Pay Banner Text Link Ad 1.0.6.1 - SQL Injection
by Ihsan Sencan
EIP-2026-106172 EXPLOITDB text
Cory Support - 'pr' SQL Injection
by v3n0m
EIP-2026-112875 EXPLOITDB text
Ultimate HR System < 1.2 - Directory Traversal / Cross-Site Scripting
by 8bitsec
EIP-2026-112631 EXPLOITDB text
The Car Project 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-104877 EXPLOITDB text
A2billing 2.x - SQL Injection
by 0x4148
CVE-2017-14147 EXPLOITDB CRITICAL text
FiberHome User End Router AN1020-25 - Info Disclosure
An issue was discovered on FiberHome User End Routers Bearing Model Number AN1020-25 which could allow an attacker to easily restore a router to its factory settings by simply browsing to the link http://[Default-Router-IP]/restoreinfo.cgi & execute it. Due to improper authentication on this page, the software accepts the request hence allowing attacker to reset the router to its default configurations which later could allow attacker to login to router by using default username/password.
by Ibad Shah
CVSS 9.8
CVE-2017-11567 EXPLOITDB HIGH text
Mongoose Embedded Web Server Library < 6.8 - Cross-Site Request Forgery via __mg_admin?save
Cross-site request forgery (CSRF) vulnerability in Mongoose Web Server before 6.9 allows remote attackers to hijack the authentication of users for requests that modify Mongoose.conf via a request to __mg_admin?save. NOTE: this issue can be leveraged to execute arbitrary code remotely.
by hyp3rlinx
CVSS 8.8
EIP-2026-107778 EXPLOITDB text
iGreeting Cards 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-104876 EXPLOITDB text
A2billing 2.x - Backup File Download / Remote Code Execution
by 0x4148
CVE-2017-13754 EXPLOITDB MEDIUM text
CodeMeter < 6.50a - Cross-Site Scripting via Time Server Configuration
Cross-site scripting (XSS) vulnerability in the "advanced settings - time server" module in Wibu-Systems CodeMeter before 6.50b allows remote attackers to inject arbitrary web script or HTML via the "server name" field in actions/ChangeConfiguration.html.
by Vulnerability-Lab
CVSS 5.4
CVE-2017-0901 EXPLOITDB HIGH text VERIFIED
RubyGems < 2.6.13 - Arbitrary File Write via Specification Name Validation Bypass
RubyGems version 2.6.12 and earlier fails to validate specification names, allowing a maliciously crafted gem to potentially overwrite any file on the filesystem.
by mame
CVSS 7.5
CVE-2017-13713 EXPLOITDB HIGH text
T&W WIFI Repeater BE126 - Authenticated Remote Code Execution via User Parameter
T&W WIFI Repeater BE126 allows remote authenticated users to execute arbitrary code via shell metacharacters in the user parameter to cgi-bin/webupg.
by Hay Mizrachi
CVSS 8.8
CVE-2017-20256 EXPLOITDB HIGH text
Joomla Survey Force Deluxe 3.2.4 SQL Injection via invite Parameter
Joomla Survey Force Deluxe 3.2.4 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the invite parameter. Attackers can send GET requests to the component with crafted SQL payloads in the invite parameter to extract sensitive database information.
by Ihsan Sencan
CVSS 8.2