Text Exploits

31,329 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-107848 EXPLOITDB text
inoERP 0.6.1 - Cross-Site Scripting / Cross-Site Request Forgery / SQL Injection / Session Fixation
by Tim Herres
EIP-2026-106184 EXPLOITDB text
CouponPHP CMS 3.1 - 'code' SQL Injection
by Ihsan Sencan
CVE-2017-2619 EXPLOITDB HIGH text VERIFIED
Samba < 4.4.12 - Race Condition
Samba before versions 4.6.1, 4.5.7 and 4.4.11 are vulnerable to a malicious client using a symlink race to allow access to areas of the server file system not exported under the share definition.
by Google Security Research
CVSS 7.5
CVE-2017-5227 EXPLOITDB HIGH text VERIFIED
QNAP QTS <4.2.4 - Info Disclosure
QNAP QTS before 4.2.4 Build 20170313 allows local users to obtain sensitive Domain Administrator password information by reading data in an XOR format within the /etc/config/uLinux.conf configuration file.
by Pasquale Fiorillo
CVSS 7.5
EIP-2026-112756 EXPLOITDB text
Tour Package Booking 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-110747 EXPLOITDB text
Php Real Estate Property Script - SQL Injection
by Ihsan Sencan
EIP-2026-110478 EXPLOITDB text
Parcel Delivery Booking Script 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-108938 EXPLOITDB text
Just Another Video Script 1.4.3 - SQL Injection
by Ihsan Sencan
EIP-2026-107649 EXPLOITDB text
Hotel Booking Script 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-106411 EXPLOITDB text
Delux Same Day Delivery Script 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-106191 EXPLOITDB text
Courier Tracking Software 6.0 - SQL Injection
by Ihsan Sencan
EIP-2026-105355 EXPLOITDB text
B2B Marketplace Script 2.0 - SQL Injection
by Ihsan Sencan
EIP-2026-105086 EXPLOITDB text
Alibaba Clone Script - SQL Injection
by Ihsan Sencan
CVE-2017-7851 EXPLOITDB HIGH text
D-link Dcs-936l < 1.05.07 - CSRF
D-Link DCS-936L devices with firmware before 1.05.07 have an inadequate CSRF protection mechanism that requires the device's IP address to be a substring of the HTTP Referer header.
by SlidingWindow
CVSS 8.8
EIP-2026-104965 EXPLOITDB text
Adult Tube Video Script - SQL Injection
by Ihsan Sencan
EIP-2026-107472 EXPLOITDB text
Gr8 Tutorial Script - SQL Injection
by Ihsan Sencan
EIP-2026-107470 EXPLOITDB text
Gr8 Gallery Script - SQL Injection
by Ihsan Sencan
CVE-2017-7240 EXPLOITDB HIGH text
Miele Professional PST10 - Path Traversal
An issue was discovered on Miele Professional PST10 devices. The corresponding embedded webserver "PST10 WebServer" typically listens to port 80 and is prone to a directory traversal attack; therefore, an unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks. A Proof of Concept is GET /../../../../../../../../../../../../etc/shadow HTTP/1.1. This affects PG8527 devices 2.02 before 2.12, PG8527 devices 2.51 before 2.61, PG8527 devices 2.52 before 2.62, PG8527 devices 2.54 before 2.64, PG8528 devices 2.02 before 2.12, PG8528 devices 2.51 before 2.61, PG8528 devices 2.52 before 2.62, PG8528 devices 2.54 before 2.64, PG8535 devices 1.00 before 1.10, PG8535 devices 1.04 before 1.14, PG8536 devices 1.10 before 1.20, and PG8536 devices 1.14 before 1.24.
by Jens Regel
CVSS 7.5
CVE-2018-17841 EXPLOITDB CRITICAL text
Scriptzee Flippa Marketplace Clone 1.0 - SQL Injection
SQL injection exists in Scriptzee Flippa Marketplace Clone 1.0 via the site-search sortBy or sortDir parameter.
by Ihsan Sencan
CVSS 9.8
EIP-2026-102761 EXPLOITDB text VERIFIED
wifirxpower - Local Buffer Overflow (PoC)
by Nassim Asrir
EIP-2026-108790 EXPLOITDB text
Joomla! Component Modern Booking 1.0 - 'coupon' SQL Injection
by Hamed Izadi
EIP-2026-107424 EXPLOITDB text
GLink Word Link Script 1.2.3 - SQL Injection
by Ihsan Sencan
EIP-2026-102016 EXPLOITDB text
Solare Datensysteme Solar-Log Devices 2.8.4-56/3.5.2-85 - Multiple Vulnerabilities
by SEC Consult
EIP-2026-102015 EXPLOITDB text
Solare Datensysteme Solar-Log Devices 2.8.4-56/3.5.2-85 - Multiple Vulnerabilities
by SEC Consult
EIP-2026-108645 EXPLOITDB text
Joomla! Component Extra Search 2.2.8 - 'establename' SQL Injection
by Ihsan Sencan
By Source
All 31,329 Writeup 59,016 Exploitdb 49,983 Nomisec 21,452 Metasploit 3,217 Github 2,523 Vulncheck_xdb 901 Inthewild 514 Gitlab 440 Gitee 415 Patchapalooza 312
By Language
text 31,329 python 5,912 ruby 5,906 c 3,561 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 88 go 53 postscript 25 xml 24