Text Exploits

31,329 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-112955 EXPLOITDB text
Vanelo - SQL Injection
by Ihsan Sencan
EIP-2026-112788 EXPLOITDB text
Travel Tours Script 2.0 - SQL Injection
by Ihsan Sencan
EIP-2026-111551 EXPLOITDB text
Property Listing Script 3.1 - SQL Injection
by Ihsan Sencan
EIP-2026-110702 EXPLOITDB text
PHP Forum Script 3.0 - SQL Injection
by Ihsan Sencan
EIP-2026-110555 EXPLOITDB text
Pet Listing Script 3.0 - SQL Injection
by Ihsan Sencan
EIP-2026-109493 EXPLOITDB text
Mirage - SQL Injection
by Ihsan Sencan
EIP-2026-107427 EXPLOITDB text
Global In - SQL Injection
by Ihsan Sencan
EIP-2026-107426 EXPLOITDB text
Global In - Arbitrary File Upload
by Ihsan Sencan
CVE-2017-6823 EXPLOITDB HIGH text
Fiyo CMS 2.0.6.1 - Privilege Escalation
Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action.
by rungga_reksya
CVSS 8.8
EIP-2026-106532 EXPLOITDB text
Domain Marketplace Script - SQL Injection
by Ihsan Sencan
CVE-2017-6528 EXPLOITDB HIGH text
Dnatools Dnalims - Insufficiently Protected Credentials
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage (the /home/dna/spool/.pfile file).
by Shorebreak Security
CVSS 8.1
CVE-2017-6527 EXPLOITDB HIGH text
Dnatools Dnalims - Path Traversal
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user (by using the viewAppletFsa.cgi seqID parameter).
by Shorebreak Security
CVSS 7.5
CVE-2017-6526 EXPLOITDB CRITICAL text
Dnatools Dnalims - Authentication Bypass
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi POST requests).
by Shorebreak Security
CVSS 9.8
CVE-2017-6550 EXPLOITDB CRITICAL text
Kinsey Infor-lawson - SQL Injection
Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData.
by Michael Benich
CVSS 9.8
CVE-2017-6529 EXPLOITDB HIGH text
Dnatools Dnalims - Insufficient Session Expiration
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter.
by Shorebreak Security
CVSS 8.8
EIP-2026-113962 EXPLOITDB text
WordPress Plugin PICA Photo Gallery 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-113875 EXPLOITDB text
WordPress Plugin Mac Photo Gallery 3.0 - Arbitrary File Download
by Ihsan Sencan
EIP-2026-113568 EXPLOITDB text
WordPress Plugin Apptha Slider Gallery 1.0 - SQL Injection
by Ihsan Sencan
EIP-2026-113567 EXPLOITDB text
WordPress Plugin Apptha Slider Gallery 1.0 - Arbitrary File Download
by Ihsan Sencan
EIP-2026-112767 EXPLOITDB text
TradeMart 1.1 - SQL Injection
by Ihsan Sencan
EIP-2026-112352 EXPLOITDB text
Soundify 1.1 - 'tid' SQL Injection
by Ihsan Sencan
EIP-2026-109942 EXPLOITDB text
Nlance 2.2 - SQL Injection
by Ihsan Sencan
EIP-2026-109383 EXPLOITDB text
Media Search Engine Script - 'search' SQL Injection
by Ihsan Sencan
EIP-2026-107053 EXPLOITDB text
Fashmark 1.2 - 'category' SQL Injection
by Ihsan Sencan
EIP-2026-106183 EXPLOITDB text
Country on Sale Script - SQL Injection
by Ihsan Sencan
By Source
All 31,329 Writeup 59,016 Exploitdb 49,983 Nomisec 21,452 Metasploit 3,217 Github 2,523 Vulncheck_xdb 901 Inthewild 514 Gitlab 440 Gitee 415 Patchapalooza 312
By Language
text 31,329 python 5,912 ruby 5,906 c 3,561 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 88 go 53 postscript 25 xml 24