Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-102943 EXPLOITDB text VERIFIED
Oracle VM VirtualBox - Cooperating VMs can Escape from Shared Folder
by Google Security Research
CVE-2017-6805 EXPLOITDB MEDIUM text VERIFIED
MobaXterm Personal Edition 9.4 - Path Traversal
Directory traversal vulnerability in the TFTP server in MobaXterm Personal Edition 9.4 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET command.
by hyp3rlinx
CVSS 5.3
EIP-2026-114520 EXPLOITDB text
Yellow Pages Script 3.2 - 'category_id' SQL Injection
by Ihsan Sencan
EIP-2026-114499 EXPLOITDB text
Yacht Listing Script 2.0 - SQL Injection
by Ihsan Sencan
EIP-2026-112955 EXPLOITDB text
Vanelo - SQL Injection
by Ihsan Sencan
EIP-2026-112788 EXPLOITDB text
Travel Tours Script 2.0 - SQL Injection
by Ihsan Sencan
EIP-2026-111551 EXPLOITDB text
Property Listing Script 3.1 - SQL Injection
by Ihsan Sencan
EIP-2026-110702 EXPLOITDB text
PHP Forum Script 3.0 - SQL Injection
by Ihsan Sencan
EIP-2026-110555 EXPLOITDB text
Pet Listing Script 3.0 - SQL Injection
by Ihsan Sencan
EIP-2026-109493 EXPLOITDB text
Mirage - SQL Injection
by Ihsan Sencan
EIP-2026-107427 EXPLOITDB text
Global In - SQL Injection
by Ihsan Sencan
EIP-2026-107426 EXPLOITDB text
Global In - Arbitrary File Upload
by Ihsan Sencan
CVE-2017-6823 EXPLOITDB HIGH text
Fiyo CMS 2.0.6.1 - Privilege Escalation
Fiyo CMS 2.0.6.1 allows remote authenticated users to gain privileges via a modified level parameter to dapur/ in an app=user&act=edit action.
by rungga_reksya
CVSS 8.8
EIP-2026-106532 EXPLOITDB text
Domain Marketplace Script - SQL Injection
by Ihsan Sencan
CVE-2017-6528 EXPLOITDB HIGH text
dnaTools dnaLIMS 4-2015s13 - Insufficiently Protected Credentials in Password Storage
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is affected by plaintext password storage (the /home/dna/spool/.pfile file).
by Shorebreak Security
CVSS 8.1
CVE-2017-6527 EXPLOITDB HIGH text
dnaTools dnaLIMS 4-2015s13 - Unauthenticated Path Traversal via viewAppletFsa.cgi seqID Parameter
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to a NUL-terminated directory traversal attack allowing an unauthenticated attacker to access system files readable by the web server user (by using the viewAppletFsa.cgi seqID parameter).
by Shorebreak Security
CVSS 7.5
CVE-2017-6526 EXPLOITDB CRITICAL text
dnaTools dnaLIMS 4-2015s13 - Unauthenticated Remote Code Execution via sysAdmin.cgi
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to unauthenticated command execution through an improperly protected administrative web shell (cgi-bin/dna/sysAdmin.cgi POST requests).
by Shorebreak Security
CVSS 9.8
CVE-2017-6550 EXPLOITDB CRITICAL text
Kinsey Infor-Lawson - SQL Injection via TABLE or QUERY Parameter
Multiple SQL injection vulnerabilities in Kinsey Infor-Lawson (formerly ESBUS) allow remote attackers to execute arbitrary SQL commands via the (1) TABLE parameter to esbus/servlet/GetSQLData or (2) QUERY parameter to KK_LS9ReportingPortal/GetData.
by Michael Benich
CVSS 9.8
CVE-2017-6529 EXPLOITDB HIGH text
dnaTools dnaLIMS 4-2015s13 - Session Hijacking via UID Parameter Guessing
An issue was discovered in dnaTools dnaLIMS 4-2015s13. dnaLIMS is vulnerable to session hijacking by guessing the UID parameter.
by Shorebreak Security
CVSS 8.8
CVE-2017-20248 EXPLOITDB HIGH text
WordPress Plugin Apptha Slider Gallery 1.0 Path Traversal File Download
Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send requests to asgallDownload.php with directory traversal sequences ../ to access sensitive files outside the intended directory.
by Ihsan Sencan
CVSS 7.5
CVE-2017-20247 EXPLOITDB HIGH text
WordPress Plugin PICA Photo Gallery 1.0 SQL Injection
WordPress Plugin PICA Photo Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the aid parameter. Attackers can send GET requests with crafted SQL payloads in the aid parameter to extract sensitive database information including user credentials and table contents.
by Ihsan Sencan
CVSS 8.2
CVE-2017-20250 EXPLOITDB HIGH text
WordPress Plugin Mac Photo Gallery 3.0 Arbitrary File Download
Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like wp-load.php outside the intended plugin directory.
by Ihsan Sencan
CVSS 7.5
CVE-2017-20249 EXPLOITDB HIGH text
WordPress Plugin Apptha Slider Gallery 1.0 SQL Injection
Apptha Slider Gallery 1.0 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the albid parameter. Attackers can send GET requests with crafted SQL payloads in the albid parameter to extract sensitive database information including user credentials and authentication hashes.
by Ihsan Sencan
CVSS 8.2
EIP-2026-112767 EXPLOITDB text
TradeMart 1.1 - SQL Injection
by Ihsan Sencan
EIP-2026-112352 EXPLOITDB text
Soundify 1.1 - 'tid' SQL Injection
by Ihsan Sencan