Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109096 EXPLOITDB text VERIFIED
LEPTON 2.2.2 - Remote Code Execution
by Curesec Research Team
EIP-2026-107301 EXPLOITDB text
FUDforum 3.0.6 - Local File Inclusion
by Curesec Research Team
EIP-2026-107300 EXPLOITDB text
FUDforum 3.0.6 - Cross-Site Scripting / Cross-Site Request Forgery
by Curesec Research Team
EIP-2026-102359 EXPLOITDB text
Atlassian Confluence AppFusions Doxygen 1.3.0 - Directory Traversal
by Julien Ahrens
EIP-2026-111947 EXPLOITDB text VERIFIED
ScriptCase 8.1.053 - Multiple Vulnerabilities
by hyp3rlinx
EIP-2026-106772 EXPLOITDB text
EditMe CMS - Cross-Site Request Forgery (Add Admin)
by Vulnerability-Lab
CVE-2016-9151 EXPLOITDB HIGH text VERIFIED
Palo Alto Networks PAN-OS <7.1.6 - Privilege Escalation
Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables.
by Google Security Research
CVSS 7.8
CVE-2016-9151 EXPLOITDB HIGH text VERIFIED
Palo Alto Networks PAN-OS <7.1.6 - Privilege Escalation
Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows local users to gain privileges via crafted values of unspecified environment variables.
by Google Security Research
CVSS 7.8
CVE-2016-9150 EXPLOITDB CRITICAL text VERIFIED
Palo Alto Networks PAN-OS <7.1.6 - Buffer Overflow
Buffer overflow in the management web interface in Palo Alto Networks PAN-OS before 5.0.20, 5.1.x before 5.1.13, 6.0.x before 6.0.15, 6.1.x before 6.1.15, 7.0.x before 7.0.11, and 7.1.x before 7.1.6 allows remote attackers to execute arbitrary code via unspecified vectors.
by Google Security Research
CVSS 9.8
CVE-2016-20073 EXPLOITDB HIGH text VERIFIED
Answer My Question 1.3 Plugin WordPress SQL Injection via modal.php
Answer My Question 1.3 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the 'id' POST parameter. Attackers can submit crafted SQL statements to the modal.php endpoint to extract sensitive database information including WordPress terms and configuration data.
by Lenon Leite
CVSS 8.2
EIP-2026-114061 EXPLOITDB text VERIFIED
WordPress Plugin Sirv 1.3.1 - SQL Injection
by Lenon Leite
EIP-2026-106252 EXPLOITDB text
CS-Cart 4.3.10 - XML External Entity Injection
by 0x4148
CVE-2016-7216 EXPLOITDB MEDIUM text VERIFIED
Microsoft Windows Vista/Server 2008/7 Privilege Escalation via Kernel API Mishandling
The kernel API in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, and Windows 7 SP1 mishandles permissions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Elevation of Privilege Vulnerability."
by Google Security Research
CVSS 5.5
CVE-2016-20072 EXPLOITDB HIGH text
BBS e-Franchise 1.1.1 WordPress Plugin SQL Injection via uid
BBS e-Franchise 1.1.1 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the uid parameter. Attackers can craft requests to pages using the plugin's shortcode with UNION-based SQL injection in the uid parameter to extract sensitive data from the WordPress database including user information and taxonomy terms.
by Lenon Leite
CVSS 8.2
CVE-2016-20065 EXPLOITDB HIGH text VERIFIED
Product Catalog 8 1.2 Plugin WordPress SQL Injection
Product Catalog 8 1.2 plugin for WordPress contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code through the selectedCategory parameter. Attackers can submit POST requests to the admin-ajax.php endpoint with the UpdateCategoryList action to extract sensitive database information from WordPress tables.
by Lenon Leite
CVSS 8.2
EIP-2026-109700 EXPLOITDB text
MyBB 1.8.6 - Cross-Site Scripting
by Curesec Research Team
EIP-2026-104842 EXPLOITDB text VERIFIED
4Images 1.7.13 - SQL Injection
by 0x4148
CVE-2016-7851 EXPLOITDB MEDIUM text VERIFIED
Adobe Connect <= 9.5.6 - Cross-Site Scripting in Events Registration Module
Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. This vulnerability could be exploited in cross-site scripting attacks.
by Vulnerability-Lab
CVSS 6.1
CVE-2016-7237 EXPLOITDB MEDIUM text VERIFIED
Microsoft Windows - Authenticated Denial of Service via LSASS Crafted Request
Local Security Authority Subsystem Service (LSASS) in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, and 1607, and Windows Server 2016 allows remote authenticated users to cause a denial of service (system hang) via a crafted request, aka "Local Security Authority Subsystem Service Denial of Service Vulnerability."
by laurent gaffie
CVSS 6.5
EIP-2026-114183 EXPLOITDB text
WordPress Plugin WassUp Real Time Analytics 1.9 - Persistent Cross-Site Scripting
by Burak Kelebek
EIP-2026-113518 EXPLOITDB text VERIFIED
WordPress Plugin 404 to 301 2.2.8 - Persistent Cross-Site Scripting
by Alyssa Milburn
EIP-2026-112346 EXPLOITDB text VERIFIED
Sophos Web Appliance 4.2.1.3 - Remote Code Execution
by KoreLogic
EIP-2026-111938 EXPLOITDB text VERIFIED
Schoolhos CMS 2.29 - 'kelas' SQL Injection
by Vulnerability-Lab
EIP-2026-111301 EXPLOITDB text
Piwik 2.16.0 - 'layout' PHP Object Injection
by Egidio Romano
EIP-2026-109950 EXPLOITDB text VERIFIED
NodCMS - PHP Code Execution
by Ashiyane Digital Security Team