Text Exploits

31,341 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-47878 EXPLOITDB HIGH text
Jedox - Unrestricted File Upload
Incorrect input validation for the default-storage-path in the settings page in Jedox 2020.2.5 allows remote, authenticated users to specify the location as Webroot directory. Consecutive file uploads can lead to the execution of arbitrary code. NOTE: The vendor states that the vulnerability affects installations running version 22.2 or earlier. The issue was resolved with the version 22.3 and later versions are not affected. Additionally, the vendor states that this vulnerability affects on-premises deployments only and that it does not impact cloud-hosted or SaaS environments.
by Team Syslifters
CVSS 8.8
CVE-2022-47874 EXPLOITDB MEDIUM text
Jedox Cloud - Incorrect Authorization
Improper Access Control in /tc/rpc in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to view details of database connections via class 'com.jedox.etl.mngr.Connections' and method 'getGlobalConnection'.
by Team Syslifters
CVSS 6.5
CVE-2023-29809 EXPLOITDB CRITICAL text VERIFIED
Companymaps - SQL Injection
SQL injection vulnerability found in Maximilian Vogt companymaps (cmaps) v.8.0 allows a remote attacker to execute arbitrary code via a crafted script in the request.
by Lucas Noki (0xPrototype)
CVSS 9.8
CVE-2023-53931 EXPLOITDB MEDIUM text
Revive Adserver 5.4.1 - XSS
Revive Adserver 5.4.1 contains a cross-site scripting vulnerability in the banner advanced configuration page that allows attackers to inject malicious scripts. Attackers can craft a malicious link to the banner-advanced.php endpoint with XSS payloads in prepend and append parameters to execute arbitrary JavaScript when an admin views the page.
by Mirabbas Ağalarov
CVSS 6.1
CVE-2023-53930 EXPLOITDB HIGH text VERIFIED
ProjectSend r1605 - Info Disclosure
ProjectSend r1605 contains an insecure direct object reference vulnerability that allows unauthenticated attackers to download private files by manipulating the download ID parameter. Attackers can access any user's private files by changing the 'id' parameter in the download request to process.php.
by Mirabbas Ağalarov
CVSS 7.5
CVE-2023-53929 EXPLOITDB HIGH text
phpMyFAQ 3.1.12 - Code Injection
phpMyFAQ 3.1.12 contains a CSV injection vulnerability that allows authenticated users to inject malicious formulas into their profile names. Attackers can modify their user profile name with a payload like 'calc|a!z|' to trigger code execution when an administrator exports user data as a CSV file.
by Mirabbas Ağalarov
CVSS 8.8
CVE-2023-53928 EXPLOITDB MEDIUM text
PHPFusion 9.10.30 - XSS
PHPFusion 9.10.30 contains a stored cross-site scripting vulnerability in the file manager that allows attackers to upload malicious SVG files with embedded JavaScript. Attackers can upload SVG files with script tags that execute arbitrary JavaScript when viewed, potentially stealing user session information or performing client-side attacks.
by Mirabbas Ağalarov
CVSS 5.4
CVE-2023-53927 EXPLOITDB MEDIUM text
PHPJabbers Simple CMS 5.0 - XSS
PHPJabbers Simple CMS 5.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through section name parameters. Attackers can create sections with embedded JavaScript payloads that will execute when administrators view the sections, potentially enabling client-side code execution.
by Ahmet Ümit BAYRAM
CVSS 5.4
CVE-2023-53926 EXPLOITDB CRITICAL text
PHPJabbers Simple CMS 5.0 - SQL Injection
PHPJabbers Simple CMS 5.0 contains a SQL injection vulnerability in the 'column' parameter that allows remote attackers to manipulate database queries. Attackers can inject crafted SQL payloads through the 'column' parameter in the index.php endpoint to potentially extract or modify database information.
by Ahmet Ümit BAYRAM
CVSS 9.8
CVE-2023-25438 EXPLOITDB HIGH text
Genomedics Millegpg - Incorrect Permission Assignment
An issue was discovered in Genomedics MilleGP5 5.9.2, allows remote attackers to execute arbitrary code and gain escalated privileges via modifying specific files.
by Andrea Intilangelo
CVSS 7.8
EIP-2026-116739 EXPLOITDB text
Advanced Host Monitor v12.56 - Unquoted Service Path
by Mr Empy
EIP-2026-111998 EXPLOITDB text
Serendipity 2.4.0 - File Inclusion RCE
by nu11secur1ty
EIP-2026-110751 EXPLOITDB text
PHP Restaurants 1.0 - SQLi Authentication Bypass & Cross Site Scripting
by Or4nG.M4N
CVE-2023-29983 EXPLOITDB MEDIUM text
Companymaps - XSS
Cross Site Scripting vulnerability found in Maximilian Vogt cmaps v.8.0 allows a remote attacker to execute arbitrary code via the auditlog tab in the admin panel.
by Lucas Noki (0xPrototype)
CVSS 5.4
EIP-2026-104957 EXPLOITDB text
admidio v4.2.5 - CSV Injection
by Mirabbas Ağalarov
CVE-2023-53947 EXPLOITDB HIGH text
OCS Inventory NG <2.3.0.0 - Privilege Escalation
OCS Inventory NG 2.3.0.0 contains an unquoted service path vulnerability that allows local attackers to escalate privileges to system level. Attackers can place a malicious executable in the unquoted service path and trigger the service restart to execute code with elevated system privileges.
by msd0pe
CVSS 8.4
CVE-2023-53946 EXPLOITDB HIGH text
Arcsoft PhotoStudio 6.0.0.172 - Privilege Escalation
Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service path vulnerability in the ArcSoft Exchange Service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and trigger the service to execute arbitrary code with system-level permissions.
by msd0pe
CVSS 8.4
EIP-2026-118156 EXPLOITDB text
Wondershare Filmora 12.2.9.2233 - Unquoted Service Path
by msd0pe
CVE-2023-53949 EXPLOITDB HIGH text
AspEmail 5.6.0.2 - Privilege Escalation
AspEmail 5.6.0.2 contains a binary permission vulnerability that allows local users to escalate privileges through the Persits Software EmailAgent service. Attackers can exploit full write permissions in the BIN directory to replace the service executable and gain elevated system access.
by Zer0FauLT
CVSS 8.4
CVE-2023-53933 EXPLOITDB HIGH text
Serendipity 2.4.0 - RCE
Serendipity 2.4.0 contains a remote code execution vulnerability that allows authenticated attackers to upload malicious PHP files with .phar extension. Attackers can upload files with system command payloads to the media upload endpoint and execute arbitrary commands on the server.
by Mirabbas Ağalarov
CVSS 8.8
CVE-2023-53932 EXPLOITDB MEDIUM text
Serendipity 2.4.0 - XSS
Serendipity 2.4.0 contains a stored cross-site scripting vulnerability that allows authenticated users to inject malicious scripts through blog entry creation. Attackers can craft entries with JavaScript payloads that will execute when other users view the compromised blog post.
by Mirabbas Ağalarov
CVSS 5.4
CVE-2023-26918 EXPLOITDB CRITICAL text
Diasoft File Replication Pro 7.5.0 - Privilege Escalation
Diasoft File Replication Pro 7.5.0 allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because %ProgramFiles%\FileReplicationPro allows Everyone:(F) access.
by Andrea Intilangelo
CVSS 9.8
EIP-2026-114748 EXPLOITDB text
FUXA V.1.1.13-1186 - Unauthenticated Remote Code Execution (RCE)
by Rodolfo Mariano
EIP-2026-111544 EXPLOITDB text
ProjeQtOr Project Management System 10.3.2 - Remote Code Execution (RCE)
by Mirabbas Ağalarov
EIP-2026-111290 EXPLOITDB text
Piwigo 13.6.0 - Stored Cross-Site Scripting (XSS)
by Mirabbas Ağalarov
By Source
All 31,341 Exploitdb 50,123 Writeup 46,621 Nomisec 21,121 Metasploit 3,189 Github 2,231 Vulncheck_xdb 900 Inthewild 518 Gitlab 438 Gitee 415 Patchapalooza 312
By Language
text 31,341 ruby 5,920 python 5,731 c 3,550 perl 2,854 html 2,054 php 1,334 bash 459 java 359 javascript 259 c++ 245 shell 68 go 41 postscript 25 xml 24