Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2023-31702 EXPLOITDB HIGH text
MicroWorld eScan Management Console <14.0.1400.2281 - SQL Injection
SQL injection in the View User Profile in MicroWorld eScan Management Console 14.0.1400.2281 allows remote attacker to dump entire database and gain windows XP command shell to perform code execution on database server via GetUserCurrentPwd?UsrId=1.
by Sahil Ojha
CVSS 7.2
CVE-2023-31703 EXPLOITDB CRITICAL text
Microworld Technologies eScan <14.0.1400.2281 - XSS
Cross Site Scripting (XSS) in the edit user form in Microworld Technologies eScan management console 14.0.1400.2281 allows remote attacker to inject arbitrary code via the from parameter.
by Sahil Ojha
CVSS 9.0
EIP-2026-118028 EXPLOITDB text
Trend Micro OfficeScan Client 10.0 - ACL Service LPE
by msd0pe
CVE-2023-31748 EXPLOITDB HIGH text
MobileTrans <4.0.11 - Privilege Escalation
Insecure permissions in MobileTrans v4.0.11 allows attackers to escalate privileges to local admin via replacing the executable file.
by Thurein Soe
CVSS 7.8
CVE-2023-30256 EXPLOITDB MEDIUM text
QloApps 1.5.2 - Cross-Site Scripting via AuthController Parameters
Cross Site Scripting vulnerability found in Webkil QloApps v.1.5.2 allows a remote attacker to obtain sensitive information via the back and email_create parameters in the AuthController.php file.
by Astik Rawat
CVSS 6.1
EIP-2026-112416 EXPLOITDB text
Stackposts Social Marketing Tool v1.0 - SQL Injection
by Ahmet Ümit BAYRAM
EIP-2026-112234 EXPLOITDB text
Smart School v1.0 - SQL Injection
by Ahmet Ümit BAYRAM
EIP-2026-111647 EXPLOITDB text
Quicklancer v1.0 - SQL Injection
by Ahmet Ümit BAYRAM
EIP-2026-111501 EXPLOITDB text
Prestashop 8.0.4 - CSV injection
by Mirabbas Ağalarov
EIP-2026-109086 EXPLOITDB text
LeadPro CRM v1.0 - SQL Injection
by Ahmet Ümit BAYRAM
CVE-2023-25440 EXPLOITDB MEDIUM text
CiviCRM 5.59.alpha1 - Stored Cross-Site Scripting in Contact Name Fields
Stored Cross Site Scripting (XSS) vulnerability in the add contact function CiviCRM 5.59.alpha1, allows attackers to execute arbitrary code in first/second name field.
by Andrea Intilangelo
CVSS 5.4
CVE-2023-31699 EXPLOITDB MEDIUM text
ChurchCRM 4.5.4 - Reflected Cross-Site Scripting via Image File
ChurchCRM v4.5.4 is vulnerable to Reflected Cross-Site Scripting (XSS) via image file.
by Rahad Chowdhury
CVSS 4.8
CVE-2023-31698 EXPLOITDB MEDIUM text VERIFIED
Bludit 3.14.1 - Stored Cross-Site Scripting via SVG Site Logo Upload
Bludit v3.14.1 is vulnerable to Stored Cross Site Scripting (XSS) via SVG file on site logo. NOTE: the product's security model is that users are trusted by the administrator to insert arbitrary content (users cannot create their own accounts through self-registration).
by Rahad Chowdhury
CVSS 5.4
CVE-2023-25439 EXPLOITDB MEDIUM text
FusionInvoice 2023-1.0 - Stored Cross-Site Scripting via Description or Content Fields
Stored Cross Site Scripting (XSS) vulnerability in Square Pig FusionInvoice 2023-1.0, allows attackers to execute arbitrary code via the description or content fields to the expenses, tasks, and customer details.
by Andrea Intilangelo
CVSS 6.1
CVE-2023-31874 EXPLOITDB HIGH text
Yank Note 3.52.1 - Arbitrary Code Execution via Crafted File
Yank Note (YN) 3.52.1 allows execution of arbitrary code when a crafted file is opened, e.g., via nodeRequire('child_process').
by 8bitsec
CVSS 8.8
CVE-2023-31873 EXPLOITDB HIGH text
Gin Markdown Editor 0.7.4 - Code Execution via Crafted File
Gin 0.7.4 allows execution of arbitrary code when a crafted file is opened, e.g., via require('child_process').
by 8bitsec
CVSS 7.8
CVE-2023-1934 EXPLOITDB CRITICAL text
PnPSCADA - Unauthenticated SQL Injection via hitlogcsv.jsp Endpoint
The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers to engage with the underlying database seamlessly and passively. Consequently, malicious actors could gain access to vital information, such as Industrial Control System (ICS) and OT data, alongside other sensitive records like SMS and SMS Logs. The unauthorized database access exposes compromised systems to potential manipulation or breach of essential infrastructure data, highlighting the severity of this vulnerability.
by Momen Eldawakhly
CVSS 9.8
CVE-2023-27823 EXPLOITDB CRITICAL text
Optoma 1080PSTX C02 - Unauthenticated Authentication Bypass
An authentication bypass in Optoma 1080PSTX C02 allows an attacker to access the administration console without valid credentials.
by Anthony Cole
CVSS 9.8
CVE-2023-53939 EXPLOITDB MEDIUM text
TinyWebGallery 2.5 - Authenticated Stored Cross-Site Scripting via Folder Name Parameter
TinyWebGallery v2.5 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the folder name parameter. Attackers can edit album folder names with script tags to execute arbitrary JavaScript when other users view the affected gallery pages.
by Mirabbas Ağalarov
CVSS 5.4
CVE-2023-53938 EXPLOITDB MEDIUM text
RockMongo 1.1.7 - Stored Cross-Site Scripting via Database, Collection, and Login Parameters
RockMongo 1.1.7 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts through multiple unencoded input parameters. Attackers can exploit the vulnerability by submitting crafted payloads in database, collection, and login parameters to execute arbitrary JavaScript in victim's browser.
by Rafael Pedrero
CVSS 5.4
CVE-2023-7326 EXPLOITDB HIGH text
Epson Stylus SX510W < 2023-05-13 - Denial of Service via Malformed Query Parameters
The Epson Stylus SX510W embedded web management service fails to properly handle consecutive ampersand characters in query parameters when accessing /PRESENTATION/HTML/TOP/INDEX.HTML. A remote attacker can send a malformed request that triggers improper input parsing or memory handling, resulting in the printer process shutting down or powering off, causing a denial of service condition.
by Rafael Pedrero
CVE-2023-6425 EXPLOITDB MEDIUM text VERIFIED
BigProf Online Clinic Management System 2.2 - XSS
A vulnerability has been discovered in BigProf Online Clinic Management System 2.2, which does not sufficiently encode user-controlled input, resulting in persistent XSS through /clinic/medical_records_view.php, in the FirstRecord parameter. Exploitation of this vulnerability could allow an attacking user to store dangerous JavaScript payloads on the system that will be triggered when the page loads.
by Rafael Pedrero
CVSS 6.3
EIP-2026-108099 EXPLOITDB text
Job Portal 1.0 - File Upload Restriction Bypass
by Rafael Pedrero
CVE-2023-53944 EXPLOITDB MEDIUM text
EasyPHP Webserver 14.1 - Path Traversal
EasyPHP Webserver 14.1 contains a path traversal vulnerability that allows remote users with low privileges to access files outside the document root by bypassing SecurityManager restrictions. Attackers can send GET requests with encoded directory traversal sequences like /..%5c..%5c to read system files such as /windows/win.ini.
by Rafael Pedrero
CVSS 6.5
CVE-2023-53941 EXPLOITDB CRITICAL text
EasyPHP Webserver 14.1 - Command Injection
EasyPHP Webserver 14.1 contains an OS command injection vulnerability that allows unauthenticated attackers to execute arbitrary system commands by injecting malicious payloads through the app_service_control parameter. Attackers can send POST requests to /index.php?zone=settings with crafted app_service_control values to execute commands with administrative privileges.
by Rafael Pedrero
CVSS 9.8
By Source
All 31,386 Writeup 62,021 Exploitdb 50,076 Nomisec 22,329 Github 3,511 Metasploit 3,295 Vulncheck_xdb 926 Inthewild 514 Gitlab 470 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,510 ruby 5,985 c 3,622 perl 2,849 html 2,072 php 1,332 bash 462 java 370 c++ 257 javascript 228 shell 130 go 72 postscript 25 typescript 25