Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-43939 EXPLOITDB HIGH text
Hitachi Vantara Pentaho <9.4.0.1-9.3.0.2 - SSRF
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x contain security restrictions using non-canonical URLs which can be circumvented.
by dwbzn
CVSS 8.6
CVE-2023-26692 EXPLOITDB MEDIUM text
ZCBS/ZBBS/ZPBS 4.14k - Cross-Site Scripting
ZCBS Zijper Collectie Beheer Systeem (ZCBS), Zijper Publication Management System (ZPBS), and Zijper Image Bank Management System (ZBBS) 4.14k is vulnerable to Cross Site Scripting (XSS).
by Abdulaziz Saad
CVSS 6.1
CVE-2022-30076 EXPLOITDB MEDIUM text
ENTAB ERP 1.0 - Information Disclosure via Brute Force Attack
ENTAB ERP 1.0 allows attackers to discover users' full names via a brute force attack with a series of student usernames such as s10000 through s20000. There is no rate limiting.
by Deb Prasad Banerjee
CVSS 5.3
CVE-2023-27010 EXPLOITDB HIGH text
Wondershare Dr.Fone <12.9.6 - Privilege Escalation
Wondershare Dr.Fone v12.9.6 was discovered to contain weak permissions for the service WsDrvInst. This vulnerability allows attackers to escalate privileges via modifying or overwriting the executable.
by Thurein Soe
CVSS 7.8
EIP-2026-111818 EXPLOITDB text
Rukovoditel 3.3.1 - Remote Code Execution (RCE)
by Mirabbas Ağalarov
CVE-2021-27825 EXPLOITDB HIGH text
Mercury MAC1200R Firmware - Unauthenticated Path Traversal via web-static/ URL
A directory traversal vulnerability on Mercury MAC1200R devices allows attackers to read arbitrary files via a web-static/ URL.
by Chunlei Shang_ Jiangsu Public Information Co._ Ltd.
CVSS 7.5
EIP-2026-101435 EXPLOITDB text
Schneider Electric v1.0 - Directory traversal & Broken Authentication
by Parsa Rezaie Khiabanloo
EIP-2026-101284 EXPLOITDB text
Franklin Fueling Systems TS-550 - Exploit and Default Password
by Parsa Rezaie Khiabanloo
EIP-2026-100563 EXPLOITDB text
Snitz Forum v1.0 - Blind SQL Injection
by Emiliano Febbi
CVE-2023-53959 EXPLOITDB CRITICAL text
FileZilla Client 3.63.1 - Code Injection
FileZilla Client 3.63.1 contains a DLL hijacking vulnerability that allows attackers to execute malicious code by placing a crafted TextShaping.dll in the application directory. Attackers can generate a reverse shell payload using msfvenom and replace the missing DLL to achieve remote code execution when the application launches.
by Bilal Qureshi
CVSS 9.8
CVE-2023-53958 EXPLOITDB HIGH text
LDAP Tool Box Self Service Password 1.5.2 - SSRF
LDAP Tool Box Self Service Password 1.5.2 contains a password reset vulnerability that allows attackers to manipulate HTTP Host headers during token generation. Attackers can craft malicious password reset requests that generate tokens sent to a controlled server, enabling potential account takeover by intercepting and using stolen reset tokens.
by Tahar BENNACEF
CVSS 7.5
CVE-2023-53957 EXPLOITDB CRITICAL text
Kimai 1.30.10 - Sensitive Cookie with Improper SameSite Attribute
Kimai 1.30.10 contains a SameSite cookie vulnerability that allows attackers to steal user session cookies through malicious exploitation. Attackers can trick victims into executing a crafted PHP script that captures and writes session cookie information to a file, enabling potential session hijacking.
by nu11secur1ty
CVSS 9.8
CVE-2023-53956 EXPLOITDB HIGH text
Flatnux 2021-03.25 - Authenticated Remote Code Execution via File Manager PHP Upload
Flatnux 2021-03.25 contains an authenticated file upload vulnerability that allows administrative users to upload arbitrary PHP files through the file manager. Attackers with admin credentials can upload malicious PHP scripts to the web root directory, enabling remote code execution on the server.
by Ömer Hasan Durmuş
CVSS 8.8
CVE-2023-22629 EXPLOITDB HIGH text
Titan FTP Server < 1.94.1205 - Authenticated Path Traversal via Move-File Function
An issue was discovered in TitanFTP through 1.94.1205. The move-file function has a path traversal vulnerability in the newPath parameter. An authenticated attacker can upload any file and then move it anywhere on the server's filesystem.
by Andreas Finstad
CVSS 8.8
CVE-2022-40032 EXPLOITDB CRITICAL text VERIFIED
Simple Task Managing System 1.0 - SQL Injection via login.php Username and Password Parameters
SQL Injection vulnerability in Simple Task Managing System version 1.0 in login.php in 'username' and 'password' parameters, allows attackers to execute arbitrary code and gain sensitive information.
by Hamdi Sevben
CVSS 9.8
CVE-2023-0902 EXPLOITDB LOW text VERIFIED
Simple Food Ordering System 1.0 - Cross-Site Scripting in process_order.php
A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221451.
by Muhammad Navaid Zafar Ansari
CVSS 3.5
EIP-2026-111594 EXPLOITDB text VERIFIED
Purchase Order Management-1.0 - Local File Inclusion
by nu11secur1ty
CVE-2023-0961 EXPLOITDB MEDIUM text VERIFIED
Music Gallery Site 1.0 - SQL Injection via view_music_details.php id Parameter
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been classified as critical. This affects an unknown part of the file view_music_details.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221631.
by Muhammad Navaid Zafar Ansari
CVSS 6.3
CVE-2023-0962 EXPLOITDB MEDIUM text VERIFIED
Music Gallery Site 1.0 - SQL Injection via Master.php GET Request Handler
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been declared as critical. This vulnerability affects unknown code of the file Master.php of the component GET Request Handler. The manipulation of the argument id leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-221632.
by Muhammad Navaid Zafar Ansari
CVSS 6.3
CVE-2023-0938 EXPLOITDB MEDIUM text VERIFIED
SourceCodester Music Gallery Site 1.0 - SQL Injection via cid Parameter in music_list.php
A vulnerability classified as critical has been found in SourceCodester Music Gallery Site 1.0. This affects an unknown part of the file music_list.php of the component GET Request Handler. The manipulation of the argument cid leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221553 was assigned to this vulnerability.
by Muhammad Navaid Zafar Ansari
CVSS 6.3
CVE-2023-0963 EXPLOITDB HIGH text VERIFIED
SourceCodester Music Gallery Site 1.0 - Improper Access Control in Users.php POST Request Handler
A vulnerability was found in SourceCodester Music Gallery Site 1.0. It has been rated as critical. This issue affects some unknown processing of the file Users.php of the component POST Request Handler. The manipulation leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221633 was assigned to this vulnerability.
by Muhammad Navaid Zafar Ansari
CVSS 7.3
CVE-2022-40347 EXPLOITDB CRITICAL text VERIFIED
Intern Record System 1.0 - SQL Injection via Phone/Email/DeptType/Name Parameters
SQL Injection vulnerability in Intern Record System version 1.0 in /intern/controller.php in 'phone', 'email', 'deptType' and 'name' parameters, allows attackers to execute arbitrary code and gain sensitive information.
by Hamdi Sevben
CVSS 9.8
CVE-2023-0902 EXPLOITDB LOW text VERIFIED
Simple Food Ordering System 1.0 - Cross-Site Scripting in process_order.php
A vulnerability was found in SourceCodester Simple Food Ordering System 1.0. It has been classified as problematic. This affects an unknown part of the file process_order.php. The manipulation of the argument order leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-221451.
by Muhammad Navaid Zafar Ansari
CVSS 3.5
CVE-2023-0904 EXPLOITDB MEDIUM text VERIFIED
SourceCodester Employee Task Management System 1.0 - SQL Injection via task_id Parameter
A vulnerability was found in SourceCodester Employee Task Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file task-details.php. The manipulation of the argument task_id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-221453 was assigned to this vulnerability.
by Muhammad Navaid Zafar Ansari
CVSS 6.3
CVE-2023-0905 EXPLOITDB HIGH text VERIFIED
SourceCodester Employee Task Management System 1.0 - Improper Authentication via changePasswordForEmployee.php
A vulnerability classified as critical has been found in SourceCodester Employee Task Management System 1.0. Affected is an unknown function of the file changePasswordForEmployee.php. The manipulation leads to improper authentication. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-221454 is the identifier assigned to this vulnerability.
by Muhammad Navaid Zafar Ansari
CVSS 7.3
By Source
All 31,386 Writeup 62,021 Exploitdb 50,076 Nomisec 22,334 Github 3,511 Metasploit 3,299 Vulncheck_xdb 926 Inthewild 514 Gitlab 470 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,510 ruby 5,989 c 3,622 perl 2,849 html 2,072 php 1,332 bash 462 java 370 c++ 257 javascript 228 shell 130 go 72 postscript 25 typescript 25