Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-0997 EXPLOITDB text
ISC DHCP 3.0.x-4.2.x - Remote Code Execution via DHCP Hostname Shell Metacharacters
dhclient in ISC DHCP 3.0.x through 4.2.x before 4.2.1-P1, 3.1-ESV before 3.1-ESV-R1, and 4.1-ESV before 4.1-ESV-R2 allows remote attackers to execute arbitrary commands via shell metacharacters in a hostname obtained from a DHCP message, as demonstrated by a hostname that is provided to dhclient-script.
by Pierre Kim
EIP-2026-113690 EXPLOITDB text
WordPress Plugin Download Manager Free 2.7.94 & Pro 4 - (Authenticated) Persistent Cross-Site Scripting
by Filippos Mastrogiannis
EIP-2026-101509 EXPLOITDB text
8 TOTOLINK Router Models - Backdoor Access / Remote Code Execution
by Pierre Kim
EIP-2026-101508 EXPLOITDB text
4 TOTOLINK Router Models - Cross-Site Request Forgery / Cross-Site Scripting
by Pierre Kim
EIP-2026-101507 EXPLOITDB text
4 TOTOLINK Router Models - Backdoor Credentials
by Pierre Kim
CVE-2015-2863 EXPLOITDB text
Kaseya Virtual System Administrator 7.x < 7.0.0.29, 8.x < 8.0.0.18, 9.0 < 9.0.0.14, 9.1 < 9.1.0.4 - Open Redirect
Open redirect vulnerability in Kaseya Virtual System Administrator (VSA) 7.x before 7.0.0.29, 8.x before 8.0.0.18, 9.0 before 9.0.0.14, and 9.1 before 9.1.0.4 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
by Pedro Ribeiro
EIP-2026-108333 EXPLOITDB text
Joomla! Component com_docman - Multiple Vulnerabilities
by Hugo Santiago
CVE-2015-4425 EXPLOITDB text
pimcore < build 3473 - Authenticated Path Traversal and Arbitrary File Write via Admin Asset Compatibility Endpoint
Directory traversal vulnerability in pimcore before build 3473 allows remote authenticated users with the "assets" permission to create or write to arbitrary files via a .. (dot dot) in the dir parameter to admin/asset/add-asset-compatibility.
by Portcullis
CVE-2015-6516 EXPLOITDB text
sysPass < 1.0.9 - Authenticated SQL Injection via Search Parameter
SQL injection vulnerability in cygnux.org sysPass 1.0.9 and earlier allows remote authenticated users to execute arbitrary SQL commands via the search parameter to ajax/ajax_search.php.
by SySS GmbH
CVE-2005-2095 EXPLOITDB text
SquirrelMail <= 1.4.4 - Remote Code Execution via Extract Function
options_identities.php in SquirrelMail 1.4.4 and earlier uses the extract function to process the $_POST variable, which allows remote attackers to modify or read the preferences of other users, conduct cross-site scripting XSS) attacks, and write arbitrary files.
by GulfTech Security
CVE-2015-5529 EXPLOITDB text
Free Reprintables ArticleFR 3.0.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to dashboard/settings/categories/, (2) title or (3) rel parameter to dashboard/settings/links/, or (4) url parameter to dashboard/tools/pingservers/.
by LiquidWorm
CVE-2014-8676 EXPLOITDB MEDIUM text
soplanning < 1.32 - Path Traversal via URL Path Parameter
Directory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.
by Huy-Ngoc DAU
CVSS 5.3
CVE-2014-8675 EXPLOITDB HIGH text
soplanning < 1.32 - Exposure of Sensitive Information via ICAL Calendar Link
Soplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner's password via a brute-force attack on the embedded password hash.
by Huy-Ngoc DAU
CVSS 7.5
CVE-2014-8674 EXPLOITDB MEDIUM text
soplanning < 1.33 - Cross-Site Scripting via nb_mois, mb_ligness, and export.php Debug Parameter
Multiple Cross-Site Scripting (XSS) vulnerabilities exist in Simple Online Planning (SOPlanning) before 1.33 via the document.cookie in nb_mois and mb_ligness and the debug GET parameter to export.php, which allows malicious users to execute arbitrary code.
by Huy-Ngoc DAU
CVSS 5.4
CVE-2014-8673 EXPLOITDB CRITICAL text
SOPPlanning <1.33 - SQL Injection
Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33.
by Huy-Ngoc DAU
CVSS 9.8
CVE-2015-5595 EXPLOITDB MEDIUM text
zenphoto < 1.4.9 - Cross-Site Request Forgery in admin.php
Cross-site request forgery (CSRF) vulnerability in admin.php in Zenphoto before 1.4.9 allows remote attackers to hijack the authentication of admin users for requests that may cause a denial of service (resource consumption).
by Tim Coen
CVSS 6.5
CVE-2015-5471 EXPLOITDB MEDIUM text VERIFIED
Swim Team plugin <1.44.10777 - Path Traversal
Absolute path traversal vulnerability in include/user/download.php in the Swim Team plugin 1.44.10777 for WordPress allows remote attackers to read arbitrary files via a full pathname in the file parameter.
by Larry W. Cashdollar
CVSS 5.3
EIP-2026-113665 EXPLOITDB text
WordPress Plugin CP Contact Form with Paypal 1.1.5 - Multiple Vulnerabilities
by Nitin Venkatesh
CVE-2014-8677 EXPLOITDB MEDIUM text
soplanning < 1.32 - Authenticated Remote Code Execution via Crafted Database Name
The installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP before 5.2 is being used, the configuration database is down, and smarty/templates_c is not writable to execute arbitrary php code via a crafted database name.
by Huy-Ngoc DAU
CVSS 5.3
EIP-2026-111229 EXPLOITDB text
phpVibe - Arbitrary File Disclosure
by ali ahmady
EIP-2026-111211 EXPLOITDB text
phpSQLiteCMS - Multiple Vulnerabilities
by hyp3rlinx
CVE-2015-5530 EXPLOITDB text
Free Reprintables ArticleFR 3.0.6 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Free Reprintables ArticleFR 3.0.6 allow remote attackers to hijack the authentication of administrators for requests that add an administrator account via a request to dashboard/users/create/.
by LiquidWorm
CVE-2015-6519 EXPLOITDB text
Arab Portal 3 - SQL Injection via showemail Parameter
SQL injection vulnerability in Arab Portal 3 allows remote attackers to execute arbitrary SQL commands via the showemail parameter in a signup action to members.php.
by ali ahmady
EIP-2026-115952 EXPLOITDB text VERIFIED
Notepad++ 6.7.3 - Crash (PoC)
by Rahul Pratap Singh
EIP-2026-113667 EXPLOITDB text VERIFIED
WordPress Plugin CP Multi View Event Calendar 1.1.7 - SQL Injection
by i0akiN SEC-LABORATORY