Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-116529 EXPLOITDB text VERIFIED
WebDrive 12.2 (B4172) - Buffer Overflow (PoC)
by Vulnerability-Lab
EIP-2026-113058 EXPLOITDB text VERIFIED
VFront 0.99.2 - Cross-Site Request Forgery / Persistent Cross-Site Scripting
by hyp3rlinx
EIP-2026-113862 EXPLOITDB text VERIFIED
WordPress Plugin LeagueManager 3.9.11 - SQL Injection
by javabudd
EIP-2026-102893 EXPLOITDB text
Linux Kernel (PonyOS 3.0) - ELF Loader Local Privilege Escalation
by Hacker Fantastic
CVE-2015-1389 EXPLOITDB text
Aruba Networks ClearPass Policy Manager <6.4.5 - XSS
Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass Policy Manager (CPPM) before 6.4.5 allows remote attackers to inject arbitrary web script or HTML via the username parameter to tips/tipsLoginSubmit.action.
by Cristiano Maruti
EIP-2026-112574 EXPLOITDB text
TCPDF Library 5.9 - Arbitrary File Deletion
by Filippo Roncari
EIP-2026-102490 EXPLOITDB text
JSPMyAdmin 1.1 - Multiple Vulnerabilities
by hyp3rlinx
CVE-2005-1806 EXPLOITDB text
PeerCast < 0.1211 - Remote Code Execution via Format String in URL
Format string vulnerability in PeerCast 0.1211 and earlier allows remote attackers to execute arbitrary code via format strings in the URL.
by GulfTech Security
CVE-2015-4084 EXPLOITDB text
Free Counter 1.1 - Cross-Site Scripting via value_ Parameter
Cross-site scripting (XSS) vulnerability in the Free Counter plugin 1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the value_ parameter in a check_stat action to wp-admin/admin-ajax.php.
by Panagiotis Vagenas
CVE-2014-8391 EXPLOITDB text VERIFIED
Sendio < 7.2.3 - Authenticated Session Information Exposure
The Web interface in Sendio before 7.2.4 does not properly handle sessions, which allows remote authenticated users to obtain sensitive information from other users' sessions via a large number of requests.
by Core Security
CVE-2015-4064 EXPLOITDB text VERIFIED
Landing Pages < 1.8.4 - Authenticated SQL Injection via post Parameter
SQL injection vulnerability in modules/module.ab-testing.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the post parameter in an edit delete-variation action to wp-admin/post.php.
by Adrián M. F.
CVE-2015-4062 EXPLOITDB text VERIFIED
NewStatPress < 0.9.8 - Authenticated SQL Injection via where1 Parameter
SQL injection vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the where1 parameter in the nsp_search page to wp-admin/admin.php.
by Adrián M. F.
EIP-2026-114849 EXPLOITDB text VERIFIED
Acoustica Pianissimo 1.0 Build 12 - 'Registration ID' Buffer Overflow (PoC)
by LiquidWorm
EIP-2026-114167 EXPLOITDB text VERIFIED
WordPress Plugin Video Gallery 2.8 - Arbitrary Mail Relay
by Claudio Viviani
EIP-2026-114054 EXPLOITDB text VERIFIED
WordPress Plugin Simple Photo Gallery 1.7.8 - Blind SQL Injection
by woodspeed
CVE-2015-4063 EXPLOITDB text VERIFIED
NewStatPress < 0.9.8 - Authenticated Cross-Site Scripting via where1 Parameter
Cross-site scripting (XSS) vulnerability in includes/nsp_search.php in the NewStatPress plugin before 0.9.9 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the where1 parameter in the nsp_search page to wp-admin/admin.php.
by Adrián M. F.
EIP-2026-113878 EXPLOITDB text
WordPress Plugin MailChimp Subscribe Forms 1.1 - Remote Code Execution
by woodspeed
CVE-2015-4065 EXPLOITDB text VERIFIED
Landing Pages < 1.8.4 - Authenticated Cross-Site Scripting via Post Parameter
Cross-site scripting (XSS) vulnerability in shared/shortcodes/inbound-shortcodes.php in the Landing Pages plugin before 1.8.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the post parameter to wp-admin/post-new.php.
by Adrián M. F.
CVE-2015-4066 EXPLOITDB text VERIFIED
GigPress < 2.3.8 - Authenticated SQL Injection via show_artist_id or show_venue_id Parameter
Multiple SQL injection vulnerabilities in admin/handlers.php in the GigPress plugin before 2.3.9 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) show_artist_id or (2) show_venue_id parameter in an add action in the gigpress.php page to wp-admin/admin.php.
by Adrián M. F.
CVE-2015-4127 EXPLOITDB text
Church Admin < 0.800 - Cross-Site Scripting via Address Parameter
Cross-site scripting (XSS) vulnerability in the church_admin plugin before 0.810 for WordPress allows remote attackers to inject arbitrary web script or HTML via the address parameter, as demonstrated by a request to index.php/2015/05/21/church_admin-registration-form/.
by woodspeed
EIP-2026-104626 EXPLOITDB text
ClickHeat 1.13+ - Remote Command Execution
by Calum Hutton
CVE-2014-0999 EXPLOITDB text VERIFIED
Sendio < 7.2.3 - Session Identifier Exposure via Referrer HTTP Header
Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Referrer HTTP header.
by Core Security
CVE-2015-0060 EXPLOITDB text
Windows - Denial of Service via Font Mapper in win32k.sys
The font mapper in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not properly scale fonts, which allows local users to cause a denial of service (system hang) via a crafted application, aka "Windows Font Driver Denial of Service Vulnerability."
by Sky lake
CVE-2015-3202 EXPLOITDB text VERIFIED
FUSE <2.9.3-15 - Local Privilege Escalation
fusermount in FUSE before 2.9.3-15 does not properly clear the environment before invoking (1) mount or (2) umount as root, which allows local users to write to arbitrary files via a crafted LIBMOUNT_MTAB environment variable that is used by mount's debugging feature.
by Tavis Ormandy
CVE-2015-3325 EXPLOITDB text
WP Symposium < 15.2 - SQL Injection via Forum Show Parameter
SQL injection vulnerability in forum.php in the WP Symposium plugin before 15.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the show parameter in the QUERY_STRING to the default URI.
by Hannes Trunde