Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-4039 EXPLOITDB MEDIUM text
WP Membership 1.2.3 - Authenticated Cross-Site Scripting via Profile Fields or New Post Content
Multiple cross-site scripting (XSS) vulnerabilities in the WP Membership plugin 1.2.3 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via unspecified (1) profile fields or (2) new post content. NOTE: CVE-2015-4038 can be used to bypass the administrator confirmation step for vector 2.
by Panagiotis Vagenas
CVSS 5.4
EIP-2026-107192 EXPLOITDB text
Forma LMS 1.3 - Multiple SQL Injections
by Filippo Roncari
CVE-2014-7872 EXPLOITDB text
Comodo GeekBuddy < 4.18.120 - Unauthenticated Privilege Escalation via VNC Server
Comodo GeekBuddy before 4.18.121 does not restrict access to the VNC server, which allows local users to gain privileges by connecting to the server.
by Jeremy Brown
CVE-2015-4018 EXPLOITDB text VERIFIED
FeedWordPress < 2015.0514 - Authenticated SQL Injection via link_ids[] Parameter
SQL injection vulnerability in feedwordpresssyndicationpage.class.php in the FeedWordPress plugin before 2015.0514 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the link_ids[] parameter in an Update action in the syndication.php page to wp-admin/admin.php.
by Adrián M. F.
CVE-2015-1701 EXPLOITDB HIGH text VERIFIED
Microsoft Win32k - Privilege Escalation
Win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 allows local users to gain privileges via a crafted application, as exploited in the wild in April 2015, aka "Win32k Elevation of Privilege Vulnerability."
by hfiref0x
CVSS 7.8
EIP-2026-107191 EXPLOITDB text
Forma LMS 1.3 - Multiple PHP Object Injection Vulnerabilities
by Filippo Roncari
EIP-2026-105838 EXPLOITDB text VERIFIED
Chronosite 5.12 - SQL Injection
by Wadeek
EIP-2026-104387 EXPLOITDB text
OYO File Manager 1.1 (iOS / Android) - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-102319 EXPLOITDB text
Wireless Photo Transfer 3.0 iOS - Local File Inclusion
by Vulnerability-Lab
CVE-2005-1642 EXPLOITDB text
Woltlab Burning Board 2.x and earlier - SQL Injection via Email Verification
SQL injection vulnerability in the verify_email function in Woltlab Burning Board 2.x and earlier allows remote attackers to execute arbitrary SQL commands via the $email variable.
by GulfTech Security
EIP-2026-113599 EXPLOITDB text
WordPress Plugin Booking Calendar Contact Form 1.0.2 - Multiple Vulnerabilities
by i0akiN SEC-LABORATORY
EIP-2026-111017 EXPLOITDB text VERIFIED
PHPCollab 2.5 - 'deletetopics.php' SQL Injection
by Wadeek
EIP-2026-113445 EXPLOITDB text
Wing FTP Server Admin 4.4.5 - Cross-Site Request Forgery (Add User)
by hyp3rlinx
EIP-2026-112402 EXPLOITDB text
SQLBuddy 1.3.3 - Directory Traversal
by hyp3rlinx
EIP-2026-111354 EXPLOITDB text VERIFIED
Pluck CMS 4.7 - Directory Traversal
by Wadeek
EIP-2026-106788 EXPLOITDB text
eFront 3.6.15 - PHP Object Injection
by Filippo Roncari
EIP-2026-106787 EXPLOITDB text
eFront 3.6.15 - Multiple SQL Injections
by Filippo Roncari
EIP-2026-106786 EXPLOITDB text
eFront 3.6.15 - Directory Traversal
by Filippo Roncari
EIP-2026-102136 EXPLOITDB text
ZTE F660 - Remote Configuration Download
by Daniel Cisa
EIP-2026-119392 EXPLOITDB text
Manage Engine Asset Explorer 6.1.0 Build: 6110 - Cross-Site Request Forgery
by Kaustubh G. Padwad
CVE-2015-3141 EXPLOITDB text
Synametrics Technologies Xeams <4.5 Build 5755 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies Xeams 4.5 Build 5755 and earlier allow remote attackers to hijack the authentication of administrators for requests that create an (1) SMTP domain or a (2) user via a request to /FrontController; or conduct cross-site scripting (XSS) attacks via the (3) domainname parameter to /FrontController, when creating a new SMTP domain configuration; the (4) txtRecipient parameter to /FrontController, when creating a new forwarder; the (5) popFetchServer, (6) popFetchUser, or (7) popFetchRecipient parameter to /FrontController, when creating a new POP3 Fetcher account; or the (8) Smtp HELO domain in the Advanced Server Configuration.
by Marlow Tannhauser
EIP-2026-114285 EXPLOITDB text
WordPress Plugin Yet Another Related Posts 4.2.4 - Cross-Site Request Forgery
by Evex
EIP-2026-114144 EXPLOITDB text
WordPress Plugin Ultimate Profile Builder 2.3.3 - Cross-Site Request Forgery
by Kaustubh G. Padwad
EIP-2026-113918 EXPLOITDB text VERIFIED
WordPress Plugin N-Media Website Contact Form with File Upload 1.5 - Local File Inclusion
by T3N38R15
EIP-2026-113630 EXPLOITDB text
WordPress Plugin ClickBank Ads 1.7 - Cross-Site Request Forgery
by Kaustubh G. Padwad