Text Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-112779 EXPLOITDB text
Traidnt Up 3.0 - SQL Injection
by Ali Trixx
CVE-2015-3306 EXPLOITDB text VERIFIED
ProFTPD 1.3.5 - RCE
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
by anonymous
EIP-2026-114190 EXPLOITDB text
WordPress Plugin Windows Desktop and iPhone Photo Uploader - Arbitrary File Upload
by Manish Tanwar
EIP-2026-114123 EXPLOITDB text
WordPress Plugin Traffic Analyzer 3.4.2 - Blind SQL Injection
by Dan King
CVE-2014-9311 EXPLOITDB text
Shareaholic <7.6.1.0 - XSS
Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[id] parameter in a shareaholic_add_location action to wp-admin/admin-ajax.php.
by Kacper Szurek
EIP-2026-113557 EXPLOITDB text
WordPress Plugin All In One WP Security & Firewall 3.9.0 - SQL Injection
by Claudio Viviani
EIP-2026-105380 EXPLOITDB text
Balero CMS 0.7.2 - Multiple Blind SQL Injections
by LiquidWorm
CVE-2015-0779 EXPLOITDB text VERIFIED
Novell Zenworks Configuration Management - Path Traversal
Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324.
by Pedro Ribeiro
EIP-2026-114200 EXPLOITDB text
WordPress Plugin Work The Flow File Upload 2.5.2 - Arbitrary File Upload
by Claudio Viviani
EIP-2026-112840 EXPLOITDB text
u-Auctions - Multiple Vulnerabilities
by *Don*
CVE-2014-5288 EXPLOITDB HIGH text
Kemptechnologies Load Master < 7.1.20b - CSRF
A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages.
by Roberto Suggi Liverani
CVSS 8.8
CVE-2014-5287 EXPLOITDB HIGH text
Kemptechnologies Loadmaster < 7.1-16 - Injection
A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI).
by Roberto Suggi Liverani
CVSS 8.8
EIP-2026-114214 EXPLOITDB text VERIFIED
WordPress Plugin WP Easy Slideshow 1.0.3 - Multiple Vulnerabilities
by Divya
EIP-2026-114176 EXPLOITDB text
WordPress Plugin VideoWhisper Video Presentation 3.31.17 - Arbitrary File Upload
by Larry W. Cashdollar
EIP-2026-114173 EXPLOITDB text
WordPress Plugin VideoWhisper Video Conference Integration 4.91.8 - Arbitrary File Upload
by Larry W. Cashdollar
EIP-2026-114168 EXPLOITDB text
WordPress Plugin Video Gallery 2.8 - Multiple Cross-Site Request Forgery Vulnerabilities
by Divya
CVE-2015-2825 EXPLOITDB text
Simple Ads Manager < 2.5.94 - Unrestricted File Upload
Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before 2.5.96 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the path parameter.
by ITAS Team
CVE-2015-2824 EXPLOITDB text VERIFIED
Simple Ads Manager - SQL Injection
Multiple SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits action to sam-ajax.php; the (2) cstr parameter in a load_posts action to sam-ajax-admin.php; the (3) searchTerm parameter in a load_combo_data action to sam-ajax-admin.php; or the (4) subscriber, (5) contributor, (6) author, (7) editor, (8) admin, or (9) sadmin parameter in a load_users action to sam-ajax-admin.php.
by ITAS Team
CVE-2015-2826 EXPLOITDB MEDIUM text
Simple Ads Manager - Information Disclosure
WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information.
by ITAS Team
CVSS 5.3
EIP-2026-113615 EXPLOITDB text VERIFIED
WordPress Plugin Business Intelligence - SQL Injection (Metasploit)
by Jagriti Sahu
EIP-2026-113614 EXPLOITDB text VERIFIED
WordPress Plugin Business Intelligence - SQL Injection (Metasploit)
by Jagriti Sahu
EIP-2026-113613 EXPLOITDB text VERIFIED
WordPress Plugin Business Intelligence - SQL Injection (Metasploit)
by Jagriti Sahu
EIP-2026-111201 EXPLOITDB text
phpSFP Schedule Facebook Posts 1.5.6 - SQL Injection
by @u0x
EIP-2026-109640 EXPLOITDB text
Multiple WordPress UpThemes Themes - Arbitrary File Upload
by Divya
EIP-2026-108507 EXPLOITDB text VERIFIED
Joomla! Component com_rand - SQL Injection
by Jagriti Sahu
By Source
All 31,337 Writeup 59,964 Exploitdb 49,996 Nomisec 21,591 Metasploit 3,218 Github 2,553 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,933 ruby 5,907 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 53 postscript 25 xml 24