Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-113529 EXPLOITDB text VERIFIED
WordPress Plugin Ad Inserter 1.5.2 - Cross-Site Request Forgery
by Kaustubh G. Padwad
CVE-2015-3140 EXPLOITDB HIGH text
Synametrics SynaMan Syncrify SynTail - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567
by Marlow Tannhauser
CVSS 8.8
CVE-2015-3140 EXPLOITDB HIGH text
Synametrics SynaMan Syncrify SynTail - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567
by Marlow Tannhauser
CVSS 8.8
CVE-2015-3140 EXPLOITDB HIGH text
Synametrics SynaMan Syncrify SynTail - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Synametrics Technologies SynaMan before 3.5 Build 1451, Syncrify before 3.7 Build 856, and SynTail before 1.5 Build 567
by Marlow Tannhauser
CVSS 8.8
EIP-2026-103259 EXPLOITDB text VERIFIED
Alienvault OSSIM/USM 4.14/4.15/5.0 - Multiple Vulnerabilities
by Peter Lapp
CVE-2015-9496 EXPLOITDB HIGH text
freshmail-newsletter < 1.6 - SQL Injection via FM_form Shortcode
The freshmail-newsletter plugin before 1.6 for WordPress has shortcode.php SQL Injection via the 'FM_form id=' substring.
by Felipe Molina
CVSS 8.8
CVE-2014-0910 EXPLOITDB text
IBM WebSphere Portal 6.1.0.0-6.1.0.6 CF27, 6.1.5.0-6.1.5.3 CF27, 7.0.0-7.0.0.2 CF28 - Authenticated Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.0 through 6.1.0.6 CF27, 6.1.5.0 through 6.1.5.3 CF27, and 7.0.0 through 7.0.0.2 CF28 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
by Filippo Roncari
EIP-2026-104497 EXPLOITDB text
WordPress Plugin Freshmail 1.5.8 - SQL Injection
by Felipe Molina
EIP-2026-102215 EXPLOITDB text
Album Streamer 2.0 iOS - Directory Traversal
by Vulnerability-Lab
CVE-2015-2248 EXPLOITDB text
SonicWALL Remote Access Firmware < 7.5.1.0-38sv - Cross-Site Request Forgery via Bookmark Creation
Cross-site request forgery (CSRF) vulnerability in the user portal in Dell SonicWALL Secure Remote Access (SRA) products with firmware before 7.5.1.0-38sv and 8.x before 8.0.0.1-16sv allows remote attackers to hijack the authentication of users for requests that create bookmarks via a crafted request to cgi-bin/editBookmark.
by Veit Hailperin
EIP-2026-102306 EXPLOITDB text
vPhoto-Album 4.2 iOS - Local File Inclusion
by Vulnerability-Lab
EIP-2026-102269 EXPLOITDB text
PDF Converter & Editor 2.1 iOS - Local File Inclusion
by Vulnerability-Lab
CVE-2005-1597 EXPLOITDB text
Invision Power Board <= 2.0.3 - Cross-Site Scripting via Highlite Parameter
Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter.
by GulfTech Security
EIP-2026-114142 EXPLOITDB text
WordPress Plugin Ultimate Product Catalogue 3.1.2 - Multiple Persistent Cross-Site Scripting / Cross-Site Request Forgery / Arbitrary File Upload Vulnerabilities
by Felipe Molina
CVE-2015-0252 EXPLOITDB text
Debian Linux < 3.1.1 - Improper Input Validation
internal/XMLReader.cpp in Apache Xerces-C before 3.1.2 allows remote attackers to cause a denial of service (segmentation fault and crash) via crafted XML data.
by beford
EIP-2026-102283 EXPLOITDB text
PhotoWebsite 3.1 iOS - Local File Inclusion
by Vulnerability-Lab
EIP-2026-102161 EXPLOITDB text
Grindr 2.1.1 iOS - Denial of Service
by Vulnerability-Lab
EIP-2026-103679 EXPLOITDB text
TestDisk 6.14 - 'Check_OS2MB' Stack Buffer Overflow (PoC)
by Security-Assessment.com
CVE-2015-3986 EXPLOITDB text
TheCartPress eCommerce Shopping Cart < 1.3.9 - Cross-Site Request Forgery via tcp_box_path Parameter
Cross-site request forgery (CSRF) vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to hijack the authentication of administrators for requests that conduct directory traversal attacks via the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php.
by High-Tech Bridge SA
CVE-2015-3301 EXPLOITDB text
TheCartPress <1.3.9.3 - Path Traversal
Directory traversal vulnerability in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote administrators to read arbitrary files via a .. (dot dot) in the tcp_box_path parameter in the checkout_editor_settings page to wp-admin/admin.php.
by High-Tech Bridge SA
CVE-2015-3300 EXPLOITDB text
TheCartPress eCommerce Shopping Cart < 1.3.9 - Cross-Site Scripting via Multiple Input Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allow remote attackers to inject arbitrary web script or HTML via the (1) billing_firstname, (2) billing_lastname, (3) billing_company, (4) billing_tax_id_number, (5) billing_city, (6) billing_street, (7) billing_street_2, (8) billing_postcode, (9) billing_telephone_1, (10) billing_telephone_2, (11) billing_fax, (12) shipping_firstname, (13) shipping_lastname, (14) shipping_company, (15) shipping_tax_id_number, (16) shipping_city, (17) shipping_street, (18) shipping_street_2, (19) shipping_postcode, (20) shipping_telephone_1, (21) shipping_telephone_2, or (22) shipping_fax parameter to shopping-cart/checkout/; the (23) search_by parameter in the admin/AddressesList.php page to wp-admin/admin.php; the (24) address_id, (25) address_name, (26) firstname, (27) lastname, (28) street, (29) city, (30) postcode, or (31) email parameter in the admin/AddressEdit.php page to wp-admin/admin.php; the (32) post_id or (33) rel_type parameter in the admin/AssignedCategoriesList.php page to wp-admin/admin.php; or the (34) post_type parameter in the admin/CustomFieldsList.php page to wp-admin/admin.php.
by High-Tech Bridge SA
EIP-2026-119453 EXPLOITDB text
Wing FTP Server Admin 4.4.5 - Multiple Vulnerabilities
by hyp3rlinx
CVE-2015-3632 EXPLOITDB text
Foxit Reader, Enterprise Reader, and PhantomPDF < 7.1.5 - Denial of Service via Crafted GIF in PDF
Foxit Reader, Enterprise Reader, and PhantomPDF before 7.1.5 allow remote attackers to cause a denial of service (memory corruption and crash) via a crafted GIF in a PDF file.
by Francis Provencher
CVE-2015-3302 EXPLOITDB HIGH text
TheCartPress <1.3.9.3 - Info Disclosure
The TheCartPress eCommerce Shopping Cart (aka The Professional WordPress eCommerce Plugin) plugin for WordPress before 1.3.9.3 allows remote attackers to obtain sensitive order detail information by leveraging a "broken authentication mechanism."
by High-Tech Bridge SA
CVSS 7.5
EIP-2026-110348 EXPLOITDB text
OS Solution OSProperty 2.8.0 - SQL Injection
by Brandon Perry