Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114169 EXPLOITDB text
WordPress Plugin Video Gallery 2.8 - SQL Injection
by Claudio Viviani
EIP-2026-113901 EXPLOITDB text
WordPress Plugin MiwoFTP 1.0.5 - Multiple Cross-Site Request Forgery / Cross-Site Scripting Vulnerabilities
by LiquidWorm
EIP-2026-113900 EXPLOITDB text
WordPress Plugin MiwoFTP 1.0.5 - Cross-Site Request Forgery / Arbitrary File Deletion
by LiquidWorm
EIP-2026-113899 EXPLOITDB text
WordPress Plugin MiwoFTP 1.0.5 - Cross-Site Request Forgery / Arbitrary File Creation / Remote Code Execution
by LiquidWorm
EIP-2026-114223 EXPLOITDB text VERIFIED
WordPress Plugin WP Mobile Edition 2.7 - Remote File Disclosure
by Khwanchai Kaewyos
EIP-2026-113916 EXPLOITDB text
WordPress Plugin N-Media Website Contact Form with File Upload 1.3.4 - Arbitrary File Upload (1)
by Claudio Viviani
EIP-2026-113695 EXPLOITDB text
WordPress Plugin Duplicator 0.5.14 - SQL Injection / Cross-Site Request Forgery
by Claudio Viviani
EIP-2026-112779 EXPLOITDB text
Traidnt Up 3.0 - SQL Injection
by Ali Trixx
CVE-2015-3306 EXPLOITDB text VERIFIED
ProFTPD 1.3.5 - Unauthenticated Arbitrary File Read and Write via mod_copy Site Commands
The mod_copy module in ProFTPD 1.3.5 allows remote attackers to read and write to arbitrary files via the site cpfr and site cpto commands.
by anonymous
EIP-2026-114190 EXPLOITDB text
WordPress Plugin Windows Desktop and iPhone Photo Uploader - Arbitrary File Upload
by Manish Tanwar
EIP-2026-114123 EXPLOITDB text
WordPress Plugin Traffic Analyzer 3.4.2 - Blind SQL Injection
by Dan King
CVE-2014-9311 EXPLOITDB text
Shareaholic < 7.6.0.9 - Authenticated Cross-Site Scripting via location[id] Parameter
Cross-site scripting (XSS) vulnerability in admin.php in the Shareaholic plugin before 7.6.1.0 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the location[id] parameter in a shareaholic_add_location action to wp-admin/admin-ajax.php.
by Kacper Szurek
EIP-2026-113557 EXPLOITDB text
WordPress Plugin All In One WP Security & Firewall 3.9.0 - SQL Injection
by Claudio Viviani
EIP-2026-105380 EXPLOITDB text
Balero CMS 0.7.2 - Multiple Blind SQL Injections
by LiquidWorm
CVE-2015-0779 EXPLOITDB text VERIFIED
Novell ZENworks Configuration Management < 11.3.2 - Remote Code Execution via UploadServlet uid Parameter
Directory traversal vulnerability in UploadServlet in Novell ZENworks Configuration Management (ZCM) 10 and 11 before 11.3.2 allows remote attackers to execute arbitrary code via a crafted directory name in the uid parameter, in conjunction with a WAR filename in the filename parameter and WAR content in the POST data, a different vulnerability than CVE-2010-5323 and CVE-2010-5324.
by Pedro Ribeiro
EIP-2026-114200 EXPLOITDB text
WordPress Plugin Work The Flow File Upload 2.5.2 - Arbitrary File Upload
by Claudio Viviani
EIP-2026-112840 EXPLOITDB text
u-Auctions - Multiple Vulnerabilities
by *Don*
CVE-2014-5288 EXPLOITDB HIGH text
Kemp Load Master < 7.1.20b - Cross-Site Request Forgery in Administrative Pages
A CSRF Vulnerability exists in Kemp Load Master before 7.0-18a via unspecified vectors in administrative pages.
by Roberto Suggi Liverani
CVSS 8.8
CVE-2014-5287 EXPLOITDB HIGH text
Kemp LoadMaster < 7.1-16 - Bash Script Injection via Web User Interface
A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI).
by Roberto Suggi Liverani
CVSS 8.8
EIP-2026-114214 EXPLOITDB text VERIFIED
WordPress Plugin WP Easy Slideshow 1.0.3 - Multiple Vulnerabilities
by Divya
EIP-2026-114176 EXPLOITDB text
WordPress Plugin VideoWhisper Video Presentation 3.31.17 - Arbitrary File Upload
by Larry W. Cashdollar
EIP-2026-114173 EXPLOITDB text
WordPress Plugin VideoWhisper Video Conference Integration 4.91.8 - Arbitrary File Upload
by Larry W. Cashdollar
EIP-2026-114168 EXPLOITDB text
WordPress Plugin Video Gallery 2.8 - Multiple Cross-Site Request Forgery Vulnerabilities
by Divya
CVE-2015-2825 EXPLOITDB text
Simple Ads Manager < 2.5.94 - Unauthenticated Arbitrary File Upload via sam-ajax-admin.php
Unrestricted file upload vulnerability in sam-ajax-admin.php in the Simple Ads Manager plugin before 2.5.96 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in the directory specified by the path parameter.
by ITAS Team
CVE-2015-2824 EXPLOITDB text VERIFIED
Simple Ads Manager < 2.7.97 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in the Simple Ads Manager plugin before 2.7.97 for WordPress allow remote attackers to execute arbitrary SQL commands via a (1) hits[][] parameter in a sam_hits action to sam-ajax.php; the (2) cstr parameter in a load_posts action to sam-ajax-admin.php; the (3) searchTerm parameter in a load_combo_data action to sam-ajax-admin.php; or the (4) subscriber, (5) contributor, (6) author, (7) editor, (8) admin, or (9) sadmin parameter in a load_users action to sam-ajax-admin.php.
by ITAS Team