Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-2826 EXPLOITDB MEDIUM text
WordPress Simple Ads Manager 2.5.94 and 2.5.96 - Exposure of Sensitive Information
WordPress Simple Ads Manager plugin 2.5.94 and 2.5.96 allows remote attackers to obtain sensitive information.
by ITAS Team
CVSS 5.3
EIP-2026-113615 EXPLOITDB text VERIFIED
WordPress Plugin Business Intelligence - SQL Injection (Metasploit)
by Jagriti Sahu
EIP-2026-113614 EXPLOITDB text VERIFIED
WordPress Plugin Business Intelligence - SQL Injection (Metasploit)
by Jagriti Sahu
EIP-2026-113613 EXPLOITDB text VERIFIED
WordPress Plugin Business Intelligence - SQL Injection (Metasploit)
by Jagriti Sahu
EIP-2026-111201 EXPLOITDB text
phpSFP Schedule Facebook Posts 1.5.6 - SQL Injection
by @u0x
EIP-2026-109640 EXPLOITDB text
Multiple WordPress UpThemes Themes - Arbitrary File Upload
by Divya
EIP-2026-108507 EXPLOITDB text VERIFIED
Joomla! Component com_rand - SQL Injection
by Jagriti Sahu
CVE-2014-7910 EXPLOITDB text
Google Chrome < 39.0.2171.65 - Denial of Service or Other Impact
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
by Roberto Suggi Liverani
CVE-2015-2166 EXPLOITDB text
Ericsson Drutt Mobile Service Delivery Platform 4,5,6 Path Traversal via Dot Dot Encoded Slash
Directory traversal vulnerability in the Instance Monitor in Ericsson Drutt Mobile Service Delivery Platform (MSDP) 4, 5, and 6 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the default URI.
by Anastasios Monachos
CVE-2014-9147 EXPLOITDB HIGH text
Fiyo CMS < 2.0.1.8 - Exposure of Sensitive Information via Database Backup File
Fiyo CMS 2.0.1.8 allows remote attackers to obtain sensitive information via a direct request to the database backup file in .backup/.
by Mahendra
CVSS 7.5
EIP-2026-114077 EXPLOITDB text
WordPress Plugin SP Project & Document Manager 2.5.3 - Blind SQL Injection
by Catsecurity
CVE-2014-9148 EXPLOITDB CRITICAL text
fiyo_cms < 2.0.1.8 - Improper Access Control via Direct Request to fiyo/dapur
Fiyo CMS 2.0.1.8 allows remote attackers to bypass intended access restrictions and execute the (1) "Install and Update" or (2) Backup super administrator function via the view parameter in a direct request to fiyo/dapur.
by Mahendra
CVSS 9.8
CVE-2015-1579 EXPLOITDB text
Elegant Themes Divi - Path Traversal
Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image action to wp-admin/admin-ajax.php. NOTE: this vulnerability may be a duplicate of CVE-2014-9734.
by Claudio Viviani
EIP-2026-113570 EXPLOITDB text
WordPress Plugin aspose-doc-exporter 1.0 - Arbitrary File Download
by ACC3SS
CVE-2015-2798 EXPLOITDB CRITICAL text
Contact Form Maker 1.0.1 - SQL Injection via id Parameter
SQL injection vulnerability in Joomla! Component Contact Form Maker 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by TUNISIAN CYBER
CVSS 9.8
EIP-2026-108356 EXPLOITDB text
Joomla! Component com_gallery_wd - SQL Injection
by CrashBandicot
EIP-2026-103064 EXPLOITDB text
Apache Spark Cluster 1.3.x - Arbitrary Code Execution
by Akhil Das
CVE-2015-1815 EXPLOITDB text
setroubleshoot < 3.2.22 - Remote Code Execution via Filename Shell Metacharacters
The get_rpm_nvr_by_file_path_temporary function in util.py in setroubleshoot before 3.2.22 allows remote attackers to execute arbitrary commands via shell metacharacters in a file name.
by Sebastian Krahmer
CVE-2015-2780 EXPLOITDB CRITICAL text
Berta CMS < 0.8.9b - Unauthenticated Arbitrary File Upload and Remote Code Execution via Image File
Unrestricted file upload vulnerability in Berta CMS allows remote attackers to execute arbitrary code by uploading a crafted image file with an executable extension, then accessing it via a direct request to the file in an unspecified directory.
by Simon Waters
CVSS 9.8
CVE-2015-2294 EXPLOITDB text
pfSense < 2.2.1 - Cross-Site Scripting via Multiple WebGUI Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the WebGUI in pfSense before 2.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) zone parameter to status_captiveportal.php; (2) if or (3) dragtable parameter to firewall_rules.php; (4) queue parameter in an add action to firewall_shaper.php; (5) id parameter in an edit action to services_unbound_acls.php; or (6) filterlogentries_time, (7) filterlogentries_sourceipaddress, (8) filterlogentries_sourceport, (9) filterlogentries_destinationipaddress, (10) filterlogentries_interfaces, (11) filterlogentries_destinationport, (12) filterlogentries_protocolflags, or (13) filterlogentries_qty parameter to diag_logs_filter.php.
by High-Tech Bridge SA
CVE-2015-2097 EXPLOITDB text
WebGate Embedded Standard Protocol SDK - Buffer Overflows in LoadImage, LoadImageEx, ChangePassword, Connect, and AddID
Multiple buffer overflows in WebGate Embedded Standard Protocol (WESP) SDK allow remote attackers to execute arbitrary code via unspecified vectors to the (1) LoadImage or (2) LoadImageEx function in the WESPMonitor.WESPMonitorCtrl.1 control, (3) ChangePassword function in the WESPCONFIGLib.UserItem control, Connect function in the (4) WESPSerialPort.WESPSerialPortCtrl.1 or (5) WESPPLAYBACKLib.WESPPlaybackCtrl control, or (6) AddID function in the WESPCONFIGLib.IDList control or a (7) long string to the second argument to the ConnectEx3 function in the WESPPLAYBACKLib.WESPPlaybackCtrl control.
by Praveen Darshanam
CVE-2015-2295 EXPLOITDB text
pfSense < 2.2 - Cross-Site Request Forgery via system_firmware_restorefullbackup.php deletefile Parameter
Cross-site request forgery (CSRF) vulnerability in system_firmware_restorefullbackup.php in the WebGUI in pfSense before 2.2.1 allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary files via the deletefile parameter.
by High-Tech Bridge SA
CVE-2015-0313 EXPLOITDB CRITICAL text
Adobe Flash Player < 11.2.202.442 - Use-After-Free
Use-after-free vulnerability in Adobe Flash Player before 13.0.0.269 and 14.x through 16.x before 16.0.0.305 on Windows and OS X and before 11.2.202.442 on Linux allows remote attackers to execute arbitrary code via unspecified vectors, as exploited in the wild in February 2015, a different vulnerability than CVE-2015-0315, CVE-2015-0320, and CVE-2015-0322.
by SecurityObscurity
CVSS 9.8
CVE-2014-9014 EXPLOITDB MEDIUM text
WP Marketplace <2.4.1 - Path Traversal
Directory traversal vulnerability in the ajaxinit function in wpmarketplace/libs/cart.php in the WP Marketplace plugin before 2.4.1 for WordPress allows remote authenticated users to download arbitrary files via a .. (dot dot) in the file parameter.
by Kacper Szurek
CVSS 4.3
EIP-2026-108870 EXPLOITDB text
Joomla! Component Spider FAQ - SQL Injection
by Manish Tanwar