Text Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-2102 EXPLOITDB text
Clip-bucket Clipbucket - SQL Injection
SQL injection vulnerability in view_item.php in ClipBucket 2.7 RC3 (2.7.0.4.v2929-rc3) allows remote attackers to execute arbitrary SQL commands via the item parameter.
by CWH Underground
CVE-2015-2198 EXPLOITDB text
Beehive Forum - XSS
Multiple cross-site scripting (XSS) vulnerabilities in edit_prefs.php in Beehive Forum 1.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) homepage_url, (2) pic_url, or (3) avatar_url parameter, which are not properly handled in an error message.
by Halil Dalabasmaz
CVE-2015-0273 EXPLOITDB text
Php < 5.4.37 - Use After Free
Multiple use-after-free vulnerabilities in ext/date/php_date.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allow remote attackers to execute arbitrary code via crafted serialized input containing a (1) R or (2) r type specifier in (a) DateTimeZone data handled by the php_date_timezone_initialize_from_hash function or (b) DateTime data handled by the php_date_initialize_from_hash function.
by Taoguang Chen
EIP-2026-119683 EXPLOITDB text
Pentaho < 4.5.0 - User Console XML Injection
by K.d Long
CVE-2015-1517 EXPLOITDB text
Piwigo <2.7.4 - SQL Injection
SQL injection vulnerability in Piwigo before 2.7.4, when all filters are activated, allows remote authenticated users to execute arbitrary SQL commands via the filter_level parameter in a "Refresh photo set" action in the batch_manager page to admin.php.
by Sven Schleier
EIP-2026-111293 EXPLOITDB text
Piwigo 2.7.3 - Multiple Vulnerabilities
by Steffen Rösemann
EIP-2026-104736 EXPLOITDB text
jQuery - jui_filter_rules PHP Code Execution
by Timo Schmid
EIP-2026-104214 EXPLOITDB text
CrushFTP 7.2.0 - Multiple Vulnerabilities
by Rehan Ahmed
CVE-2014-9262 EXPLOITDB HIGH text
Wordpress <0.5.10 - Authenticated RCE
The Duplicator plugin in Wordpress before 0.5.10 allows remote authenticated users to create and download backup files.
by Kacper Szurek
CVSS 8.2
CVE-2015-2070 EXPLOITDB text
Etouch Samepage - SQL Injection
SQL injection vulnerability in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote attackers to execute arbitrary SQL commands via the catId parameter to cm/blogrss/feed.
by Brandon Perry
CVE-2015-2199 EXPLOITDB text
Wonderplugin Audio Player < 2.0 - SQL Injection
Multiple SQL injection vulnerabilities in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow (1) remote authenticated users to execute arbitrary SQL commands via the item[id] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or remote administrators to execute arbitrary SQL commands via the itemid parameter in the (2) wonderplugin_audio_show_item, (3) wonderplugin_audio_show_items, or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php.
by Kacper Szurek
CVE-2015-2218 EXPLOITDB text
Magic Hills Wonderplugin Audio Player < 2.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in the wp_ajax_save_item function in wonderpluginaudio.php in the WonderPlugin Audio Player plugin before 2.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) item[name] or (2) item[customcss] parameter in a wonderplugin_audio_save_item action to wp-admin/admin-ajax.php or the itemid parameter in the (3) wonderplugin_audio_show_item or (4) wonderplugin_audio_edit_item page to wp-admin/admin.php.
by Kacper Szurek
CVE-2015-1494 EXPLOITDB text VERIFIED
FancyBox for WordPress <3.0.3 - XSS
The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an mfbfw[*] parameter in an update action to wp-admin/admin-post.php, as demonstrated by the mfbfw[padding] parameter and exploited in the wild in February 2015.
by NULLpOint7r
CVE-2015-2071 EXPLOITDB text
Etouch Samepage - Path Traversal
Directory traversal vulnerability in cm/newui/blog/export.jsp in eTouch SamePage Enterprise Edition 4.4.0.0.239 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the filepath parameter.
by Brandon Perry
EIP-2026-117837 EXPLOITDB text
Realtek 11n Wireless LAN utility - Local Privilege Escalation
by Humberto Cabrera
CVE-2015-2065 EXPLOITDB text
Apptha Wordpress Video Gallery < 2.7 - SQL Injection
SQL injection vulnerability in videogalleryrss.php in the Apptha WordPress Video Gallery (contus-video-gallery) plugin before 2.8 for WordPress allows remote attackers to execute arbitrary SQL commands via the vid parameter in a rss action to wp-admin/admin-ajax.php.
by Claudio Viviani
CVE-2014-8690 EXPLOITDB text
Exponent CMS <2.1.4-2.3.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS before 2.1.4 patch 6, 2.2.x before 2.2.3 patch 9, and 2.3.x before 2.3.1 patch 4 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO, the (2) src parameter in a none action to index.php, or the (3) "First Name" or (4) "Last Name" field to users/edituser.
by Mayuresh Dani
CVE-2015-2090 EXPLOITDB text
Sympies Wordpress Survey And Poll - SQL Injection
SQL injection vulnerability in the ajax_survey function in settings.php in the WordPress Survey and Poll plugin 1.1.7 for Wordpress allows remote attackers to execute arbitrary SQL commands via the survey_id parameter in an ajax_survey action to wp-admin/admin-ajax.php.
by Securely (Yoo Hee man)
EIP-2026-110459 EXPLOITDB text
Pandora FMS 5.1 SP1 - SQL Injection
by Vulnerability-Lab
CVE-2014-6137 EXPLOITDB text
IBM Tivoli Endpoint Manager < 9.1.1117 - XSS
Cross-site scripting (XSS) vulnerability in the Relay Diagnostic page in IBM Tivoli Endpoint Manager 9.1 before 9.1.1229 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by RedTeam Pentesting
EIP-2026-101829 EXPLOITDB text
LG DVR LE6016D - Remote File Disclosure
by Yakir Wizman
CVE-2015-1576 EXPLOITDB text
u5CMS <3.9.4 - SQL Injection
Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to (1) copy2.php, (2) localize.php, (3) metai.php, (4) nc.php, (5) new2.php, or (6) rename2.php in u5admin/; (7) c parameter to u5admin/editor.php; (8) typ parameter to u5admin/meta2.php; or (9) newname parameter to u5admin/rename2.php.
by LiquidWorm
CVE-2015-1575 EXPLOITDB text
u5CMS <3.9.4 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in u5CMS before 3.9.4 allow remote attackers to inject arbitrary web script or HTML via the (1) c, (2) i, (3) l, or (4) p parameter to index.php; the (5) a or (6) b parameter to u5admin/cookie.php; the name parameter to (7) copy.php or (8) delete.php in u5admin/; the (9) f or (10) typ parameter to u5admin/deletefile.php; the (11) n parameter to u5admin/done.php; the (12) c parameter to u5admin/editor.php; the (13) uri parameter to u5admin/meta2.php; the (14) n parameter to u5admin/notdone.php; the (15) newname parameter to u5admin/rename2.php; the (16) l parameter to u5admin/sendfile.php; the (17) s parameter to u5admin/characters.php; the (18) page parameter to u5admin/savepage.php; or the (19) name parameter to u5admin/new2.php.
by LiquidWorm
EIP-2026-112841 EXPLOITDB text
u5CMS 3.9.3 - 'thumb.php' Local File Inclusion
by LiquidWorm
CVE-2015-1577 EXPLOITDB text
u5CMS <3.9.4 - Path Traversal
Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote attackers to write to arbitrary files via a (1) .. (dot dot) or (2) full pathname in the f parameter.
by LiquidWorm
By Source
All 31,337 Writeup 59,977 Exploitdb 49,996 Nomisec 21,600 Metasploit 3,218 Github 2,556 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,936 ruby 5,907 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 53 postscript 25 xml 24