Text Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-1482 EXPLOITDB text
Ansible Tower <2.0.5 - Auth Bypass
Ansible Tower (aka Ansible UI) before 2.0.5 allows remote attackers to bypass authentication and obtain sensitive information via a websocket connection to socket.io/1/.
by SEC Consult
CVE-2015-1423 EXPLOITDB text
Gecko CMS 2.2-2.3 - SQL Injection
Multiple SQL injection vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote administrators to execute arbitrary SQL commands via the (1) jak_delete_log[] or (2) ssp parameter to admin/index.php.
by LiquidWorm
CVE-2015-1422 EXPLOITDB text
Gecko CMS 2.2-2.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Gecko CMS 2.2 and 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) horder[], (2) jak_catid, (3) jak_content, (4) jak_css, (5) jak_delete_log[], (6) jak_email, (7) jak_extfile, (8) jak_file, (9) jak_hookshow[], (10) jak_img, (11) jak_javascript, (12) jak_lcontent, (13) jak_name, (14) jak_password, (15) jak_showcontact, (16) jak_tags, (17) jak_title, (18) jak_url, (19) jak_username, (20) real_hook_id[], (21) sp, (22) sreal_plugin_id[], (23) ssp, or (24) sssp parameter to admin/index.php or the (25) editor, (26) field_id, (27) fldr, (28) lang, (29) popup, (30) subfolder, or (31) type parameter to js/editor/plugins/filemanager/dialog.php.
by LiquidWorm
CVE-2015-1424 EXPLOITDB text
Gecko CMS 2.2-2.3 - CSRF
Cross-site request forgery (CSRF) vulnerability in Gecko CMS 2.2 and 2.3 allows remote attackers to hijack the authentication of administrators for requests that add an administrator user via a newuser request to admin/index.php.
by LiquidWorm
EIP-2026-102238 EXPLOITDB text
Foxit MobilePDF 4.4.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-102978 EXPLOITDB text
RedStar 3.0 Desktop - 'Software Manager swmng.app' Local Privilege Escalation
by RichardG
EIP-2026-102977 EXPLOITDB text
RedStar 2.0 Desktop - 'World-writeable rc.sysinit' Local Privilege Escalation
by prdelka
EIP-2026-113021 EXPLOITDB text
vBulletin MicroCART 1.1.4 - Arbitrary Files Deletion / SQL Injection / Cross-Site Scripting
by Technidev
CVE-2015-0558 EXPLOITDB MEDIUM text
Adbglobal P.dga4001n Firmware - Missing Encryption
The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6, and possibly other routers, uses "1236790" and the MAC address to generate the WPA key.
by Eduardo Novella
CVSS 5.3
CVE-2015-0919 EXPLOITDB text
Sefrengo < 1.6.0 - SQL Injection
Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php.
by Steffen Rösemann
CVE-2014-9464 EXPLOITDB text
Microweber CMS <20141209 - SQL Injection
SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent_id variable.
by Pham Kien Cuong
CVE-2015-0554 EXPLOITDB text
ADB P.dga4001n Firmware - Access Control
The ADB (formerly Pirelli Broadband Solutions) P.DGA4001N router with firmware PDG_TEF_SP_4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service (device restart) as demonstrated by a direct request to (1) wlsecurity.html or (2) resetrouter.html.
by Eduardo Novella
CVE-2012-2271 EXPLOITDB text
Skincrafter - Memory Corruption
Buffer overflow in the InitLicenKeys function in a certain ActiveX control in SkinCrafter3_vs2005.dll in SkinCrafter 3.0 allows remote attackers to execute arbitrary code via a long string in the first argument (aka the reg_name argument).
by metacom
CVE-2015-1054 EXPLOITDB text
Crea8Social 2.0 - XSS
Cross-site scripting (XSS) vulnerability in the Games feature in Crea8Social 2.0 allows remote authenticated users to inject arbitrary web script or HTML via the Game Content field in Add Game.
by Yudhistira B W
CVE-2005-0273 EXPLOITDB text
Photopost Php Pro < 4.85 - SQL Injection
Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) ppuser parameter.
by GulfTech Security
CVE-2015-1057 EXPLOITDB text VERIFIED
e107 2.0.0 - XSS
Cross-site scripting (XSS) vulnerability in usersettings.php in e107 2.0.0 allows remote attackers to inject arbitrary web script or HTML via the "Real Name" value.
by Ahmet Agar / 0x97
CVE-2005-0270 EXPLOITDB text
Photopost Reviewpost Php Pro < 2.84 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) si parameter to showcat.php, (2) cat or (3) page parameter to showproduct.php, or (4) report parameter to reportproduct.php.
by GulfTech Security
CVE-2015-0002 EXPLOITDB text VERIFIED
Microsoft Windows 7 - Access Control
The AhcVerifyAdminContext function in ahcache.sys in the Application Compatibility component in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does not verify that an impersonation token is associated with an administrative account, which allows local users to gain privileges by running AppCompatCache.exe with a crafted DLL file, aka MSRC ID 20544 or "Microsoft Application Compatibility Infrastructure Elevation of Privilege Vulnerability."
by Google Security Research
EIP-2026-110622 EXPLOITDB text
PhotoPost Classifieds < 2.01 - Multiple Vulnerabilities
by GulfTech Security
CVE-2014-9435 EXPLOITDB text
Absolut Engine 1.73 - SQL Injection
Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the (1) sectionID parameter to admin/managersection.php, (2) userID parameter to admin/edituser.php, (3) username parameter to admin/admin.php, or (4) title parameter to admin/managerrelated.php.
by Steffen Rösemann
CVE-2014-9516 EXPLOITDB text VERIFIED
Social Microblogging PRO 1.5 - XSS
Cross-site scripting (XSS) vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI, related to the "Web Site" input in the Profile section.
by Halil Dalabasmaz
CVE-2004-1423 EXPLOITDB text
Php-calendar < 0.10 - Code Injection
Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP-Calendar before 0.10.1, as used in Commonwealth of Massachusetts Virtual Law Office (VLO) and other products, allow remote attackers to execute arbitrary PHP code via a URL in the phpc_root_path parameter to (1) includes/calendar.php or (2) includes/setup.php.
by GulfTech Security
EIP-2026-116532 EXPLOITDB text
Wickr Desktop 2.2.1 Windows - Denial of Service
by Vulnerability-Lab
CVE-2004-1420 EXPLOITDB text
WHM Autopilot - XSS
Multiple cross-site scripting (XSS) vulnerabilities in header.php in WHM AutoPilot 2.4.6.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) site_title or (2) http_images parameter.
by GulfTech Security
CVE-2014-9457 EXPLOITDB text
PMB <4.1.3 - SQL Injection
SQL injection vulnerability in classes/mono_display.class.php in PMB 4.1.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the id parameter to catalog.php.
by xd4rker dark
By Source
All 31,337 Writeup 59,980 Exploitdb 49,996 Nomisec 21,611 Metasploit 3,219 Github 2,556 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,936 ruby 5,908 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 53 postscript 25 xml 24