Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2022-31062 EXPLOITDB MEDIUM text
glpi_inventory < 1.0.2 - Local File Inclusion via Public Script
### Impact A plugin public script can be used to read content of system files. ### Patches Upgrade to version 1.0.2. ### Workarounds `b/deploy/index.php` file can be deleted if deploy feature is not used.
by Nuri Çilengir
CVSS 5.3
CVE-2022-34125 EXPLOITDB MEDIUM text
GLPI CMDB < 3.0.3 - Unauthenticated Sensitive Information Exposure via File Parameter
front/icon.send.php in the CMDB plugin before 3.0.3 for GLPI allows attackers to gain read access to sensitive information via a _log/ pathname in the file parameter.
by Nuri Çilengir
CVSS 6.5
CVE-2022-34127 EXPLOITDB HIGH text
Managentities <4.0.2 - Path Traversal
The Managentities plugin before 4.0.2 for GLPI allows reading local files via directory traversal in the inc/cri.class.php file parameter.
by Nuri Çilengir
CVSS 7.5
CVE-2022-34128 EXPLOITDB CRITICAL text
GLPI Cartography Plugin <6.0.1 - Remote Code Execution via front/upload.php
The Cartography (aka positions) plugin before 6.0.1 for GLPI allows remote code execution via PHP code in the POST data to front/upload.php.
by Nuri Çilengir
CVSS 9.8
EIP-2026-105824 EXPLOITDB text
ChiKoi v1.0 - SQL Injection
by nu11secur1ty
CVE-2023-23163 EXPLOITDB CRITICAL text VERIFIED
Art Gallery Management System Project 1.0 - SQL Injection via editid Parameter
Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the editid parameter.
by Rahul Patwari
CVSS 9.8
CVE-2023-23162 EXPLOITDB CRITICAL text VERIFIED
Art Gallery Management System Project 1.0 - SQL Injection via cid Parameter
Art Gallery Management System Project v1.0 was discovered to contain a SQL injection vulnerability via the cid parameter at product.php.
by Rahul Patwari
CVSS 9.8
CVE-2023-23161 EXPLOITDB MEDIUM text VERIFIED
Art Gallery Management System Project 1.0 - Reflected Cross-Site Scripting via artname Parameter
A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation bar.
by Rahul Patwari
CVSS 6.1
CVE-2022-47870 EXPLOITDB MEDIUM text
Redgate SQL Monitor 12.1.31.893 - Cross-Site Scripting via returnUrl Parameter
A Cross Site Scripting (XSS) vulnerability in the web SQL monitor login page in Redgate SQL Monitor 12.1.31.893 allows remote attackers to inject arbitrary web Script or HTML via the returnUrl parameter.
by geeklinuxman
CVSS 6.1
EIP-2026-104320 EXPLOITDB text
ManageEngin AMP 4.3.0 - File-path-traversal
by nu11secur1ty
EIP-2026-104150 EXPLOITDB text
Active eCommerce CMS 6.5.0 - Stored Cross-Site Scripting (XSS)
by Sajibe Kanti
CVE-2022-45639 EXPLOITDB HIGH text
the_sleuth_kit 4.11.1 - OS Command Injection via m Parameter
OS Command injection vulnerability in sleuthkit fls tool 4.11.1 allows attackers to execute arbitrary commands via a crafted value to the m parameter. NOTE: third parties have disputed this because there is no analysis showing that the backtick command executes outside the context of the user account that entered the command line.
by Dino Barlattani
CVSS 7.8
CVE-2023-53982 EXPLOITDB HIGH text
PMB 7.4.6 - SQL Injection via ajax.php Storage Parameter
PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsanitized 'id' parameter by injecting conditional sleep statements to extract information or perform time-based blind SQL injection attacks.
by str0xo DZ
CVSS 7.5
CVE-2023-54328 EXPLOITDB MEDIUM text
AimOne Video Converter 2.04 Build 103 - Buffer Overflow in Registration Form
AimOne Video Converter 2.04 Build 103 contains a buffer overflow vulnerability in its registration form that causes application crashes. Attackers can generate a 7000-byte payload to trigger the denial of service and potentially exploit the software's registration mechanism.
by nu11secur1ty
CVSS 6.5
CVE-2022-50693 EXPLOITDB HIGH text
Splashtop 8.71.12001.0 - Code Injection
Splashtop 8.71.12001.0 contains an unquoted service path vulnerability in the Splashtop Software Updater Service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in C:\Program Files (x86)\Splashtop\Splashtop Software Updater\ to inject malicious executables and escalate privileges.
by A.I. hernandez
CVSS 8.4
CVE-2022-30519 EXPLOITDB MEDIUM text
Reprise License Manager 14.2bl4-16.0 - Cross-Site Scripting via Signing Form Password Field
XSS in signing form in Reprise Software RLM License Administration v14.2BL4 allows remote attacker to inject arbitrary code via password field.
by Mohammed A.Siledar
CVSS 6.1
CVE-2022-48197 EXPLOITDB MEDIUM text VERIFIED
YUI 2000-2800 - Reflected Cross-Site Scripting in Sandbox Examples
Reflected cross-site scripting (XSS) exists in Sandbox examples in the YUI2 repository. The download distributions, TreeView component and the YUI Javascript library overall are not affected. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
by SITE Team
CVSS 6.1
EIP-2026-114416 EXPLOITDB text
XCMS v1.83 - Remote Command Execution (RCE)
by Onurcan
EIP-2026-111510 EXPLOITDB text
Prizm Content Connect v10.5.1030.8315 - XXE
by xhzeem
CVE-2022-41413 EXPLOITDB MEDIUM text
perfSONAR 4.0-4.4.5 - Cross-Site Request Forgery via Search Function
perfSONAR v4.x <= v4.4.5 was discovered to contain a Cross-Site Request Forgery (CSRF) which is triggered when an attacker injects crafted input into the Search function.
by Ryan Moore
CVSS 4.3
CVE-2022-44877 EXPLOITDB CRITICAL text
CWP login.php Unauthenticated RCE
login/index.php in CWP (aka Control Web Panel or CentOS Web Panel) 7 before 0.9.8.1147 allows remote attackers to execute arbitrary OS commands via shell metacharacters in the login parameter.
by numan türle
CVSS 9.8
CVE-2022-37706 EXPLOITDB HIGH text
Ubuntu Enlightenment Mount Priv Esc
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.
by nu11secur1ty
CVSS 7.8
CVE-2021-44228 EXPLOITDB CRITICAL text
Log4Shell HTTP Header Injection
Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. From log4j 2.15.0, this behavior has been disabled by default. From version 2.16.0 (along with 2.12.2, 2.12.3, and 2.3.1), this functionality has been completely removed. Note that this vulnerability is specific to log4j-core and does not affect log4net, log4cxx, or other Apache Logging Services projects.
by Chan Nyein Wai
CVSS 10.0
EIP-2026-101756 EXPLOITDB text
GeoVision Camera GV-ADR2701 - Authentication Bypass
by Chan Nyein Wai
EIP-2026-101313 EXPLOITDB text
Hughes Satellite Router HX200 v8.3.1.14 - Remote File Inclusion
by LiquidWorm
By Source
All 31,386 Writeup 62,029 Exploitdb 50,076 Nomisec 22,334 Github 3,515 Metasploit 3,299 Vulncheck_xdb 927 Inthewild 514 Gitlab 470 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,514 ruby 5,989 c 3,622 perl 2,849 html 2,072 php 1,332 bash 462 java 370 c++ 257 javascript 228 shell 130 go 72 postscript 25 typescript 25