Text Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-107680 EXPLOITDB text
Humhub 0.10.0-rc.1 - Multiple Persistent Cross-Site Scripting Vulnerabilities
by Jos Wetzels_ Emiel Florijn
CVE-2014-8810 EXPLOITDB text
WP Symposium <14.11 - SQL Injection
SQL injection vulnerability in ajax/mail_functions.php in the WP Symposium plugin before 14.11 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the tray parameter in a getMailMessage action.
by Kacper Szurek
EIP-2026-113550 EXPLOITDB text
WordPress Plugin Ajax Store Locator 1.2 - Arbitrary File Download
by Claudio Viviani
EIP-2026-110511 EXPLOITDB text
PBBoard CMS - Persistent Cross-Site Scripting
by Manish Tanwar
EIP-2026-107731 EXPLOITDB text
IceHrm 7.1 - Multiple Vulnerabilities
by LiquidWorm
EIP-2026-107208 EXPLOITDB text VERIFIED
Free Article Submissions 1.0 - SQL Injection
by BarrabravaZ
CVE-2014-9215 EXPLOITDB text
PBBoard <3.0.1 - SQL Injection
SQL injection vulnerability in the CheckEmail function in includes/functions.class.php in PBBoard 3.0.1 before 20141128 allows remote attackers to execute arbitrary SQL commands via the email parameter in the register page to index.php. NOTE: the email parameter in the forget page vector is already covered by CVE-2012-4034.2.
by Tran Dinh Tien
EIP-2026-103356 EXPLOITDB text
Offset2lib - Bypassing Full ASLR On 64 bit Linux
by Packet Storm
CVE-2014-9143 EXPLOITDB text
Technicolor Router TD5130 - Open Redirect
Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the failrefer parameter.
by Crash
CVE-2014-9142 EXPLOITDB text
Technicolor Router TD5130 - Firmware 2.05.C29GV - XSS
Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter.
by Crash
CVE-2014-9144 EXPLOITDB text
Technicolor Router TD5130 <2.05.C29GV - RCE
Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter).
by Crash
CVE-2014-9345 EXPLOITDB text
Guruperl.net AWP PRO <6.6 - SQL Injection
SQL injection vulnerability in Guruperl.net Advertise With Pleasure! Professional (aka AWP PRO) 6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the group_id parameter in a list_zone action to cgi/client.cgi.
by Robert Cooper
CVE-2014-9173 EXPLOITDB text
Google Doc Embedder <2.5.15 - SQL Injection
SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter.
by Securely (Yoo Hee man)
EIP-2026-113634 EXPLOITDB text VERIFIED
WordPress Plugin CodeArt Google MP3 Player - File Disclosure Download
by QK14 Team
CVE-2014-9305 EXPLOITDB text
Cart66 Lite <1.5.2 - SQL Injection
SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.2 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a shortcode_products_table action to wp-admin/admin-ajax.php.
by Kacper Szurek
CVE-2014-5446 EXPLOITDB text
Zohocorp Manageengine It360 - Path Traversal
Directory traversal vulnerability in the DisplayChartPDF servlet in ZOHO ManageEngine Netflow Analyzer 8.6 through 10.2 and IT360 10.3 allows remote attackers and remote authenticated users to read arbitrary files via a .. (dot dot) in the filename parameter.
by Pedro Ribeiro
EIP-2026-103028 EXPLOITDB text
VFU 4.10-1.1 - Local Buffer Overflow
by Juan Sacco
CVE-2014-9141 EXPLOITDB text
Thomson Reuters Fixed Assets CS <13.1.4 - Code Injection
The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program.
by Information Paradox
CVE-2014-8800 EXPLOITDB text
Nextend Facebook Connect <1.5.1 - XSS
Cross-site scripting (XSS) vulnerability in nextend-facebook-settings.php in the Nextend Facebook Connect plugin before 1.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fb_login_button parameter in a newfb_update_options action.
by Kacper Szurek
CVE-2014-6235 EXPLOITDB text
DomPDF <0.0.5 - RCE
Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors.
by RedTeam Pentesting
EIP-2026-112401 EXPLOITDB text
SQL Buddy 1.3.3 - Remote Code Execution
by Fady Mohammed Osman
EIP-2026-101930 EXPLOITDB text
Prolink PRN2001 - Multiple Vulnerabilities
by Herman Groeneveld
CVE-2014-9303 EXPLOITDB text
EntryPass N5200 - Info Disclosure
EntryPass N5200 Active Network Control Panel allows remote attackers to read device memory and obtain the administrator username and password via a URL starting with an ASCII character o through z or A through D, different vectors than CVE-2014-8868.
by RedTeam Pentesting
EIP-2026-101332 EXPLOITDB text
IPUX Cube Type CS303C IP Camera - 'UltraMJCamX.ocx' ActiveX Stack Buffer Overflow
by LiquidWorm
EIP-2026-101331 EXPLOITDB text
IPUX CS7522/CS2330/CS2030 IP Camera - 'UltraHVCamX.ocx' ActiveX Stack Buffer Overflow
by LiquidWorm
By Source
All 31,337 Writeup 59,980 Exploitdb 49,996 Nomisec 21,611 Metasploit 3,219 Github 2,556 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,936 ruby 5,908 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 53 postscript 25 xml 24