Text Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-2560 EXPLOITDB HIGH text
PhonerLite <2.15 - Info Disclosure
The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack, related to a "SIP Digest Leak" issue.
by Jason Ostrom
CVSS 7.5
EIP-2026-107618 EXPLOITDB text
Horde Webmail 5.1 - Open Redirect
by felipe andrian
EIP-2026-105090 EXPLOITDB text
Alienvault 4.5.0 - (Authenticated) SQL Injection (Metasploit)
by Brandon Perry
CVE-2014-2674 EXPLOITDB HIGH text
Ajax Pagination (twitter Style) <1.1 - Path Traversal
Directory traversal vulnerability in the Ajax Pagination (twitter Style) plugin 1.1 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the loop parameter in an ajax_navigation action to wp-admin/admin-ajax.php.
by Glyn Wintle
CVSS 7.5
EIP-2026-104766 EXPLOITDB text
plexusCMS 0.5 - Cross-Site Scripting / Remote Shell / Credentials Leak
by neglomaniac
CVE-2014-0644 EXPLOITDB text
EMC Cloud Tiering Appliance Software - Information Disclosure
EMC Cloud Tiering Appliance (CTA) 10 through SP1 allows remote attackers to read arbitrary files via an api/login request containing an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue, as demonstrated by reading the /etc/shadow file.
by Brandon Perry
EIP-2026-102304 EXPLOITDB text
Vanctech File Commander 1.1 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-102284 EXPLOITDB text
PhotoWIFI Lite 1.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-100882 EXPLOITDB text VERIFIED
Primo Interactive CMS - 'pcm.cgi' Remote Command Execution
by Felipe Andrian Peixoto
EIP-2026-100125 EXPLOITDB text
ASP-Nuke 2.0.7 - 'gotourl.asp' Open Redirect
by felipe andrian
EIP-2026-102252 EXPLOITDB text
iStArtApp FileXChange 6.2 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-109153 EXPLOITDB text VERIFIED
LinEx - Password Reset
by N B Sri Harsha
EIP-2026-108772 EXPLOITDB text
Joomla! Component Kunena 3.0.4 - Persistent Cross-Site Scripting
by Qoppa
CVE-2014-2879 EXPLOITDB text
Sonicwall Email Security Appliance < 7.4.5 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the uploadPatch parameter to the System/Advanced page (settings_advanced.html) or (2) the uploadLicenses parameter in the License management (settings_upload_dlicense.html) page.
by Vulnerability-Lab
EIP-2026-102254 EXPLOITDB text
Lazybone Studios WiFi Music 1.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-102240 EXPLOITDB text
FTP Drive + HTTP 1.0.4 iOS - Code Execution
by Vulnerability-Lab
EIP-2026-102227 EXPLOITDB text
ePhone Disk 1.0.2 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-102224 EXPLOITDB text
Easy FileManager 1.1 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-110267 EXPLOITDB text
OpenCart 1.5.6.1 - 'openbay' Multiple SQL Injections
by Saadi Siddiqui
CVE-2014-2531 EXPLOITDB text VERIFIED
InterWorx Web Control Panel <5.0.14 - SQL Injection
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) Resellers interface, as demonstrated by the "or" key in a pgn8state object in an i object in a JSON object.
by Eric Flokstra
CVE-2014-2668 EXPLOITDB text VERIFIED
Apache CouchDB <1.5.0 - DoS
Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids.
by Krusty Hack
CVE-2014-1982 EXPLOITDB text
Alliedtelesis Img646bd Firmware - Authentication Bypass
The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html.
by Groundworks Technologies
EIP-2026-100789 EXPLOITDB text VERIFIED
DotItYourself - 'dot-it-yourself.cgi' Remote Command Execution
by Felipe Andrian Peixoto
EIP-2026-100756 EXPLOITDB text VERIFIED
Beheer Systeem - 'pbs.cgi' Remote Command Execution
by Felipe Andrian Peixoto
EIP-2026-111618 EXPLOITDB text
qEngine CMS 6.0.0 - Multiple Vulnerabilities
by LiquidWorm
By Source
All 31,337 Writeup 60,101 Exploitdb 49,996 Nomisec 21,652 Metasploit 3,219 Github 2,560 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,937 ruby 5,908 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 55 postscript 25 xml 24