Text Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-111617 EXPLOITDB text VERIFIED
qEngine 4.1.6/6.0.0 - 'task.php' Local File Inclusion
by Gjoko Krstic
EIP-2026-108989 EXPLOITDB text
Kemana Directory 1.5.6 - Remote Code Execution
by LiquidWorm
EIP-2026-108988 EXPLOITDB text
Kemana Directory 1.5.6 - kemana_admin_passwd Cookie User Password Hash Disclosure
by LiquidWorm
EIP-2026-108987 EXPLOITDB text
Kemana Directory 1.5.6 - Database Backup Disclosure
by LiquidWorm
EIP-2026-108986 EXPLOITDB text
Kemana Directory 1.5.6 - 'task.php' Local File Inclusion
by LiquidWorm
EIP-2026-108985 EXPLOITDB text
Kemana Directory 1.5.6 - 'qvc_init()' Cookie Poisoning CAPTCHA Bypass
by LiquidWorm
EIP-2026-107396 EXPLOITDB text VERIFIED
Getsimple CMS 3.3.1 - Persistent Cross-Site Scripting
by Jeroen - IT Nerdbox
EIP-2026-105753 EXPLOITDB text
Cart Engine 3.0.0 - Remote Code Execution
by LiquidWorm
EIP-2026-105752 EXPLOITDB text
Cart Engine 3.0.0 - Database Backup Disclosure
by LiquidWorm
EIP-2026-105751 EXPLOITDB text
Cart Engine 3.0.0 - 'task.php' Local File Inclusion
by LiquidWorm
CVE-2013-7346 EXPLOITDB text VERIFIED
Symphony CMS <2.3.2 - CSRF
Cross-site request forgery (CSRF) vulnerability in Symphony CMS before 2.3.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the sort parameter to system/authors/, related to CVE-2013-2559.
by High-Tech Bridge
CVE-2008-6660 EXPLOITDB text VERIFIED
Ozerov Bigdump - Unrestricted File Upload
Unrestricted file upload vulnerability in bigdump.php in Alexey Ozerov BigDump 0.29b allows remote attackers to execute arbitrary code by uploading a file with an executable extension followed by a .sql extension, then accessing this file via a direct request. NOTE: some of these details are obtained from third party information.
by felipe andrian
EIP-2026-109125 EXPLOITDB text VERIFIED
LifeSize UVC 1.2.6 - (Authenticated) Remote Code Execution
by Brandon Perry
EIP-2026-100824 EXPLOITDB text VERIFIED
innoEDIT - 'innoedit.cgi' Remote Command Execution
by Felipe Andrian Peixoto
CVE-2014-2017 EXPLOITDB MEDIUM text
OXID eShop <4.7.11-4.8.4, <5.0.11-5.1.4 - CRLF Injection
CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4, and Community Edition before 4.7.11 and 4.8.x before 4.8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
by //sToRm
CVSS 6.1
EIP-2026-102317 EXPLOITDB text
Wireless Drive 1.1.0 iOS - Multiple Web Vulnerabilities
by Vulnerability-Lab
EIP-2026-101624 EXPLOITDB text
D-Link DIR-600L AX 1.00 - Cross-Site Request Forgery
by Dhruv Shah
CVE-2014-2587 EXPLOITDB text
McAfee Asset Manager 6.6 - SQL Injection
SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter).
by Brandon Perry
CVE-2014-2586 EXPLOITDB text
McAfee Cloud SSO - XSS
Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote attackers to inject arbitrary web script or HTML via a crafted password.
by Brandon Perry
EIP-2026-114803 EXPLOITDB text
Quantum DXi V1000 2.2.1 - Static SSH Key
by xistence
EIP-2026-114789 EXPLOITDB text
Loadbalancer.org Enterprise VA 7.5.2 - Static SSH Key
by xistence
CVE-2014-2339 EXPLOITDB text VERIFIED
GNUboard 5.x - SQL Injection
Multiple SQL injection vulnerabilities in bbs/ajax.autosave.php in GNUboard 5.x and possibly earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) subject or (2) content parameter.
by Claepo Wang
EIP-2026-105465 EXPLOITDB text VERIFIED
BigACE 2.7.5 - 'LANGUAGE' Directory Traversal
by Hossein Hezami
CVE-2008-5191 EXPLOITDB text VERIFIED
SePortal 2.4 - SQL Injection
Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and the (2) sp_id parameter to staticpages.php.
by jsass
CVE-2014-2588 EXPLOITDB text
McAfee Asset Manager 6.6 - Path Traversal
Directory traversal vulnerability in servlet/downloadReport in McAfee Asset Manager 6.6 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the reportFileName parameter.
by Brandon Perry
By Source
All 31,337 Writeup 60,101 Exploitdb 49,996 Nomisec 21,652 Metasploit 3,219 Github 2,560 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,937 ruby 5,908 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 55 postscript 25 xml 24