Text Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110799 EXPLOITDB text
PHP-CMDB 0.7.3 - Multiple Vulnerabilities
by HauntIT
EIP-2026-110769 EXPLOITDB text VERIFIED
PHP Ticket System Beta 1 - 'get_all_created_by_user.php?id' SQL Injection
by HauntIT
CVE-2013-6231 EXPLOITDB HIGH text
ENG Spagobi < 4.1 - Improper Privilege Management
SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script
by Christian Catalano
CVSS 8.8
CVE-2014-9304 EXPLOITDB text
Plex Media Server <0.9.9.3 - SSRF
Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web server.
by SEC Consult
EIP-2026-101847 EXPLOITDB text
MICROSENS Profi Line Switch 10.3.1 - Privilege Escalation
by SEC Consult
CVE-2014-100031 EXPLOITDB text
Ismail Fahmi Ganesha Digital Library - SQL Injection
Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL) 4.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) download.php or (2) main.php.
by ByEge
EIP-2026-102217 EXPLOITDB text
Bluetooth Photo Share Pro 2.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2014-2211 EXPLOITDB text VERIFIED
POSH <3.3.0 - SQL Injection
SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter.
by Anthony BAUBE
CVE-2014-4613 EXPLOITDB MEDIUM text
Piwigo <2.6.2 - CSRF
Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php.
by killall-9
CVSS 6.5
EIP-2026-117701 EXPLOITDB text VERIFIED
Notepad++ CCompletion Plugin 1.19 - Local Stack Buffer Overflow
by tishion
EIP-2026-116488 EXPLOITDB text VERIFIED
VideoLAN VLC Media Player 2.1.3 - '.avs' Crash (PoC)
by kw4
CVE-2014-100012 EXPLOITDB text VERIFIED
Sendy - SQL Injection
SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter.
by Hurley
EIP-2026-102314 EXPLOITDB text
WiFiles HD 1.3 iOS - Local File Inclusion
by Vulnerability-Lab
EIP-2026-102289 EXPLOITDB text
Private Camera Pro 5.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2014-1677 EXPLOITDB HIGH text
Technicolor TC7200 - Info Disclosure
Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.
by Jeroen - IT Nerdbox
CVSS 7.5
CVE-2014-1854 EXPLOITDB text VERIFIED
WordPress AdRotate Pro/FREE <3.9.5/3.9.4 - SQL Injection
SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter.
by High-Tech Bridge SA
CVE-2014-2090 EXPLOITDB text
ILIAS 4.4.1 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ILIAS 4.4.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tar, (2) tar_val, or (3) title parameter.
by HauntIT
CVE-2014-2091 EXPLOITDB text VERIFIED
ATutor 2.1.1 - XSS
Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title parameter in an add_forum action. NOTE: the original disclosure also reported issues that may not cross privilege boundaries.
by HauntIT
CVE-2014-2069 EXPLOITDB HIGH text VERIFIED
Eshtery CMS - Path Traversal
Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx.
by peng.deng
CVSS 7.5
EIP-2026-108923 EXPLOITDB text VERIFIED
Jorjweb - 'id' SQL Injection
by Vulnerability Laboratory
CVE-2014-10009 EXPLOITDB text
Iwcn Stark Crm - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) notes parameter to the client page; (4) insu_name or (5) price parameter to the add_insurance_cat page; or (6) status[] parameter to the add_status page.
by LiquidWorm
EIP-2026-101548 EXPLOITDB text
Barracuda Firewall 6.1.0.016 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-119390 EXPLOITDB text
Lotus Sametime 8.5.1 - Password Disclosure
by Adriano Marcio Monteiro
EIP-2026-113925 EXPLOITDB text VERIFIED
WordPress Plugin NextGEN Gallery - 'jqueryFileTree.php' Directory Traversal
by Tom Adams
EIP-2026-113605 EXPLOITDB text
WordPress Plugin BP Group Documents 1.2.1 - Multiple Vulnerabilities
by Tom Adams
By Source
All 31,337 Writeup 60,146 Exploitdb 49,996 Nomisec 21,657 Metasploit 3,219 Github 2,561 Vulncheck_xdb 905 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,938 ruby 5,908 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 55 postscript 25 xml 24