Text Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109713 EXPLOITDB text VERIFIED
MyBB Extended Useradmininfo Plugin 1.2.1 - Cross-Site Scripting
by Fikri Fadzil
EIP-2026-111861 EXPLOITDB text VERIFIED
S9Y Serendipity 1.7.5 - 'Backend' Multiple Vulnerabilities
by Stefan Schurtz
CVE-2014-10033 EXPLOITDB text VERIFIED
Oscommerce Online Merchant < 2.3.3.4 - SQL Injection
SQL injection vulnerability in the update_zone function in catalog/admin/geo_zones.php in osCommerce Online Merchant 2.3.3.4 and earlier allows remote administrators to execute arbitrary SQL commands via the zID parameter in a list action.
by Ahmed Aboul-Ela
CVE-2014-1459 EXPLOITDB text
Doorgets Cms < 5.2 - SQL Injection
SQL injection vulnerability in dg-admin/index.php in doorGets CMS 5.2 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the _position_down_id parameter. NOTE: this can be leveraged using CSRF to allow remote attackers to execute arbitrary SQL commands.
by High-Tech Bridge SA
CVE-2013-2639 EXPLOITDB text
CTERA Cloud Storage OS <3.2.29.0-3.2.42.0 - XSS
Cross-site scripting (XSS) vulnerability in CTERA Cloud Storage OS before 3.2.29.0, 3.2.42.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the description in a project folder.
by Luigi Vezzoso
CVE-2014-1401 EXPLOITDB text
Auracms < 2.3 - SQL Injection
Multiple SQL injection vulnerabilities in AuraCMS 2.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search parameter to mod/content/content.php or (2) CLIENT_IP, (3) X_FORWARDED_FOR, (4) X_FORWARDED, (5) FORWARDED_FOR, or (6) FORWARDED HTTP header to index.php.
by High-Tech Bridge SA
EIP-2026-116817 EXPLOITDB text
Asseco SEE iBank FX Client 2.0.9.3 - Local Privilege Escalation
by LiquidWorm
CVE-2014-0980 EXPLOITDB text VERIFIED
Publish-It PUI Buffer Overflow (SEH)
Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file.
by Core Security
EIP-2026-110789 EXPLOITDB text VERIFIED
PHP Webcam Video Conference - Multiple Vulnerabilities
by vinicius777
EIP-2026-108182 EXPLOITDB text VERIFIED
Joomla! 3.2.1 - SQL Injection
by killall-9
CVE-2013-7051 EXPLOITDB HIGH text
Dlink Dir-100 Firmware - Authentication Bypass
D-Link DIR-100 4.03B07: cli.cgi security bypass due to failure to check authentication parameters
by Felix Richter
CVSS 8.8
EIP-2026-119380 EXPLOITDB text
IBM Business Process Manager - User Account Reconfiguration
by 0in
EIP-2026-114320 EXPLOITDB text
WordPress Theme Dandelion - Arbitrary File Upload
by TheBlackMonster
CVE-2014-10023 EXPLOITDB text
Topicsviewer - SQL Injection
Multiple SQL injection vulnerabilities in TopicsViewer 3.0 Beta 1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) edit_block.php, (2) edit_cat.php, (3) edit_note.php, or (4) rmv_topic.php in admincp/.
by AtT4CKxT3rR0r1ST
EIP-2026-112170 EXPLOITDB text VERIFIED
Singapore 0.9.9b Beta - Image Gallery Remote File Inclusion / Cross-Site Scripting
by TUNISIAN CYBER
EIP-2026-111347 EXPLOITDB text
Plogger 1.0 (RC1) - Multiple Vulnerabilities
by killall-9
EIP-2026-110458 EXPLOITDB text
Pandora Fms 5.0RC1 - Remote Command Injection
by xistence
CVE-2014-1665 EXPLOITDB MEDIUM text
ownCloud <6.0.1 - XSS
Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.
by absane
CVSS 5.4
EIP-2026-108104 EXPLOITDB text VERIFIED
Job Site 1.0 - Multiple Vulnerabilities
by AtT4CKxT3rR0r1ST
CVE-2014-1836 EXPLOITDB text VERIFIED
ImpressCMS <1.3.6 - Path Traversal
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.
by Pedro Ribeiro
EIP-2026-106940 EXPLOITDB text
Eventy Online Scheduler 1.8 - Multiple Vulnerabilities
by AtT4CKxT3rR0r1ST
EIP-2026-105588 EXPLOITDB text
Booking Calendar - Multiple Vulnerabilities
by AtT4CKxT3rR0r1ST
EIP-2026-101811 EXPLOITDB text
Inteno DG301 - Command Injection
by Juan J. Guelfo
CVE-2013-7055 EXPLOITDB CRITICAL text
Dlink Dir-100 Firmware - Insufficiently Protected Credentials
D-Link DIR-100 4.03B07 has PPTP and poe information disclosure
by Felix Richter
CVSS 9.8
EIP-2026-101373 EXPLOITDB text VERIFIED
Netgear D6300B - '/diag.cgi?IPAddr4' Remote Command Execution
by Marcel Mangold
By Source
All 31,337 Writeup 60,146 Exploitdb 49,996 Nomisec 21,657 Metasploit 3,219 Github 2,561 Vulncheck_xdb 905 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,938 ruby 5,908 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 55 postscript 25 xml 24