Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110525 EXPLOITDB text VERIFIED
pChart 2.1.3 - Multiple Vulnerabilities
by Balazs Makany
EIP-2026-109262 EXPLOITDB text VERIFIED
Maian Uploader 4.0 - Multiple Vulnerabilities
by KedAns-Dz
CVE-2014-0793 EXPLOITDB text
StackIdeas Komento < 1.7.3 - Cross-Site Scripting via Website or Latitude Parameter
Multiple cross-site scripting (XSS) vulnerabilities in the StackIdeas Komento (com_komento) component before 1.7.3 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website or (2) latitude parameter in a comment to the default URI.
by High-Tech Bridge SA
CVE-2014-0794 EXPLOITDB text
JV Comment (com_jvcomment) < 3.0.3 - Authenticated SQL Injection via id Parameter
SQL injection vulnerability in the JV Comment (com_jvcomment) component before 3.0.3 for Joomla! allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a comment.like action to index.php.
by High-Tech Bridge SA
CVE-2013-7248 EXPLOITDB text VERIFIED
Franklin Fueling Systems TS-550 evo <2.4.0 - Privilege Escalation
Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, as demonstrated using a cmdWebCheckRole action in a TSA_REQUEST.
by Trustwave's SpiderLabs
CVE-2014-10020 EXPLOITDB text
Simple e-document 1.31 - SQL Injection via Username Parameter
SQL injection vulnerability in login.php in Simple e-document 1.31 allows remote attackers to execute arbitrary SQL commands via the username parameter.
by vinicius777
EIP-2026-111310 EXPLOITDB text
PizzaInn_Project - SQL Injection
by vinicius777
EIP-2026-109786 EXPLOITDB text
mySeatXT 0.2134 - SQL Injection
by vinicius777
CVE-2014-100020 EXPLOITDB text
iTechClassifieds 3.03.057 - SQL Injection via ChangeEmail.php PreviewNum Parameter
SQL injection vulnerability in ChangeEmail.php in iTechClassifieds 3.03.057 allows remote attackers to execute arbitrary SQL commands via the PreviewNum parameter. NOTE: the CatID parameter is already covered by CVE-2008-0685.
by vinicius777
EIP-2026-107450 EXPLOITDB text
godontologico 5 - SQL Injection
by vinicius777
EIP-2026-106699 EXPLOITDB text
Easy POS System - 'login.php' SQL Injection
by vinicius777
EIP-2026-105769 EXPLOITDB text
Cells Blog 3.3 - Reflected Cross-Site Scripting / Blind SQLite Injection
by vinicius777
EIP-2026-104967 EXPLOITDB text
Adult WebMaster PHP - Password Disclosure
by vinicius777
CVE-2014-1664 EXPLOITDB text VERIFIED
Citrix GoToMeeting <5.0.799.1238 - Info Disclosure
The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file.
by Claudio J. Lacayo
EIP-2026-113227 EXPLOITDB text VERIFIED
Web Video Streamer - Multiple Vulnerabilities
by Eric Sesterhenn
EIP-2026-107796 EXPLOITDB text VERIFIED
Imageview - 'upload.php' Arbitrary File Upload
by TUNISIAN CYBER
CVE-2014-2013 EXPLOITDB text VERIFIED
MuPDF < 1.3 - Remote Code Execution via XPS ContextColor Path Attribute
Stack-based buffer overflow in the xps_parse_color function in xps/xps-common.c in MuPDF 1.3 and earlier allows remote attackers to execute arbitrary code via a large number of entries in the ContextColor value of the Fill attribute in a Path element.
by Jean-Jamil Khalife
EIP-2026-106541 EXPLOITDB text VERIFIED
Doodle4Gift - Multiple Vulnerabilities
by Dr.NaNo
CVE-2014-10018 EXPLOITDB text
Teracom T2-B-Gawv1.4U10Y-BI - Cross-Site Scripting via essid Parameter
Cross-site scripting (XSS) vulnerability in webconfig/wlan/country.html/country in the Teracom T2-B-Gawv1.4U10Y-BI modem allows remote attackers to inject arbitrary web script or HTML via the essid parameter.
by Rakesh S
EIP-2026-113791 EXPLOITDB text VERIFIED
WordPress Plugin Global Flash Gallery - 'swfupload.php' Arbitrary File Upload
by Ashiyane Digital Security Team
EIP-2026-105547 EXPLOITDB text VERIFIED
BloofoxCMS 0.5.0 - Multiple Vulnerabilities
by AtT4CKxT3rR0r1ST
EIP-2026-105546 EXPLOITDB text VERIFIED
BloofoxCMS 0.5.0 - 'fileurl' Local File Inclusion
by AtT4CKxT3rR0r1ST
EIP-2026-105541 EXPLOITDB text VERIFIED
BloofoxCMS - '/bloofox/index.php?Username' SQL Injection
by AtT4CKxT3rR0r1ST
EIP-2026-105540 EXPLOITDB text VERIFIED
BloofoxCMS - '/bloofox/admin/index.php?Username' SQL Injection
by AtT4CKxT3rR0r1ST
CVE-2013-7219 EXPLOITDB text VERIFIED
Joomla! com_sexypolling <1.0.9 - SQL Injection
SQL injection vulnerability in vote.php in the 2Glux Sexy Polling (com_sexypolling) component before 1.0.9 for Joomla! allows remote attackers to execute arbitrary SQL commands via the answer_id[] parameter.
by High-Tech Bridge