Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-111097 EXPLOITDB text
PHPJabbers Vacation Rental Script 3.0 - Multiple Vulnerabilities
by HackXBack
EIP-2026-111096 EXPLOITDB text
PHPJabbers Vacation Packages Listing 2.0 - Multiple Vulnerabilities
by HackXBack
EIP-2026-111088 EXPLOITDB text
PHPJabbers Hotel Booking System 3.0 - Multiple Vulnerabilities
by HackXBack
CVE-2013-6872 EXPLOITDB text
Collabtive < 1.2 - Authenticated SQL Injection via managetimetracker.php id Parameter
SQL injection vulnerability in managetimetracker.php in Collabtive before 1.2 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a projectpdf action.
by Yogesh Phadtare
CVE-2014-10001 EXPLOITDB text
PHPJabbers Appointment Scheduler 2.0 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) conduct cross-site scripting (XSS) attacks via the i18n[1][name] parameter in a pjActionCreate action to the pjAdminServices controller or (2) add an administrator via a pjActionCreate action to the pjAdminUsers controller.
by HackXBack
CVE-2014-1202 EXPLOITDB text
SoapUI < 4.6.4 - Remote Code Execution via WSDL Import
The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
by Barak Tawily
EIP-2026-111089 EXPLOITDB text
PHPJabbers Job Listing Script - Multiple Vulnerabilities
by HackXBack
CVE-2014-10015 EXPLOITDB text
PHPJabbers Event Booking Calendar 2.0 - SQL Injection via cid Parameter
SQL injection vulnerability in load-calendar.php in PHPJabbers Event Booking Calendar 2.0 allows remote attackers to execute arbitrary SQL commands via the cid parameter.
by HackXBack
EIP-2026-111087 EXPLOITDB text
PHPJabbers Car Rental Script - Multiple Vulnerabilities
by HackXBack
CVE-2014-10010 EXPLOITDB text
PHPJabbers Appointment Scheduler 2.0 - Path Traversal via Backup Controller ID Parameter
Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a pjActionDownload action to the pjBackup controller.
by HackXBack
CVE-2013-7139 EXPLOITDB text
Horizon Quick Content Management System <= 4.0 - SQL Injection via Download Category Parameter
SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter.
by High-Tech Bridge SA
CVE-2013-7137 EXPLOITDB CRITICAL text
burden < 1.8.1 - Unauthenticated Authentication Bypass via Remember Me Cookie
The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burden_user_rememberme cookie to 1.
by High-Tech Bridge SA
CVSS 9.8
CVE-2013-6017 EXPLOITDB text VERIFIED
Atmail < 7.1.6 - Stored Cross-Site Scripting via Email Body
Cross-site scripting (XSS) vulnerability in Atmail Webmail Server before 7.2 allows remote attackers to inject arbitrary web script or HTML via the body of an e-mail message, as demonstrated by the SRC attribute of an IFRAME element.
by Zhao Liang
CVE-2013-2251 EXPLOITDB CRITICAL text VERIFIED
Apache Archiva 1.3-1.3.8 - Remote Code Execution via OGNL Expression Injection
Apache Struts 2.0.0 through 2.3.15 allows remote attackers to execute arbitrary OGNL expressions via a parameter with a crafted (1) action:, (2) redirect:, or (3) redirectAction: prefix.
by Takeshi Terada
CVSS 9.8
CVE-2013-5880 EXPLOITDB text VERIFIED
Oracle Demantra Demand Management <12.2.2 - Info Disclosure
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect confidentiality via unknown vectors related to DM Others.
by Oracle
CVE-2012-4530 EXPLOITDB text
Linux kernel <3.7.2 - Info Disclosure
The load_script function in fs/binfmt_script.c in the Linux kernel before 3.7.2 does not properly handle recursion, which allows local users to obtain sensitive information from kernel stack memory via a crafted application.
by halfdog
CVE-2013-7204 EXPLOITDB text
Conceptronic CIPCAMPTIWL Camera 1.0-21.37.2.49 - CSRF
Cross-site request forgery (CSRF) vulnerability in set_users.cgi in Conceptronic CIPCAMPTIWL Camera 1.0 with firmware 21.37.2.49 allows remote attackers to hijack the authentication of administrators for requests that add arbitrary users.
by Felipe Molina
CVE-2014-10038 EXPLOITDB text VERIFIED
domphp < 0.83 - SQL Injection via agenda/indexdate.php ids Parameter
SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter.
by Houssamix
CVE-2014-1671 EXPLOITDB text VERIFIED
Dell KACE K1000 <5.4.76847 - SQL Injection
Multiple SQL injection vulnerabilities in Dell KACE K1000 5.4.76847 and possibly earlier allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the macAddress element in a (1) getUploadPath or (2) getKBot SOAP request to service/kbot_service.php; the ID parameter to (3) userui/advisory_detail.php or (4) userui/ticket.php; and the (5) ORDER[] parameter to userui/ticket_list.php.
by Rohan Stelling
CVE-2014-10037 EXPLOITDB text
domphp < 0.83 - Path Traversal via URL Parameter
Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php.
by Houssamix
EIP-2026-108199 EXPLOITDB text VERIFIED
Joomla! Component Almond Classifieds - Arbitrary File Upload
by DevilScreaM
CVE-2014-1618 EXPLOITDB text VERIFIED
UAEPD Shopping Cart Script - SQL Injection
Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) p_id parameter to products.php or id parameter to (3) page.php or (4) news.php.
by AtT4CKxT3rR0r1ST
CVE-2014-1618 EXPLOITDB text VERIFIED
UAEPD Shopping Cart Script - SQL Injection
Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) p_id parameter to products.php or id parameter to (3) page.php or (4) news.php.
by AtT4CKxT3rR0r1ST
EIP-2026-107011 EXPLOITDB text VERIFIED
EZGenerator - Local File Disclosure / Cross-Site Request Forgery
by AtT4CKxT3rR0r1ST
CVE-2025-46002 EXPLOITDB MEDIUM text VERIFIED
simogeo filemanager <= 2.5.0 - Directory Traversal via filemanager.php Endpoint
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint.
by AtT4CKxT3rR0r1ST
CVSS 6.5