Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-111337 EXPLOITDB text VERIFIED
Pligg CMS 2.0.0rc2 - Cross-Site Request Forgery (File Creation)
by DaOne
EIP-2026-109233 EXPLOITDB text
Mac's CMS 1.1.4 - Multiple Vulnerabilities
by Yashar shahinzadeh
CVE-2014-1222 EXPLOITDB text
vtiger CRM < 6.0.0 - Authenticated Path Traversal via KCFinder File Parameter
Directory traversal vulnerability in kcfinder/browse.php in Vtiger CRM before 6.0.0 Security patch 1 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter in a download action. NOTE: it is likely that this issue is actually in the KCFinder third-party component, and it affects additional products besides Vtiger CRM.
by DaOne
CVE-2013-5117 EXPLOITDB text VERIFIED
zldnn dnnarticle < 10.0 - SQL Injection via categoryid Parameter
SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.
by Sajjad Pourali
EIP-2026-105087 EXPLOITDB text
Alibaba Clone Tritanium Version - 'news_desc.html' SQL Injection
by IRAQ_JAGUAR
EIP-2026-104901 EXPLOITDB text VERIFIED
ACal 2.2.6 - 'view' Local File Inclusion
by ICheer_No0M
EIP-2026-105687 EXPLOITDB text VERIFIED
CakePHP 2.2.8/2.3.7 - AssetDispatcher Class Local File Inclusion
by Takeshi Terada
EIP-2026-100279 EXPLOITDB text VERIFIED
DotNetNuke 6.1.x - Cross-Site Scripting
by Sajjad Pourali
CVE-2013-5311 EXPLOITDB text VERIFIED
Vastal I-Tech phpVID <1.2.3 - SQL Injection
Multiple SQL injection vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to execute arbitrary SQL commands via the "n" parameter to (1) browse_videos.php or (2) members.php. NOTE: the cat parameter is already covered by CVE-2008-4157.
by 3spi0n
CVE-2008-4157 EXPLOITDB text VERIFIED
Vastal I-Tech phpVID 1.1 and 1.2.3 - SQL Injection via groups.php cat Parameter
SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2007-3610. NOTE: it was later reported that 1.2.3 is also affected.
by 3spi0n
CVE-2008-2335 EXPLOITDB text VERIFIED
Vastal I-Tech phpVID 1.1, 1.2, 1.2.3 - Cross-Site Scripting via Search Results Query Parameter
Cross-site scripting (XSS) vulnerability in search_results.php in Vastal I-Tech phpVID 1.1 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the query parameter. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 1.2.3 is also affected.
by 3spi0n
EIP-2026-119013 EXPLOITDB text
Oracle Java - 'storeImageArray()' Invalid Array Indexing
by Packet Storm
CVE-2013-4241 EXPLOITDB MEDIUM text VERIFIED
HMS Testimonials < 2.0.11 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) image, (3) url, or (4) testimonial parameter to the Testimonial form (hms-testimonials-addnew page); (5) date_format parameter to the Settings - Default form (hms-testimonials-settings page); (6) name parameter in a Save action to the Settings - Custom Fields form (hms-testimonials-settings-fields page); or (7) name parameter in a Save action to the Settings - Template form (hms-testimonials-templates-new page).
by RogueCoder
CVSS 6.1
EIP-2026-112793 EXPLOITDB text
Tribq CMS 5.2.7 - Cross-Site Request Forgery (Adding/Editing New Administrator Account)
by Yashar shahinzadeh
CVE-2013-5312 EXPLOITDB text VERIFIED
Vastal phpVID 1.2.3 - Cross-Site Scripting via Browse Videos or Groups Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to browse_videos.php or the (2) cat parameter to groups.php.
by 3spi0n
EIP-2026-110231 EXPLOITDB text
Open Real Estate CMS 1.5.1 - Multiple Vulnerabilities
by Yashar shahinzadeh
EIP-2026-109515 EXPLOITDB text VERIFIED
MLMAuction Script - 'gallery.php?id' SQL Injection
by 3spi0n
CVE-2010-2694 EXPLOITDB text
Joomla! com_redshop 1.0 - SQL Injection
SQL injection vulnerability in the redSHOP Component (com_redshop) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the pid parameter to index.php.
by Matias Fontanini
EIP-2026-107876 EXPLOITDB text VERIFIED
Integrated CMS 1.0 - SQL Injection
by DSST
CVE-2013-7368 EXPLOITDB text
Gnew 2013.1 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 allow remote attackers to inject arbitrary web script or HTML via the gnew_template parameter to (1) users/profile.php, (2) articles/index.php, or (3) admin/polls.php; (4) category_id parameter to news/submit.php; news_id parameter to (5) news/send.php or (6) comments/add.php; or (7) post_subject or (8) thread_id parameter to posts/edit.php.
by LiquidWorm
EIP-2026-105056 EXPLOITDB text
Ajax PHP Penny Auction 1.x 2.x - Multiple Vulnerabilities
by Taha Hunter
EIP-2026-118649 EXPLOITDB text VERIFIED
HTC Sync Manager - Multiple DLL Loading Arbitrary Code Execution Vulnerabilities
by Iranian_Dark_Coders_Team
CVE-2013-5120 EXPLOITDB text
PHPFox - SQL Injection via search[gender] Parameter
SQL injection vulnerability in PHPFox before 3.6.0 (build4) allows remote attackers to execute arbitrary SQL commands via the search[gender] parameter to user/browse/view_/.
by Matias Fontanini
CVE-2013-5121 EXPLOITDB text
PHPFox - SQL Injection via search[sort_by] Parameter
SQL injection vulnerability in PHPFox before 3.6.0 (build6) allows remote attackers to execute arbitrary SQL commands via the search[sort_by] parameter to user/browse/view_/.
by Matias Fontanini
CVE-2013-4880 EXPLOITDB text VERIFIED
BigTree CMS < 4.0 - Cross-Site Scripting via Module Parameter
Cross-site scripting (XSS) vulnerability in core/admin/modules/developer/modules/views/add.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via the module parameter.
by High-Tech Bridge SA