Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114253 EXPLOITDB text VERIFIED
WordPress Plugin wp-FileManager - Arbitrary File Download
by ByEge
EIP-2026-113418 EXPLOITDB text
WHMCS 4.x - 'invoicefunctions.php?id' SQL Injection
by Ahmed Aboul-Ela
CVE-2013-2754 EXPLOITDB text
umi.cms < 2.9 - Cross-Site Request Forgery via Admin User Addition
Cross-site request forgery (CSRF) vulnerability in Umisoft UMI.CMS before 2.9 build 21905 allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a request to admin/users/add/user/do/.
by High-Tech Bridge SA
EIP-2026-110230 EXPLOITDB text VERIFIED
Open Flash Chart - 'get-data' Cross-Site Scripting
by Deepankar Arora
EIP-2026-107927 EXPLOITDB text VERIFIED
Invision Power Board 1.x?/2.x/3.x - Admin Takeover
by John JEAN
EIP-2026-107337 EXPLOITDB text VERIFIED
Gallery Server Pro - Arbitrary File Upload
by Drew Calcott
EIP-2026-105093 EXPLOITDB text
Alienvault Open Source SIEM (OSSIM) 4.1.2 - Multiple SQL Injections
by RunRunLevel
CVE-2013-10032 EXPLOITDB HIGH text VERIFIED
GetSimpleCMS <3.2.1 - Authenticated RCE
An authenticated remote code execution vulnerability exists in GetSimpleCMS version 3.2.1. The application’s upload.php endpoint allows authenticated users to upload arbitrary files without proper validation of MIME types or extensions. By uploading a .pht file containing PHP code, an attacker can bypass blacklist-based restrictions and place executable code within the web root. A crafted request using a polyglot or disguised extension allows the attacker to execute the payload by accessing the file directly via the web server. This vulnerability exists due to the use of a blacklist for filtering file types instead of a whitelist.
by Ahmed Elhady Mohamed
CVSS 8.8
EIP-2026-108523 EXPLOITDB text VERIFIED
Joomla! Component com_s5clanroster - 'id' SQL Injection
by AtT4CKxT3rR0r1ST
EIP-2026-105051 EXPLOITDB text VERIFIED
Ajax Availability Calendar 3.x - Multiple Vulnerabilities
by AtT4CKxT3rR0r1ST
EIP-2026-102318 EXPLOITDB text
Wireless Photo Access 1.0.10 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-102316 EXPLOITDB text
Wireless Disk PRO 2.3 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-102309 EXPLOITDB text
Wifi Album 1.47 iOS - Command Injection
by Vulnerability-Lab
EIP-2026-102231 EXPLOITDB text
File Lite 3.3/3.5 PRO iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-102117 EXPLOITDB text
Wifi Photo Transfer 2.1/1.1 PRO - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-102001 EXPLOITDB text
SimpleTransfer 2.2.1 - Command Injection
by Vulnerability-Lab
EIP-2026-114026 EXPLOITDB text VERIFIED
WordPress Plugin Securimage-WP - 'siwp_test.php' Cross-Site Scripting
by Gjoko Krstic
EIP-2026-111967 EXPLOITDB text VERIFIED
Securimage - 'example_form.php' Cross-Site Scripting
by Gjoko Krstic
CVE-2013-4630 EXPLOITDB text
Huawei AR 150, 200, 1200, 2200, and 3200 - Stack-based Buffer Overflow via SNMPv3 Requests
Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allows remote attackers to execute arbitrary code via malformed SNMPv3 requests.
by Roberto Paleari
CVE-2013-2678 EXPLOITDB HIGH text
Cisco Linksys E4200 1.0.05 - Code Injection
Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter.
by sqlhacker
CVSS 8.1
CVE-2013-3320 EXPLOITDB MEDIUM text VERIFIED
NetApp OnCommand System Manager <2.2 - XSS
Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields.
by M. Heinzl
CVSS 6.1
CVE-2013-3320 EXPLOITDB MEDIUM text VERIFIED
NetApp OnCommand System Manager <2.2 - XSS
Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields.
by M. Heinzl
CVSS 6.1
EIP-2026-109717 EXPLOITDB text VERIFIED
MyBB Game Section Plugin - 'games.php' Multiple Cross-Site Scripting Vulnerabilities
by anonymous
CVE-2013-2945 EXPLOITDB text VERIFIED
b2evolution < 4.1.7 - Authenticated SQL Injection via show_statuses[] Parameter
SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.
by High-Tech Bridge SA
EIP-2026-103098 EXPLOITDB text
Dovecot with Exim - 'sender_address' Remote Command Execution
by RedTeam Pentesting GmbH