Text Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-0177 EXPLOITDB text VERIFIED
Apache Ofbiz - XSS
Multiple cross-site scripting (XSS) vulnerabilities in widget/screen/ModelScreenWidget.java in Apache Open For Business Project (aka OFBiz) 10.04.x before 10.04.05, 11.04.01, and possibly 09.04.x allow remote authenticated users to inject arbitrary web script or HTML via the (1) Screenlet.title or (2) Image.alt Widget attribute, as demonstrated by the parentPortalPageId parameter to exampleext/control/ManagePortalPages.
by Juan Caillava
CVE-2012-0432 EXPLOITDB text
NetIQ eDirectory <8.8.7.2 - Buffer Overflow
Stack-based buffer overflow in the Novell NCP implementation in NetIQ eDirectory 8.8.7.x before 8.8.7.2 allows remote attackers to have an unspecified impact via unknown vectors.
by Gary Nilson
CVE-2013-2679 EXPLOITDB MEDIUM text
Cisco Linksys E4200 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the (1) log_type, (2) ping_ip, (3) ping_size, (4) submit_type, or (5) traceroute_ip parameter to apply.cgi or (6) new_workgroup or (7) submit_button parameter to storage/apply.cgi.
by m-1-k-3
CVSS 6.1
EIP-2026-107945 EXPLOITDB text VERIFIED
IP.Gallery - 'img' SQL Injection
by Ashiyane Digital Security Team
EIP-2026-107905 EXPLOITDB text VERIFIED
Invision Gallery 2.0.5 - SQL Injection
by Ashiyane Digital Security Team
EIP-2026-106324 EXPLOITDB text VERIFIED
Cydia Repo Manager - Cross-Site Request Forgery
by Ramdan Yantu
CVE-2013-0397 EXPLOITDB text VERIFIED
Oracle Applications Framework - Info Disclosure
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Diagnostics.
by Trustwave's SpiderLabs
EIP-2026-111120 EXPLOITDB text VERIFIED
phpLiteAdmin - 'table' SQL Injection
by KedAns-Dz
EIP-2026-105998 EXPLOITDB text
CMS snews - SQL Injection
by By onestree
CVE-2009-4571 EXPLOITDB text VERIFIED
PhpShop 0.8.1 - SQL Injection
Multiple SQL injection vulnerabilities in index.php in PhpShop 0.8.1 allow remote attackers to execute arbitrary SQL commands via the (1) module_id parameter in an admin/function_list action, the (2) vendor_id parameter in a vendor/vendor_form action, the (3) module_id parameter in an admin/module_form action, the (4) user_id parameter in an admin/user_form action, the (5) vendor_category_id parameter in a vendor/vendor_category_form action, the (6) user_id parameter in a store/user_form action, the (7) payment_method_id parameter in a store/payment_method_form action, the (8) tax_rate_id parameter in a tax/tax_form action, or the (9) category parameter in a shop/browse action. NOTE: the product_id vector is already covered by CVE-2008-0681.
by By onestree
EIP-2026-110586 EXPLOITDB text VERIFIED
phlyLabs phlyMail Lite 4.03.04 - Full Path Disclosure / Persistent Cross-Site Scripting
by LiquidWorm
CVE-2013-5123 EXPLOITDB MEDIUM text VERIFIED
Python Pip <1.5 - SSRF
The mirroring support (-M, --use-mirrors) in Python Pip before 1.5 uses insecure DNS querying and authenticity checks which allows attackers to perform man-in-the-middle attacks.
by LiquidWorm
CVSS 5.9
EIP-2026-118853 EXPLOITDB text VERIFIED
Microsoft Lync 2010 4.0.7577.0 - User-Agent Header Handling Arbitrary Command Execution
by Christopher Emerson
EIP-2026-111121 EXPLOITDB text VERIFIED
PHPLiteAdmin 1.9.3 - Remote PHP Code Injection
by L@usch
CVE-2012-5876 EXPLOITDB text
Nero Mediahome < 4.5.8.0 - Numeric Error
Multiple off-by-one errors in NMMediaServerService.dll in Nero MediaHome 4.5.8.0 and earlier allow remote attackers to cause a denial of service (crash) via a long string in the (1) request line or (2) HTTP Referer header to TCP port 54444, which triggers a heap-based buffer overflow.
by High-Tech Bridge SA
CVE-2012-5877 EXPLOITDB text
Nero Mediahome < 4.5.8.0 - Denial of Service
Nero MediaHome 4.5.8.0 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an HTTP header without a name.
by High-Tech Bridge SA
EIP-2026-113778 EXPLOITDB text VERIFIED
WordPress Plugin Gallery - 'filename_1' Arbitrary File Access
by Beni_Vanda
EIP-2026-113356 EXPLOITDB text VERIFIED
WebsiteBaker Addon Concert Calendar 2.1.4 - Multiple Vulnerabilities
by Stefan Schurtz
EIP-2026-113301 EXPLOITDB text
WeBid 1.0.6 - SQL Injection
by Life Wasted
EIP-2026-112705 EXPLOITDB text VERIFIED
tinybrowser - 'type' Cross-Site Scripting
by MustLive
EIP-2026-112704 EXPLOITDB text VERIFIED
TinyBrowser - 'tinybrowser.php' Directory Listing
by MustLive
EIP-2026-112703 EXPLOITDB text VERIFIED
TinyBrowser - 'edit.php' Directory Listing
by MustLive
CVE-2012-6430 EXPLOITDB text VERIFIED
Opensolution Quick Cart - XSS
Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin.php. NOTE: this might be a duplicate of CVE-2008-4140.
by High-Tech Bridge
CVE-2012-5190 EXPLOITDB CRITICAL text VERIFIED
Prizm Content Connect 5.1 - Code Injection
Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability
by Include Security Research
CVSS 9.8
EIP-2026-107209 EXPLOITDB text VERIFIED
Free Blog 1.0 - Multiple Vulnerabilities
by cr4wl3r
By Source
All 31,337 Writeup 60,208 Exploitdb 50,000 Nomisec 21,744 Metasploit 3,219 Github 2,593 Vulncheck_xdb 905 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,970 ruby 5,908 c 3,567 perl 2,849 html 2,053 php 1,326 bash 460 java 362 c++ 250 javascript 215 shell 91 go 55 postscript 25 xml 24