Text Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-6470 EXPLOITDB text VERIFIED
Opera Browser < 12.11 - Memory Corruption
Opera before 12.12 does not properly allocate memory for GIF images, which allows remote attackers to execute arbitrary code or cause a denial of service (memory overwrite) via a malformed image.
by coolkaveh
EIP-2026-111935 EXPLOITDB text VERIFIED
SchoolCMS - Persistent Cross-Site Scripting
by VipVince
EIP-2026-109720 EXPLOITDB text VERIFIED
MyBB KingChat Plugin - SQL Injection
by Red_Hat
CVE-2012-0308 EXPLOITDB text
Symantec Messaging Gateway <10.0 - CSRF
Cross-site request forgery (CSRF) vulnerability in Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to hijack the authentication of administrators.
by Ben Williams
EIP-2026-104250 EXPLOITDB text
FirePass SSL VPN - Local File Inclusion
by SEC Consult
CVE-2012-4347 EXPLOITDB text
Symantec Messaging Gateway - Path Traversal
Multiple directory traversal vulnerabilities in the management console in Symantec Messaging Gateway (SMG) 9.5.x allow remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) logFile parameter in a logs action to brightmail/export or (2) localBackupFileSelection parameter in an APPLIANCE restoreSource action to brightmail/admin/restore/download.do.
by Ben Williams
CVE-2012-5615 EXPLOITDB text VERIFIED
Oracle MySQL <5.5.38 & MariaDB <5.5.28a - Info Disclosure
Oracle MySQL 5.5.38 and earlier, 5.6.19 and earlier, and MariaDB 5.5.28a, 5.3.11, 5.2.13, 5.1.66, and possibly other versions, generates different error messages with different time delays depending on whether a user name exists, which allows remote attackers to enumerate valid usernames.
by kingcope
EIP-2026-118938 EXPLOITDB text VERIFIED
MySQL - 'Stuxnet Technique' Windows Remote System
by kingcope
CVE-2009-0880 EXPLOITDB text
IBM Director < 5.20.3 - Path Traversal
Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request.
by kingcope
CVE-2012-6066 EXPLOITDB text VERIFIED
Freesshd < 1.2.6 - Authentication Bypass
freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
by kingcope
CVE-2012-6066 EXPLOITDB text VERIFIED
Freesshd < 1.2.6 - Authentication Bypass
freeSSHd.exe in freeSSHd through 1.2.6 allows remote attackers to bypass authentication via a crafted session, as demonstrated by an OpenSSH client with modified versions of ssh.c and sshconnect2.c.
by kingcope
CVE-2012-5975 EXPLOITDB text VERIFIED
SSH Tectia Server - Authentication Bypass
The SSH USERAUTH CHANGE REQUEST feature in SSH Tectia Server 6.0.4 through 6.0.20, 6.1.0 through 6.1.12, 6.2.0 through 6.2.5, and 6.3.0 through 6.3.2 on UNIX and Linux, when old-style password authentication is enabled, allows remote attackers to bypass authentication via a crafted session involving entry of blank passwords, as demonstrated by a root login session from a modified OpenSSH client with an added input_userauth_passwd_changereq call in sshconnect2.c.
by kingcope
CVE-2012-5614 EXPLOITDB text
Oracle MySQL <5.1.67 & <5.5.29 - DoS
Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier, and MariaDB 5.5.28a and possibly other versions, allows remote authenticated users to cause a denial of service (mysqld crash) via a SELECT command with an UpdateXML command containing XML with a large number of unique, nested elements.
by kingcope
EIP-2026-112711 EXPLOITDB text VERIFIED
TinyMCPUK - 'test' Cross-Site Scripting
by eidelweiss
EIP-2026-101282 EXPLOITDB text VERIFIED
Fortinet FortiWeb (Multiple Appliances) - Multiple Cross-Site Scripting Vulnerabilities
by Benjamin Kunz Mejri
EIP-2026-112242 EXPLOITDB text
SmartCMS - '/index.php?menuitem' SQL Injection / Cross-Site Scripting
by Yakir Wizman
EIP-2026-112052 EXPLOITDB text VERIFIED
SilverStripe CMS 3.0.2 - (Multiple Vulnerabilities) Cross-Site Scripting / Cross-Site Request Forgery
by Sense of Security
EIP-2026-107211 EXPLOITDB text VERIFIED
Free Hosting Manager 2.0 - 'id' SQL Injection
by Yakir Wizman
EIP-2026-114356 EXPLOITDB text VERIFIED
WordPress Theme Toolbox - 'mls' SQL Injection
by Ashiyane Digital Security Team
CVE-2012-6312 EXPLOITDB text VERIFIED
Video-lead-form Uk-cookie - XSS
Cross-site scripting (XSS) vulnerability in the Video Lead Form plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the errMsg parameter in a video-lead-form action to wp-admin/admin.php.
by Aditya Balapure
EIP-2026-104379 EXPLOITDB text
Oracle OpenSSO 8.0 - Multiple Cross-Site Scripting POST Injection Vulnerabilities
by LiquidWorm
EIP-2026-100324 EXPLOITDB text
FCKEditor Core ASP 2.6.8 - Arbitrary File Upload Protection Bypass
by Soroush Dalili
EIP-2026-119374 EXPLOITDB text
gleamtech filevista/fileultimate 4.6 - Directory Traversal
by Soroush Dalili
EIP-2026-105469 EXPLOITDB text VERIFIED
BigDump 0.29b and 0.32b - Multiple Vulnerabilities
by Ur0b0r0x
EIP-2026-114316 EXPLOITDB text VERIFIED
WordPress Theme CStar Design - 'id' SQL Injection
by Amirh03in
By Source
All 31,337 Writeup 60,210 Exploitdb 50,000 Nomisec 21,750 Metasploit 3,220 Github 2,593 Vulncheck_xdb 905 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,970 ruby 5,909 c 3,567 perl 2,849 html 2,053 php 1,326 bash 460 java 362 c++ 250 javascript 215 shell 91 go 55 postscript 25 xml 24