Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-105858 EXPLOITDB text VERIFIED
City Reviewer - 'search.php' Script SQL Injection
by 3spi0n
CVE-2012-5243 EXPLOITDB text VERIFIED
Banana Dance <B.2.6 - Info Disclosure
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.
by High-Tech Bridge SA
CVE-2012-5242 EXPLOITDB text VERIFIED
Banana Dance <B.2.6 - Path Traversal
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.
by High-Tech Bridge SA
EIP-2026-116276 EXPLOITDB text
Sony PC Companion 2.1 - 'Load()' Unicode Stack Buffer Overflow
by LiquidWorm
EIP-2026-116275 EXPLOITDB text
Sony PC Companion 2.1 - 'DownloadURLToFile()' Unicode Stack Buffer Overflow
by LiquidWorm
EIP-2026-116274 EXPLOITDB text
Sony PC Companion 2.1 - 'CheckCompatibility()' Unicode Stack Buffer Overflow
by LiquidWorm
EIP-2026-116273 EXPLOITDB text
Sony PC Companion 2.1 - 'Admin_RemoveDirectory()' Unicode Stack Buffer Overflow
by LiquidWorm
CVE-2012-5875 EXPLOITDB text
Firefly Media Server 1.0.0.1359 - Denial of Service via Crafted HTTP Headers
Firefly Media Server 1.0.0.1359 allows remote attackers to cause a denial of service (NULL pointer dereference) via a (1) crafted Connection HTTP header; a return carriage control character in the (2) Accept Language header, (3) User-agent header, (4) Host header, or (5) protocol version; or a (6) crafted HTTP protocol version.
by High-Tech Bridge SA
CVE-2012-5874 EXPLOITDB text VERIFIED
Elite Bulletin Board < 2.1.22 - SQL Injection via PATH_INFO
Multiple SQL injection vulnerabilities in the (1) update_whosonline_reg and (2) update_whosonline_guest functions in Elite Bulletin Board before 2.1.22 allow remote attackers to execute arbitrary SQL commands via the PATH_INFO to (a) checkuser.php, (b) groups.php, (c) index.php, (d) login.php, (e) quicklogin.php, (f) register.php, (g) Search.php, (h) viewboard.php, or (i) viewtopic.php.
by High-Tech Bridge SA
CVE-2012-5244 EXPLOITDB text VERIFIED
Banana Dance < b.2.6 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return, (2) display, (3) table, or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php, (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php.
by High-Tech Bridge SA
EIP-2026-102131 EXPLOITDB text
YeaLink IP Phone SIP-TxxP Firmware 9.70.0.100 - Multiple Vulnerabilities
by xistence
EIP-2026-100541 EXPLOITDB text VERIFIED
SelectSurvey CMS - 'ASP.NET' Arbitrary File Upload
by 040
EIP-2026-115147 EXPLOITDB text VERIFIED
DIMIN Viewer 5.4.0 - GIF Decode Crash (PoC)
by Lizhi Wang
EIP-2026-114313 EXPLOITDB text VERIFIED
WordPress Theme Clockstone (and other CMSMasters Themes) - Arbitrary File Upload
by DigiP
EIP-2026-108612 EXPLOITDB text VERIFIED
Joomla! Component com_ztautolink - 'Controller' Local File Inclusion
by Xr0b0t
EIP-2026-108282 EXPLOITDB text VERIFIED
Joomla! Component com_bit - 'Controller' Local File Inclusion
by Xr0b0t
EIP-2026-102018 EXPLOITDB text
SonicWALL SonicOS 5.8.1.8 WAF - Cross-Site Scripting
by Vulnerability-Lab
EIP-2026-101716 EXPLOITDB text
Enterpriser16 Load Balancer 7.1 - Multiple Cross-Site Scripting Vulnerabilities
by Vulnerability-Lab
EIP-2026-114863 EXPLOITDB text VERIFIED
Adobe Flash Player 11.5.502.135 - Crash (PoC)
by coolkaveh
EIP-2026-109737 EXPLOITDB text VERIFIED
MyBB Transactions Plugin - 'transaction' SQL Injection
by limb0
EIP-2026-114013 EXPLOITDB text VERIFIED
WordPress Plugin RokBox Plugin - '/wp-content/plugins/wp_rokbox/jwplayer/jwplayer.swf?abouttext' Cross-Site Scripting
by MustLive
EIP-2026-109739 EXPLOITDB text VERIFIED
MyBB User Profile Skype ID Plugin 1.0 - Persistent Cross-Site Scripting
by limb0
EIP-2026-102749 EXPLOITDB text VERIFIED
Totem Movie Player 3.4.3 (Ubuntu) - Stack Corruption
by coolkaveh
EIP-2026-112303 EXPLOITDB text VERIFIED
Social Sites MyBB Plugin 0.2.2 - Cross-Site Scripting
by s3m00t
CVE-2012-5469 EXPLOITDB text VERIFIED
Portable phpMyAdmin <1.3.1 - Auth Bypass
The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod.
by Mark Stanislav