Text Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-3755 EXPLOITDB text
Apple Quicktime < 7.7.2 - Memory Corruption
Buffer overflow in Apple QuickTime before 7.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Targa image.
by Senator of Pirates
EIP-2026-114339 EXPLOITDB text VERIFIED
WordPress Theme Madebymilk - 'id' SQL Injection
by Ashiyane Digital Security Team
EIP-2026-113736 EXPLOITDB text
WordPress Plugin Facebook Survey 1.0 - SQL Injection
by Vulnerability Research Laboratory
EIP-2026-110318 EXPLOITDB text VERIFIED
openSIS 5.1 - 'ajax.php' Local File Inclusion
by Julian Horoszkiewicz
EIP-2026-104445 EXPLOITDB text
SonicWALL CDP 5040 6.x - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-113299 EXPLOITDB text VERIFIED
weBid 1.0.5 - Directory Traversal
by loneferret
EIP-2026-113298 EXPLOITDB text VERIFIED
WeBid 1.0.5 - Cross-Site Scripting
by Woody Hughes
EIP-2026-110028 EXPLOITDB text VERIFIED
Omni-Secure - 'dir' Multiple File Disclosure Vulnerabilities
by HaCkeR_EgY
EIP-2026-103659 EXPLOITDB text VERIFIED
Splunk 4.3.1 - Denial of Service
by Alexander Klink
EIP-2026-114319 EXPLOITDB text VERIFIED
WordPress Theme Dailyedition-mouss - 'id' SQL Injection
by Ashiyane Digital Security Team
EIP-2026-114108 EXPLOITDB text VERIFIED
WordPress Plugin Tagged Albums - 'id' SQL Injection
by Ashiyane Digital Security Team
EIP-2026-107256 EXPLOITDB text VERIFIED
friendsinwar FAQ Manager - 'view_faq.php?question' SQL Injection
by unsuprise
EIP-2026-107255 EXPLOITDB text VERIFIED
Friends in War The FAQ Manager - 'question' SQL Injection
by unsuprise
EIP-2026-105291 EXPLOITDB text VERIFIED
ATutor 2.1 - 'tool_file' Local File Inclusion
by Julian Horoszkiewicz
EIP-2026-118972 EXPLOITDB text VERIFIED
Novell NetIQ Privileged User Manager 2.3.1 - 'ldapagnt.dll' ldapagnt_eval() Perl Code Evaluation Remote Code Execution
by rgod
CVE-2012-5931 EXPLOITDB text VERIFIED
Microfocus Privileged User Manager - Path Traversal
Directory traversal vulnerability in the set_log_config function in regclnt.dll in unifid.exe in NetIQ Privileged User Manager 2.3.x before 2.3.1 HF2 allows remote authenticated users to create or overwrite arbitrary files via directory traversal sequences in a log pathname.
by rgod
EIP-2026-111721 EXPLOITDB text VERIFIED
ReciPHP 1.1 - SQL Injection
by cr4wl3r
EIP-2026-107753 EXPLOITDB text VERIFIED
iDev Rentals 1.0 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-107250 EXPLOITDB text VERIFIED
Friends in War Make or Break 1.3 - Authentication Bypass
by d3b4g
CVE-2012-5700 EXPLOITDB text VERIFIED
Baby Gekko <1.2.2f - XSS
Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.2f allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/index.php or the (2) username or (3) password parameter in blocks/loginbox/loginbox.template.php to index.php. NOTE: some of these details are obtained from third party information.
by High-Tech Bridge SA
CVE-2012-6588 EXPLOITDB text VERIFIED
Myrephp Myre Business Directory - SQL Injection
SQL injection vulnerability in links.php in MYRE Business Directory allows remote attackers to execute arbitrary SQL commands via the cat parameter.
by d3b4g
CVE-2012-6586 EXPLOITDB text VERIFIED
Myrephp Myre Vacation Rental - SQL Injection
Multiple SQL injection vulnerabilities in MYRE Vacation Rental Software allow remote attackers to execute arbitrary SQL commands via the (1) garage1 or (2) bathrooms1 parameter to vacation/1_mobile/search.php, or (3) unspecified input to vacation/widgate/request_more_information.php.
by d3b4g
CVE-2012-6584 EXPLOITDB text VERIFIED
Myrephp Myre Realty Manager - SQL Injection
Multiple SQL injection vulnerabilities in MYRE Realty Manager allow remote attackers to execute arbitrary SQL commands via the bathrooms1 parameter to (1) demo2/search.php or (2) search.php.
by d3b4g
CVE-2012-10033 EXPLOITDB CRITICAL text VERIFIED
Narcissus - RCE
Narcissus is vulnerable to remote code execution via improper input handling in its image configuration workflow. Specifically, the backend.php script fails to sanitize the release parameter before passing it to the configure_image() function. This function invokes PHP’s passthru() with the unsanitized input, allowing attackers to inject arbitrary system commands. Exploitation occurs via a crafted POST request, resulting in command execution under the web server’s context.
by dun
EIP-2026-115963 EXPLOITDB text VERIFIED
Novell Groupwise Internet Agent - LDAP BIND Request Overflow
by Francis Provencher
By Source
All 31,337 Writeup 60,210 Exploitdb 50,000 Nomisec 21,750 Metasploit 3,220 Github 2,593 Vulncheck_xdb 905 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,970 ruby 5,909 c 3,567 perl 2,849 html 2,053 php 1,326 bash 460 java 362 c++ 250 javascript 215 shell 91 go 55 postscript 25 xml 24