Text Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-111448 EXPLOITDB text VERIFIED
Poweradmin - 'index.php' Cross-Site Scripting
by Siavash
EIP-2026-109313 EXPLOITDB text VERIFIED
Manhali 1.8 - Local File Inclusion
by L0n3ly-H34rT
EIP-2026-119436 EXPLOITDB text
SpiceWorks 6.0.00993 - Multiple Script Injection Vulnerabilities
by LiquidWorm
EIP-2026-119433 EXPLOITDB text
SonicWALL email security 7.3.5 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-114269 EXPLOITDB text VERIFIED
WordPress Plugin wp-topbar 4.02 - Multiple Vulnerabilities
by Blake Entrekin
EIP-2026-112752 EXPLOITDB text VERIFIED
torrenttrader 2.08 - Multiple Vulnerabilities
by waraxe
EIP-2026-101746 EXPLOITDB text
Fortigate UTM WAF Appliance - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-113504 EXPLOITDB text VERIFIED
WordPress Core 3.4.2 - Multiple Path Disclosure Vulnerabilities
by AkaStep
EIP-2026-113005 EXPLOITDB text VERIFIED
vBulletin 4.1.12 - 'blog_plugin_useradmin.php' SQL Injection
by Am!r
EIP-2026-112548 EXPLOITDB text VERIFIED
TAGWORX.CMS - 'cid' SQL Injection
by Crim3R
EIP-2026-100748 EXPLOITDB text VERIFIED
AxisInternet VoIP Manager - Multiple Cross-Site Scripting Vulnerabilities
by Benjamin Kunz Mejri
CVE-2012-10038 EXPLOITDB CRITICAL text VERIFIED
Auxilium RateMyPet - RCE
Auxilium RateMyPet contains an unauthenticated arbitrary file upload vulnerability in upload_banners.php. The banner upload feature fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files. These files are stored in a web-accessible /banners/ directory and can be executed directly, resulting in remote code execution.
by DaOne
CVE-2012-0271 EXPLOITDB text VERIFIED
Novell GroupWise <8.0.3-2012.SP1 - RCE
Integer overflow in the WebConsole component in gwia.exe in GroupWise Internet Agent (GWIA) in Novell GroupWise 8.0 before 8.0.3 HP1 and 2012 before SP1 might allow remote attackers to execute arbitrary code via a crafted request that triggers a heap-based buffer overflow, as demonstrated by a request with -1 in the Content-Length HTTP header.
by Francis Provencher
EIP-2026-113272 EXPLOITDB text
webERP 4.08.4 - 'WorkOrderEntry.php' SQL Injection
by modpr0be
CVE-2012-3859 EXPLOITDB text
Netsweeper - Unknown Vuln
Unspecified vulnerability in the WebAdmin Portal in Netsweeper has unknown impact and attack vectors, a different vulnerability than CVE-2012-2446 and CVE-2012-2447.
by Jacob Holcomb
EIP-2026-109487 EXPLOITDB text VERIFIED
minimal Gallery - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
by ayastar
EIP-2026-109225 EXPLOITDB text VERIFIED
luxcal 2.7.0 - Multiple Vulnerabilities
by L0n3ly-H34rT
CVE-2012-2994 EXPLOITDB text VERIFIED
CoSoSys Endpoint Protector 4 - Info Disclosure
The CoSoSys Endpoint Protector 4 appliance establishes an EPProot password based entirely on the appliance serial number, which makes it easier for remote attackers to obtain access via a brute-force attack.
by Christopher Campbell
EIP-2026-109857 EXPLOITDB text
NeoBill CMS 0.8 Alpha - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-105275 EXPLOITDB text
ASTPP VoIP Billing (4cf207a) - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2012-2996 EXPLOITDB text
Trend Micro InterScan Messaging Security Suite 7.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in saveAccountSubTab.imss in Trend Micro InterScan Messaging Security Suite 7.1-Build_Win32_1394 allows remote attackers to hijack the authentication of administrators for requests that create admin accounts via a saveAuth action.
by modpr0be
CVE-2012-5863 EXPLOITDB text
Sinapsitech Sinapsi Firmware < 2.0.2870 - OS Command Injection
These Sinapsi devices do not check for special elements in commands sent to the system. By accessing certain pages with administrative privileges that do not require authentication within the device, attackers can execute arbitrary, unexpected, or dangerous commands directly onto the operating system.
by Roberto Paleari
CVE-2012-5862 EXPLOITDB text
Sinapsi - Info Disclosure
These Sinapsi devices store hard-coded passwords in the PHP file of the device. By using the hard-coded passwords in the device, attackers can log into the device with administrative privileges. This could allow the attacker to have unauthorized access.
by Roberto Paleari
CVE-2012-5861 EXPLOITDB text
Sinapsitech Sinapsi Firmware < 2.0.2870 - SQL Injection
These Sinapsi devices do not check the validity of the data before executing queries. By accessing the SQL table of certain pages that do not require authentication within the device, attackers can leak information from the device. This could allow the attacker to compromise confidentiality.
by Roberto Paleari
EIP-2026-113308 EXPLOITDB text VERIFIED
Webify Photo Gallery - Arbitrary File Deletion
by JIKO
By Source
All 31,337 Writeup 60,232 Exploitdb 50,000 Nomisec 21,767 Metasploit 3,222 Github 2,593 Vulncheck_xdb 906 Inthewild 514 Gitlab 442 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,970 ruby 5,911 c 3,567 perl 2,849 html 2,053 php 1,326 bash 460 java 362 c++ 250 javascript 215 shell 91 go 55 postscript 25 xml 24