Text Exploits

31,383 exploits tracked across all sources.

Sort: Activity Stars
CVE-2010-1183 EXPLOITDB text
Oracle Solaris - Arbitrary File Write via Symlink Attack on /tmp/CLEANUP
Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager.
by Larry Cashdollar
EIP-2026-111554 EXPLOITDB text VERIFIED
ProQuiz 2.0.2 - Multiple Vulnerabilities
by L0n3ly-H34rT
EIP-2026-109475 EXPLOITDB text VERIFIED
MindTouch DekiWiki - Multiple Local/Remote File Inclusions
by L0n3ly-H34rT
EIP-2026-107163 EXPLOITDB text
Flynax General Classifieds CMS 4.0 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-107092 EXPLOITDB text VERIFIED
FileContral - Local File Inclusion / Local File Disclosure
by Ashiyane Digital Security Team
CVE-2012-10044 EXPLOITDB CRITICAL text VERIFIED
MobileCartly 1.0 - Unauthenticated Arbitrary File Creation via savepage.php
MobileCartly version 1.0 contains an arbitrary file creation vulnerability in the savepage.php script. The application fails to perform authentication or authorization checks before invoking file_put_contents() on attacker-controlled input. An unauthenticated attacker can exploit this flaw by sending crafted HTTP GET requests to savepage.php, specifying both the filename and content. This allows arbitrary file creation within the pages/ directory or any writable path on the server, allowing remote code execution.
by Yakir Wizman
EIP-2026-113915 EXPLOITDB text VERIFIED
WordPress Plugin Mz-jajak 2.1 - SQL Injection
by StRoNiX
EIP-2026-109529 EXPLOITDB text VERIFIED
MobileCartly 1.0 - Arbitrary File Deletion
by GoLd_M
EIP-2026-109495 EXPLOITDB text VERIFIED
mIRC - 'projects.php' Cross-Site Scripting
by TayfunBasoglu
EIP-2026-107326 EXPLOITDB text VERIFIED
GalaxyScripts Mini File Host and DaddyScripts Daddy's File Host - Local File Inclusion
by L0n3ly-H34rT
EIP-2026-108347 EXPLOITDB text
Joomla! Component com_fireboard - SQL Injection
by Vulnerability-Lab
EIP-2026-107647 EXPLOITDB text VERIFIED
Hotel Booking Portal 0.1 - Multiple SQL Injections / Cross-Site Scripting
by Yakir Wizman
CVE-2012-3952 EXPLOITDB text VERIFIED
phplist < 2.10.19 - Cross-Site Scripting via Unconfirmed Parameter
Cross-site scripting (XSS) vulnerability in admin/index.php in phpList before 2.10.19 allows remote attackers to inject arbitrary web script or HTML via the unconfirmed parameter to the user page.
by High-Tech Bridge SA
CVE-2012-3953 EXPLOITDB text VERIFIED
phplist < 2.10.19 - Authenticated SQL Injection via Edit Attributes Delete Parameter
SQL injection vulnerability in admin/index.php in phpList before 2.10.19 allows remote administrators to execute arbitrary SQL commands via the delete parameter to the editattributes page.
by High-Tech Bridge SA
CVE-2012-4035 EXPLOITDB text VERIFIED
PBBoard 2.1.4 - Unauthenticated Arbitrary Password Change via member_id and new_password Parameters
The new_password page in PBBoard 2.1.4 allows remote attackers to change the password of arbitrary user accounts via the member_id and new_password parameters to index.php.
by High-Tech Bridge
CVE-2012-4034 EXPLOITDB text VERIFIED
PBBoard 2.1.4 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to the send page, (2) email parameter to the forget page, (3) password parameter to the forum_archive page, (4) section parameter to the management page, (5) section_id parameter to the managementreply page, (6) member_id parameter to the new_password page, or (7) subjectid parameter to the tags page to index.php.
by High-Tech Bridge
CVE-2012-4036 EXPLOITDB text VERIFIED
PBBoard 2.1.4 - Authenticated Arbitrary PHP File Upload via admin.php
Unrestricted file upload vulnerability in admin.php in PBBoard 2.1.4 allows remote administrators to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in the addons directory. NOTE: this vulnerability can be leveraged by remote attackers using CVE-2012-1216.
by High-Tech Bridge
CVE-2012-3873 EXPLOITDB text
Openconstructor - SQL Injection
Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2) data/guestbook/edit.php, (3) data/file/edit.php, (4) data/htmltext/edit.php, (5) data/publication/edit.php, or (6) data/event/edit.php.
by Lorenzo Cantoni
EIP-2026-107859 EXPLOITDB text
Inout Mobile Webmail APP - Persistent Cross-Site Scripting
by Vulnerability-Lab
EIP-2026-107704 EXPLOITDB text
iauto mobile Application 2012 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-106463 EXPLOITDB text VERIFIED
dirLIST 0.3.0 - Local File Inclusion
by L0n3ly-H34rT
EIP-2026-102364 EXPLOITDB text VERIFIED
ConcourseSuite - Multiple Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities
by Matthew Joyce
EIP-2026-119455 EXPLOITDB text
Zoho BugTracker - Multiple Persistent Cross-Site Scripting Vulnerabilities
by LiquidWorm
EIP-2026-119009 EXPLOITDB text VERIFIED
Oracle Business Transaction Management Server 12.1.0.2.7 FlashTunnelService - Remote File Deletion
by rgod
EIP-2026-119008 EXPLOITDB text VERIFIED
Oracle Business Transaction Management Server 12.1.0.2.7 - FlashTunnelService WriteToFile Message Remote Code Execution
by rgod
By Source
All 31,383 Writeup 61,635 Exploitdb 50,073 Nomisec 22,241 Github 3,373 Metasploit 3,293 Vulncheck_xdb 923 Inthewild 514 Gitlab 467 Gitee 415 Patchapalooza 312
By Language
text 31,383 python 6,440 ruby 5,983 c 3,617 perl 2,849 html 2,065 php 1,331 bash 462 java 368 c++ 255 javascript 227 shell 116 go 72 postscript 25 typescript 24