Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101174 EXPLOITDB text VERIFIED
Barracuda Email Security Service - Multiple HTML Injection Vulnerabilities
by Benjamin Kunz Mejri
EIP-2026-112587 EXPLOITDB text VERIFIED
tekno.Portal 0.1b - 'link.php' SQL Injection
by Socket_0x03
EIP-2026-109311 EXPLOITDB text
ManageEngine Mobile Application Manager 10 - SQL Injection
by Vulnerability-Lab
CVE-2008-0474 EXPLOITDB text
ManageEngine Applications Manager 8.1 build 8100 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine Applications Manager 8.1 build 8100 allow remote attackers to inject arbitrary web script or HTML via the (1) showlink parameter to jsp/DiscoveryProfiles.jsp; the (2) attributeIDs, (3) attributeToSelect, (4) redirectto, and (5) resourceid parameters to (a) jsp/ThresholdActionConfiguration.jsp; the (6) page and (7) redirect parameters to (b) jsp/UpdateGlobalSettings.jsp; and the (8) haid and (9) returnpath parameters to (c) showTile.do. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Vulnerability-Lab
EIP-2026-108459 EXPLOITDB text
Joomla! Component com_niceajaxpoll 1.3.0 - SQL Injection
by Patrick de Brouwer
EIP-2026-108447 EXPLOITDB text VERIFIED
Joomla! Component com_movm - SQL Injection
by D4NB4R
EIP-2026-106473 EXPLOITDB text VERIFIED
Distimo Monitor - Multiple Cross-Site Scripting Vulnerabilities
by Benjamin Kunz Mejri
CVE-2011-2702 EXPLOITDB text VERIFIED
glibc < 2.13 and eglibc < 2.13 - Remote Code Execution via SSSE3 Optimization
Integer signedness error in Glibc before 2.13 and eglibc before 2.13, when using Supplemental Streaming SIMD Extensions 3 (SSSE3) optimization, allows context-dependent attackers to execute arbitrary code via a negative length parameter to (1) memcpy-ssse3-rep.S, (2) memcpy-ssse3.S, or (3) memset-sse2.S in sysdeps/i386/i686/multiarch/, which triggers an out-of-bounds read, as demonstrated using the memcpy function.
by c0ntex
EIP-2026-102401 EXPLOITDB text VERIFIED
ManageEngine Applications Manager - Multiple SQL Injections
by Ibrahim El-Sayed
EIP-2026-102400 EXPLOITDB text VERIFIED
ManageEngine Applications Manager - Multiple Cross-Site Scripting / SQL Injections
by Ibrahim El-Sayed
EIP-2026-119363 EXPLOITDB text
Dr. Web Control Center 6.00.3.201111300 - Cross-Site Scripting
by Oliver Karow
EIP-2026-109146 EXPLOITDB text VERIFIED
Limny - 'index.php' Multiple SQL Injections
by L0n3ly-H34rT
EIP-2026-102476 EXPLOITDB text VERIFIED
DataWatch Monarch Business Intelligence - Multiple Input Validation Vulnerabilities
by Raymond Rizk
CVE-2012-10048 EXPLOITDB HIGH text VERIFIED
Zenoss Core 3.x - Command Injection
Zenoss Core 3.x contains a command injection vulnerability in the showDaemonXMLConfig endpoint. The daemon parameter is passed directly to a Popen() call in ZenossInfo.py without proper sanitation, allowing authenticated users to execute arbitrary commands on the server as the zenoss user.
by Brendan Coles
CVE-2012-3848 EXPLOITDB text VERIFIED
Plixer Scrutinizer < 9.5.0 - Cross-Site Scripting via d4d/exporters.php Query String or HTTP Referer Header
Multiple cross-site scripting (XSS) vulnerabilities in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allow remote attackers to inject arbitrary web script or HTML via (1) the query string to d4d/exporters.php, (2) the HTTP Referer header to d4d/exporters.php, or (3) unspecified input to d4d/contextMenu.php.
by Mario Ceballos
CVE-2012-2627 EXPLOITDB text VERIFIED
Plixer Scrutinizer <9.5.0 - Code Injection
d4d/uploader.php in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 allows remote attackers to create or overwrite arbitrary files in %PROGRAMFILES%\Scrutinizer\snmp\mibs\ via a multipart/form-data POST request.
by Mario Ceballos
CVE-2012-2626 EXPLOITDB text VERIFIED
Plixer Scrutinizer < 9.5.0 - Unauthenticated Administrative Account Creation via admin.cgi userprefs Action
cgi-bin/admin.cgi in the web console in Plixer Scrutinizer (aka Dell SonicWALL Scrutinizer) before 9.5.0 does not require token authentication, which allows remote attackers to add administrative accounts via a userprefs action.
by Mario Ceballos
EIP-2026-110012 EXPLOITDB text VERIFIED
ocPortal 7.1.5 - 'redirect' Open Redirection
by Aung Khant
CVE-2012-3351 EXPLOITDB MEDIUM text VERIFIED
JW Player < 5.10.2295 - Cross-Site Scripting via Link or Logo Parameters
Multiple cross-site scripting (XSS) vulnerabilities in LongTail Video JW Player through 5.10.2295 allow remote attackers to inject arbitrary web script or HTML via the (1) link, (2) logo.link, or (3) aboutlink parameter, or a nested URI scheme name for (4) javascript, (5) asfunction, or (6) vbscript.
by MustLive
CVSS 6.1
EIP-2026-106873 EXPLOITDB text VERIFIED
eNdonesia - 'cid' SQL Injection
by Crim3R
EIP-2026-110940 EXPLOITDB text VERIFIED
phpBB - Multiple SQL Injections
by HauntIT
EIP-2026-112586 EXPLOITDB text VERIFIED
tekno.Portal 0.1b - 'anket.php' SQL Injection
by Socket_0x03
EIP-2026-108813 EXPLOITDB text VERIFIED
Joomla! Component Odudeprofile 2.8 - 'profession' SQL Injection
by Daniel Barragan
EIP-2026-113772 EXPLOITDB text VERIFIED
WordPress Plugin Front End Upload 0.5.4.4 - Arbitrary '.PHP' File Upload
by Chris Kellum
EIP-2026-111185 EXPLOITDB text VERIFIED
phpProfiles - Multiple Vulnerabilities
by L0n3ly-H34rT
By Source
All 31,386 Writeup 62,143 Exploitdb 50,076 Nomisec 22,365 Github 3,570 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 475 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,544 ruby 6,001 c 3,624 perl 2,849 html 2,073 php 1,332 bash 462 java 370 c++ 259 javascript 228 shell 131 go 72 postscript 25 typescript 25