Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101802 EXPLOITDB text VERIFIED
iGuard Security Access Control Device Firmware 3.6.7427A - Cross-Site Scripting
by Usman Saeed
EIP-2026-100933 EXPLOITDB text
Websense Triton - Multiple Vulnerabilities
by Ben Williams
CVE-2012-3839 EXPLOITDB text VERIFIED
MyClientBase 0.12 - SQL Injection via Invoice Search Parameters
Multiple SQL injection vulnerabilities in application/core/MY_Model.php in MyClientBase 0.12 allow remote attackers to execute arbitrary SQL commands via the (1) invoice_number or (2) tags parameter to index.php/invoice_search.
by Vulnerability-Lab
EIP-2026-114296 EXPLOITDB text VERIFIED
WordPress Plugin Zingiri Web Shop 2.4.2 - Persistent Cross-Site Scripting
by Mehmet Ince
EIP-2026-112445 EXPLOITDB text VERIFIED
STRATO NewsLetter Manager - Directory Traversal
by Zero X
EIP-2026-110266 EXPLOITDB text VERIFIED
opencart 1.5.2.1 - Multiple Vulnerabilities
by waraxe
CVE-2012-3840 EXPLOITDB text VERIFIED
MyClientBase 0.12 - Cross-Site Scripting via First Name or Last Name Parameter
Multiple cross-site scripting (XSS) vulnerabilities in index.php/users/form/user_id in MyClientBase 0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name or (2) last_name parameters.
by Vulnerability-Lab
EIP-2026-107382 EXPLOITDB text VERIFIED
GENU CMS 2012.3 - Multiple SQL Injections
by Vulnerability-Lab
CVE-2012-6518 EXPLOITDB text VERIFIED
diy-cms 1.0 - Cross-Site Request Forgery via Poll Module
Cross-site request forgery (CSRF) vulnerability in mod.php in DiY-CMS 1.0 allows remote attackers to hijack the authentication of administrators for requests that create a poll via an add action to the poll module.
by Vulnerability-Lab
CVE-2012-6517 EXPLOITDB text VERIFIED
diy-cms 1.0 - Cross-Site Scripting via Poll Module Parameters
Multiple cross-site scripting (XSS) vulnerabilities in DiY-CMS 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) question parameter to in /modules/poll/add.php or (2) question or (3) answer parameter to modules/poll/edit.php.
by Vulnerability-Lab
CVE-2012-4598 EXPLOITDB text VERIFIED
McAfee Virtual Technician <6.4 - RCE
An unspecified ActiveX control in McAfee Virtual Technician (MVT) before 6.4, and ePO-MVT, allows remote attackers to execute arbitrary code or cause a denial of service (Internet Explorer crash) via a crafted web site.
by rgod
EIP-2026-114277 EXPLOITDB text VERIFIED
WordPress Plugin WPsc MijnPress - 'rwflush' Cross-Site Scripting
by Am!r
EIP-2026-110334 EXPLOITDB text
Opial CMS 2.0 - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2012-6519 EXPLOITDB text VERIFIED
diy-cms 1.0 - SQL Injection via Poll Module start Parameter
SQL injection vulnerability in modules/poll/index.php in DIY-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the start parameter to mod.php.
by Vulnerability-Lab
CVE-2012-6510 EXPLOITDB text
NetArt Media Car Portal 3.0 - Stored Cross-Site Scripting via Multiple Input Fields
Multiple cross-site scripting (XSS) vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) PWRS or (2) Description field when posting a new vehicle; (3) news title when creating news; (4) Name when creating a sub user; (5) group name when creating a group; or (6) dealer name, (7) first name, or (8) last name when changing a profile.
by Vulnerability-Lab
CVE-2012-4259 EXPLOITDB text
C4B XPhone Unified Communications 2011 Web 4.1.890S R1 - Cross-Site Scripting via Company Name
Cross-site scripting (XSS) vulnerability in the contacts in (1) XPhone UC Web and the (2) web frontend for XPhone Virtual Directory in C4B XPhone Unified Communications (UC) 2011 Web 4.1.890S R1 allows remote attackers to inject arbitrary web script or HTML via the company name. NOTE: some of these details are obtained from third party information.
by Vulnerability-Lab
CVE-2012-3834 EXPLOITDB text VERIFIED
AlienVault Open Source Security Information Management 3.1 - Authenticated SQL Injection via time[0][0] Parameter
SQL injection vulnerability in forensics/base_qry_main.php in AlienVault Open Source Security Information Management (OSSIM) 3.1 allows remote authenticated users to execute arbitrary SQL commands via the time[0][0] parameter.
by Stefan Schurtz
EIP-2026-112310 EXPLOITDB text VERIFIED
Soco CMS - Local File Inclusion
by BHG Security Center
CVE-2012-3835 EXPLOITDB text VERIFIED
AlienVault OSSIM 3.1 - Cross-Site Scripting via URL Parameter or Time Parameter
Multiple cross-site scripting (XSS) vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to top.php or (2) time[0][0] parameter to forensics/base_qry_main.php, which is not properly handled in an error page.
by Stefan Schurtz
EIP-2026-104627 EXPLOITDB text VERIFIED
Croogo CMS 1.3.4 - Multiple HTML Injection Vulnerabilities
by Chokri Ben Achor
EIP-2026-112016 EXPLOITDB text VERIFIED
Shawn Bradley PHP Volunteer Management 1.0.2 - 'id' SQL Injection
by eidelweiss
CVE-2012-1936 EXPLOITDB text
WordPress < 3.3.1 - Cross-Site Request Forgery via Nonce Reuse
The wp_create_nonce function in wp-includes/pluggable.php in WordPress 3.3.1 and earlier associates a nonce with a user account instead of a user session, which might make it easier for remote attackers to conduct cross-site request forgery (CSRF) attacks on specific actions and objects by sniffing the network, as demonstrated by attacks against the wp-admin/admin-ajax.php and wp-admin/user-new.php scripts. NOTE: the vendor reportedly disputes the significance of this issue because wp_create_nonce operates as intended, even if it is arguably inconsistent with certain CSRF protection details advocated by external organizations
by Ivano Binetti
CVE-2012-4055 EXPLOITDB text VERIFIED
Uiga Fan Club - SQL Injection via p Parameter
SQL injection vulnerability in index2.php in Uiga Fan Club allows remote attackers to execute arbitrary SQL commands via the p parameter.
by Farbod Mahini
EIP-2026-112206 EXPLOITDB text VERIFIED
SKYUC 3.2.1 - 'encode' Cross-Site Scripting
by farbodmahini
CVE-2012-4254 EXPLOITDB text VERIFIED
mysqldumper 1.24.4 - Exposure of Sensitive Information via Direct Request to Restore or Dump Script
MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information (Notices) via a direct request to (1) learn/cubemail/restore.php or (2) learn/cubemail/dump.php.
by AkaStep
By Source
All 31,386 Writeup 62,204 Exploitdb 50,076 Nomisec 22,391 Github 3,608 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,563 ruby 6,002 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 370 c++ 260 javascript 229 shell 131 go 73 postscript 25 typescript 25