Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-2109 EXPLOITDB text VERIFIED
BuddyPress 1.5.x < 1.5.5 - SQL Injection via Activity Widget Filter Page Parameter
SQL injection vulnerability in wp-load.php in the BuddyPress plugin 1.5.x before 1.5.5 of WordPress allows remote attackers to execute arbitrary SQL commands via the page parameter in an activity_widget_filter action.
by Ivan Terkin
EIP-2026-113456 EXPLOITDB text VERIFIED
Woltlab Burning Board 2.2/2.3 [WN]KT KickTipp 3.1 - SQL Injection
by Easy Laster
CVE-2012-5900 EXPLOITDB text VERIFIED
SAMEDIA LandShop 0.9.2 - SQL Injection via OB_ID, AREA_ID, or start Parameter
Multiple SQL injection vulnerabilities in SAMEDIA LandShop 0.9.2 allow remote attackers to execute arbitrary SQL commands via the (1) OB_ID parameter in a single action to admin/action/objects.php, (2) AREA_ID parameter in a single action to admin/action/areas.php, or (3) start parameter in a show action to admin/action/pdf.php.
by Vulnerability-Lab
EIP-2026-102589 EXPLOITDB text VERIFIED
Flock 2.6.1 - Denial of Service
by r45c4l
CVE-2012-0407 EXPLOITDB text VERIFIED
EMC Data Protection Advisor 5.5-5.8 SP1 - Denial of Service via Integer Overflow in DPA_Utilities Library
Integer overflow in the DPA_Utilities library in EMC Data Protection Advisor (DPA) 5.5 through 5.8 SP1 allows remote attackers to cause a denial of service (infinite loop) via a negative 64-bit value in a certain size field.
by Luigi Auriemma
CVE-2012-1613 EXPLOITDB text VERIFIED
Coppermine Photo Gallery < 1.5.20 - Authenticated Cross-Site Scripting via Keywords Parameter
Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML via the keywords parameter.
by waraxe
EIP-2026-116892 EXPLOITDB text
Bitsmith PS Knowbase 3.2.3 - Local Buffer Overflow
by Vulnerability-Lab
CVE-2012-1979 EXPLOITDB text VERIFIED
SyndeoCMS < 3.0.01 - Authenticated Stored Cross-Site Scripting via Email Parameter
Cross-site scripting (XSS) vulnerability in starnet/index.php in SyndeoCMS 3.0.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the email parameter (aka Email address field) in an edit_user configuration action.
by Ivano Binetti
EIP-2026-110684 EXPLOITDB text VERIFIED
PHP Designer 2007 Personal - Multiple SQL Injections
by MR.XpR
EIP-2026-108037 EXPLOITDB text VERIFIED
JamWiki 1.1.5 - 'num' Cross-Site Scripting
by Sooraj K.S
EIP-2026-106660 EXPLOITDB text VERIFIED
e107 1.0 - 'view' SQL Injection
by Am!r
CVE-2012-5891 EXPLOITDB text VERIFIED
DAlbum < 1.44 - Cross-Site Request Forgery in User Management
Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an add action, (2) change user passwords via a change action, or (3) delete a user via a delete action.
by Ahmed Elhady Mohamed
CVE-2012-1614 EXPLOITDB text VERIFIED
Coppermine Photo Gallery < 1.5.20 - Exposure of Sensitive Information via Error Message
Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat parameter to thumbnails.php, an invalid (4) page parameter to usermgr.php, or an invalid (5) newer_than or (6) older_than parameter to search.inc.php, which reveals the installation path in an error message.
by waraxe
EIP-2026-105247 EXPLOITDB text VERIFIED
ArticleSetup - Multiple Persistence Cross-Site Scripting / SQL Injections
by SecPod Research
CVE-2012-5903 EXPLOITDB text VERIFIED
Simple Machines Forum 2.0.2 - Cross-Site Scripting via Scheduled Parameter
Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the scheduled parameter to index.php.
by Am!r
CVE-2012-1597 EXPLOITDB text VERIFIED
ezjscore < 1.4 - Cross-Site Scripting via textEncode Function
Cross-site scripting (XSS) vulnerability in the textEncode function in classes/ezjscajaxcontent.php in eZ JS Core in eZ Publish before 1.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by Yann MICHARD
EIP-2026-106730 EXPLOITDB text VERIFIED
EasyPHP - 'main.php' SQL Injection
by Skote Vahshat
CVE-2012-5897 EXPLOITDB text VERIFIED
Quest InTrust < 10.4.0.853 - Arbitrary File Write via ARDoc ActiveX SaveToFile Method
The (1) SimpleTree and (2) ReportTree classes in the ARDoc ActiveX control (ARDoc.dll) in Quest InTrust 10.4.0.853 and earlier do not properly implement the SaveToFile method, which allows remote attackers to write or overwrite arbitrary files via the bstrFileName argument.
by rgod
CVE-2012-5896 EXPLOITDB text VERIFIED
Quest InTrust < 10.4.0.853 - Remote Code Execution via Annotation Objects ActiveX Control
The Annotation Objects Extension ActiveX control in AnnotateX.dll in Quest InTrust 10.4.0.853 and earlier does not properly implement the Add method, which allows remote attackers to execute arbitrary code via a memory address in the first argument, related to an "uninitialized pointer."
by rgod
CVE-2012-5913 EXPLOITDB text VERIFIED
WordPress Integrator 1.32 - Cross-Site Scripting via redirect_to Parameter
Cross-site scripting (XSS) vulnerability in wp-integrator.php in the WordPress Integrator module 1.32 for WordPress allows remote attackers to inject arbitrary web script or HTML via the redirect_to parameter to wp-login.php.
by Stefan Schurtz
CVE-2012-5907 EXPLOITDB text VERIFIED
TomatoCart 1.2.0 Alpha 2 - Path Traversal via json.php Module Parameter
Directory traversal vulnerability in json.php in TomatoCart 1.2.0 Alpha 2 and possibly earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter in a "3" action.
by Canberk BOLAT
CVE-2012-5912 EXPLOITDB text VERIFIED
PicoPublisher 2.0 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) page.php or (2) single.php.
by ZeTH
CVE-2012-1470 EXPLOITDB text VERIFIED
ocPortal < 7.1.6 - Cross-Site Scripting via Code Editor Path or Line Parameters
Multiple cross-site scripting (XSS) vulnerabilities in code_editor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) path or (2) line parameters.
by High-Tech Bridge
EIP-2026-107920 EXPLOITDB text VERIFIED
Invision Power Board (IP.Board) 4.2.1 - 'searchText' Cross-Site Scripting
by sonyy
EIP-2026-105575 EXPLOITDB text VERIFIED
BoastMachine 3.1 - Cross-Site Request Forgery (Add Admin)
by Dr.NaNo
By Source
All 31,386 Writeup 62,260 Exploitdb 50,076 Nomisec 22,408 Github 3,623 Metasploit 3,312 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,570 ruby 6,003 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 131 go 73 postscript 25 typescript 25