Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110032 EXPLOITDB text VERIFIED
Omnistar Live - Cross-Site Scripting / SQL Injection
by sonyy
EIP-2026-106323 EXPLOITDB text VERIFIED
Cycade Gallery - SQL Injection
by -DownFall
EIP-2026-104850 EXPLOITDB text
4Images Image Gallery Management System - Cross-Site Request Forgery
by Dmar al3noOoz
CVE-2012-0943 EXPLOITDB text VERIFIED
Light Display Manager <1.0.6, <1.1.7 - Info Disclosure
debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name of a file in /tmp. NOTE: this identifier was SPLIT per ADT1/ADT2 due to different codebases and affected versions. CVE-2012-6648 has been assigned for the gdm-guest-session issue.
by Ryan Lortie
EIP-2026-116626 EXPLOITDB text VERIFIED
XnView FlashPix Image Processing - Heap Overflow
by Francis Provencher
CVE-2012-1774 EXPLOITDB text
Gretech GOM Media Player <2.1.39.5101 Open URL - Impact Unknown
Unspecified vulnerability in the Open URL feature in Gretech GOM Media Player before 2.1.39.5101 has unknown impact and attack vectors, a different vulnerability than CVE-2007-5779 and CVE-2012-1264.
by longrifle0x
CVE-2012-2099 EXPLOITDB text VERIFIED
Wikidforum 2.10 - Cross-Site Scripting via Search Field or Advanced Search Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) search field, or the (2) Author or (3) select_sort parameters in an advanced search.
by Stefan Schurtz
CVE-2012-6520 EXPLOITDB text VERIFIED
Wikidforum 2.10 - SQL Injection via Advanced Search Parameters
Multiple SQL injection vulnerabilities in the advanced search in Wikidforum 2.10 allow remote attackers to execute arbitrary SQL commands via the (1) select_sort or (2) opt_search_select parameters. NOTE: this issue could not be reproduced by third parties.
by Stefan Schurtz
CVE-2012-2099 EXPLOITDB text VERIFIED
Wikidforum 2.10 - Cross-Site Scripting via Search Field or Advanced Search Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Wikidforum 2.10 allow remote attackers to inject arbitrary web script or HTML via the (1) search field, or the (2) Author or (3) select_sort parameters in an advanced search.
by Stefan Schurtz
CVE-2012-1556 EXPLOITDB text VERIFIED
Synology Photo Station 5 for DiskStation Manager 3.2-1955 - Cross-Site Scripting via Name Parameter
Cross-site scripting (XSS) vulnerability in Synology Photo Station 5 for DiskStation Manager (DSM) 3.2-1955 allows remote attackers to inject arbitrary web script or HTML via the name parameter to photo/photo_one.php.
by Simon Ganiere
EIP-2026-111880 EXPLOITDB text VERIFIED
Saman Portal - Local File Inclusion
by TMT
EIP-2026-104902 EXPLOITDB text
Acal Calendar 2.2.6 - Cross-Site Request Forgery
by Number 7
CVE-2012-4871 EXPLOITDB text VERIFIED
LiteSpeed Web Server 4.1.11 - Cross-Site Scripting via gtitle Parameter
Cross-site scripting (XSS) vulnerability in service/graph_html.php in the administrator panel in LiteSpeed Web Server 4.1.11 allows remote attackers to inject arbitrary web script or HTML via the gtitle parameter.
by K1P0D
EIP-2026-101483 EXPLOITDB text VERIFIED
TP-Link TL-WR740N 111130 - 'ping_addr' HTML Injection
by l20ot
EIP-2026-100946 EXPLOITDB text VERIFIED
Zend Server 5.6.0 - Multiple Remote Script Insertion Vulnerabilities
by LiquidWorm
EIP-2026-112169 EXPLOITDB text VERIFIED
Singapore 0.10.1 - 'gallery' Cross-Site Scripting
by T0xic
EIP-2026-102367 EXPLOITDB text VERIFIED
EJBCA 4.0.7 - 'issuer' Cross-Site Scripting
by MustLive
CVE-2012-1912 EXPLOITDB text
PHP Address Book < 7.0 - Cross-Site Scripting via Preferences from Parameter
Cross-site scripting (XSS) vulnerability in preferences.php in PHP Address Book 7.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the from parameter. NOTE: the index.php vector is already covered by CVE-2008-2566.
by Stefan Schurtz
CVE-2012-1911 EXPLOITDB text
PHP Address Book < 6.2.11 - SQL Injection via to_group or id Parameter
Multiple SQL injection vulnerabilities in PHP Address Book 6.2.12 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) to_group parameter to group.php or (2) id parameter to vcard.php. NOTE: the edit.php vector is already covered by CVE-2008-2565.
by Stefan Schurtz
CVE-2012-2903 EXPLOITDB text
PHP Address Book < 6.1.1 - Cross-Site Scripting via PATH_INFO or Language Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PHP Address Book 7.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to group.php, or the (2) target_language or (3) target_flag parameter to translate.php.
by Stefan Schurtz
CVE-2012-1502 EXPLOITDB text
PyPam < 0.5.0 - Double Free in PyPAM_conv
Double free vulnerability in the PyPAM_conv in PAMmodule.c in PyPam 0.5.0 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a NULL byte in a password string.
by Markus Vervier
EIP-2026-112733 EXPLOITDB text VERIFIED
ToendaCMS 1.6.2 - '/setup/index.php?site' Traversal Local File Inclusion
by AkaStep
CVE-2012-1900 EXPLOITDB text
RazorCMS < 1.2.1 - Cross-Site Request Forgery via showcats Action
Cross-site request forgery (CSRF) vulnerability in admin/index.php in RazorCMS 1.2.1 and earlier allows remote attackers to hijack the authentication of administrators for requests that delete arbitrary web pages via a showcats action.
by Ivano Binetti
EIP-2026-111684 EXPLOITDB text
RazorCMS 1.2.1 STABLE - Arbitrary File Upload
by i2sec_Hyo jun Oh
EIP-2026-109093 EXPLOITDB text VERIFIED
LeKommerce - 'id' SQL Injection
by Mazt0r
By Source
All 31,386 Writeup 62,282 Exploitdb 50,076 Nomisec 22,409 Github 3,626 Metasploit 3,312 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,570 ruby 6,003 c 3,626 perl 2,849 html 2,075 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 131 go 73 postscript 25 typescript 25