Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars

EIP-2026-102485 EXPLOITDB text VERIFIED

Ilient SysAid 8.5.5 - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities

by Julien Ahrens

View

EIP-2026-101173 EXPLOITDB text VERIFIED

Barracuda CudaTel Communication Server 2.0.029.1 - Multiple HTML Injection Vulnerabilities

by Benjamin Kunz Mejri

View

EIP-2026-100536 EXPLOITDB text VERIFIED

SAP Business Objects InfoView System - '/webi/webi_modify.aspx?id' Cross-Site Scripting

by [email protected]

View

EIP-2026-100535 EXPLOITDB text VERIFIED

SAP Business Objects InfoView System - '/help/helpredir.aspx?guide' Cross-Site Scripting

by [email protected]

View

EIP-2026-100534 EXPLOITDB text VERIFIED

SAP Business Objects InfoVew System - 'listing.aspx?searchText' Cross-Site Scripting

by [email protected]

View

CVE-2011-4837 EXPLOITDB text VERIFIED

HomeSeer HS2 2.5.0.20 - Cross-Site Request Forgery in Web Interface

Cross-site request forgery (CSRF) vulnerability in /ctrl in the web interface in HomeSeer HS2 2.5.0.20 allows remote attackers to hijack the authentication of admins for requests that execute arbitrary programs.

by Silent_Dream

View

EIP-2026-118952 EXPLOITDB text VERIFIED

NetDecision 4.6.1 - Multiple Directory Traversal Vulnerabilities

by Luigi Auriemma

View

CVE-2006-2758 EXPLOITDB text

jetty 6.0.x beta16 - Path Traversal via Encoded URL

Directory traversal vulnerability in jetty 6.0.x (jetty6) beta16 allows remote attackers to read arbitrary files via a %2e%2e%5c (encoded ../) in the URL. NOTE: this might be the same issue as CVE-2005-3747.

by LiquidWorm

View

CVE-2012-1617 EXPLOITDB text VERIFIED

OSClass < 2.3.6 - Path Traversal and Arbitrary File Write via Combine.php Type Parameter

Directory traversal vulnerability in combine.php in OSClass before 2.3.6 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the type parameter. NOTE: this vulnerability can be leveraged to upload arbitrary files.

by Filippo Cavallarin

View

EIP-2026-106966 EXPLOITDB text VERIFIED

Exponent CMS 2.0 - 'src' SQL Injection

by Rob Miller

View

EIP-2026-100366 EXPLOITDB text

Iciniti Store - SQL Injection

by Sense of Security

View

EIP-2026-107186 EXPLOITDB text VERIFIED

Fork CMS 3.2.x - Multiple Cross-Site Scripting / HTML Injection Vulnerabilities

by Gjoko Krstic

View

EIP-2026-112521 EXPLOITDB text

Symfony2 - Local File Disclosure

by Sense of Security

View

CVE-2012-1112 EXPLOITDB text VERIFIED

Open-Realty CMS <2.5.8 - Path Traversal

Directory traversal vulnerability in Open-Realty CMS 2.5.8 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the select_users_template parameter to index.php.

by Aung Khant

View

EIP-2026-109190 EXPLOITDB text

lizard cart - 'search.php' SQL Injection

by Number 7

View

CVE-2012-1110 EXPLOITDB text VERIFIED

Etano < 1.22 - Cross-Site Scripting via Multiple Parameters

Multiple cross-site scripting (XSS) vulnerabilities in Etano 1.22 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) email, (3) email2, (4) f17_zip, or (5) agree parameter to join.php; (6) PATH_INFO, (7) st, (8) f17_city, (9) f17_country, (10) f17_state, (11) f17_zip, (12) f19, (13) wphoto, (14) search, or (15) v parameter to search.php; (16) PATH_INFO or (17) st parameter to photo_search.php; or (18) return parameter to photo_view.php.

by Aung Khant

View

CVE-2012-1110 EXPLOITDB text VERIFIED

Etano < 1.22 - Cross-Site Scripting via Multiple Parameters

by Aung Khant

View

CVE-2012-1110 EXPLOITDB text VERIFIED

Etano < 1.22 - Cross-Site Scripting via Multiple Parameters

by Aung Khant

View

EIP-2026-104809 EXPLOITDB text VERIFIED

11in1 CMS 1.2.1 - 'admin/tps?id' SQL Injection

by Chokri B.A

View

EIP-2026-104808 EXPLOITDB text VERIFIED

11in1 CMS 1.2.1 - 'admin/comments?topicID' SQL Injection

by Chokri B.A

View

EIP-2026-109070 EXPLOITDB text VERIFIED

LastGuru ASP Guestbook - 'View.asp' SQL Injection

by demonalex

View

CVE-2012-5000 EXPLOITDB text

Witze addon 0.9 - SQL Injection via id Parameter

SQL injection vulnerability in jokes/index.php in the Witze addon 0.9 for deV!L'z Clanportal allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.

by Easy Laster

View

CVE-2012-4997 EXPLOITDB text

AneCMS - Path Traversal and Arbitrary File Execution via ACP p Parameter

Directory traversal vulnerability in acp/index.php in AneCMS allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter.

by I2sec-Jong Hwan Park

View

CVE-2012-4993 EXPLOITDB text

RivetTracker <1.03 - Info Disclosure

torrent_functions.php in RivetTracker 1.03 and earlier does not properly restrict access, which allows remote attackers to have an unspecified impact.

by Ali Raheem

View

CVE-2012-4992 EXPLOITDB text

FlashFXP 4.2 - Authenticated Remote Code Execution via Long Unicode String to TListbox or TComboBox

Multiple buffer overflows in FlashFXP.exe in FlashFXP 4.2 allow remote authenticated users to execute arbitrary code via a long unicode string to (1) TListbox or (2) TComboBox.

by Vulnerability-Lab

View

By Source

All 31,386

By Language

text 31,386