Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2012-1029 EXPLOITDB text VERIFIED
Tube Ace 1.6 - SQL Injection via q Parameter
SQL injection vulnerability in mobile/search/index.php in Tube Ace (Adult PHP Tube Script) 1.6 allows remote attackers to execute arbitrary SQL commands via the q parameter. NOTE: some of these details are obtained from third party information.
by Daniel Godoy
CVE-2012-1294 EXPLOITDB text VERIFIED
CONTIMEX Impulsio CMS - SQL Injection via id Parameter
SQL injection vulnerability in CONTIMEX Impulsio CMS allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.
by sonyy
EIP-2026-105966 EXPLOITDB text VERIFIED
CMS Faethon 1.3.4 - 'articles.php' Multiple SQL Injections
by tempe_mendoan
EIP-2026-109095 EXPLOITDB text VERIFIED
LEPTON 1.1.3 - Cross-Site Scripting
by High-Tech Bridge SA
CVE-2012-0997 EXPLOITDB text VERIFIED
11in1 1.2.1 - Cross-Site Request Forgery in admin/index.php
Cross-site request forgery (CSRF) vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new topics via an addTopic action.
by High-Tech Bridge SA
CVE-2012-0996 EXPLOITDB text VERIFIED
11in1 1.2.1 - Path Traversal via Class Parameter
Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.
by High-Tech Bridge SA
CVE-2012-0996 EXPLOITDB text VERIFIED
11in1 1.2.1 - Path Traversal via Class Parameter
Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.
by High-Tech Bridge SA
CVE-2012-1213 EXPLOITDB text VERIFIED
Zimbra Collaboration Suite 6.x-6.0.15 7.x-7.1.3 - Cross-Site Scripting via Calendar View Parameter
Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client in Zimbra Collaboration Suite (ZCS) 6.x before 6.0.15 and 7.x before 7.1.3 allows remote attackers to inject arbitrary web script or HTML via the view parameter.
by sonyy
CVE-2012-1217 EXPLOITDB text VERIFIED
STHS v2 Web Portal 2.2 - Cross-Site Scripting via Team Parameter
Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web Portal 2.2 allow remote attackers to inject arbitrary web script or HTML via the team parameter to (1) prospects.php, (2) prospect.php, or (3) team.php.
by Liyan Oz
CVE-2012-1217 EXPLOITDB text VERIFIED
STHS v2 Web Portal 2.2 - Cross-Site Scripting via Team Parameter
Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web Portal 2.2 allow remote attackers to inject arbitrary web script or HTML via the team parameter to (1) prospects.php, (2) prospect.php, or (3) team.php.
by Liyan Oz
CVE-2012-1217 EXPLOITDB text VERIFIED
STHS v2 Web Portal 2.2 - Cross-Site Scripting via Team Parameter
Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web Portal 2.2 allow remote attackers to inject arbitrary web script or HTML via the team parameter to (1) prospects.php, (2) prospect.php, or (3) team.php.
by Liyan Oz
EIP-2026-112257 EXPLOITDB text VERIFIED
SMW+ 1.5.6 - 'target' HTML Injection
by sonyy
CVE-2012-1211 EXPLOITDB text VERIFIED
Powie pFile 1.02 - Cross-Site Scripting via filecat Parameter
Cross-site scripting (XSS) vulnerability in pfile/kommentar.php in Powie pFile 1.02 allows remote attackers to inject arbitrary web script or HTML via the filecat parameter.
by indoushka
CVE-2012-1210 EXPLOITDB text VERIFIED
Powie pFile 1.02 - SQL Injection via id Parameter
SQL injection vulnerability in pfile/file.php in Powie pFile 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by indoushka
EIP-2026-100792 EXPLOITDB text VERIFIED
EditWrxLite CMS - 'wrx.cgi' Remote Command Execution
by chippy1337
CVE-2012-1304 EXPLOITDB text
Fork CMS 3.2.4 - Local File Inclusion / Cross-Site Scripting
by Avram Marius
CVE-2012-1208 EXPLOITDB text
Fork CMS 3.2.4 - Cross-Site Scripting via Report or Error Parameter
Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (2) error parameter to users/index.
by Avram Marius
EIP-2026-106793 EXPLOITDB text VERIFIED
eFront Community++ 3.6.10 - SQL Injection / Multiple HTML Injection Vulnerabilities
by Benjamin Kunz Mejri
CVE-2012-1200 EXPLOITDB text VERIFIED
Nova CMS - Remote File Inclusion via Multiple Parameter Injection
Multiple PHP remote file inclusion vulnerabilities in Nova CMS allow remote attackers to execute arbitrary PHP code via a URL in the (1) fileType parameter to optimizer/index.php, (2) id parameter to administrator/modules/moduleslist.php, (3) filename parameter to includes/function/gets.php, or (4) conf[blockfile] parameter to includes/function/usertpl.php.
by indoushka
CVE-2012-1200 EXPLOITDB text VERIFIED
Nova CMS - Remote File Inclusion via Multiple Parameter Injection
Multiple PHP remote file inclusion vulnerabilities in Nova CMS allow remote attackers to execute arbitrary PHP code via a URL in the (1) fileType parameter to optimizer/index.php, (2) id parameter to administrator/modules/moduleslist.php, (3) filename parameter to includes/function/gets.php, or (4) conf[blockfile] parameter to includes/function/usertpl.php.
by indoushka
CVE-2012-1200 EXPLOITDB text VERIFIED
Nova CMS - Remote File Inclusion via Multiple Parameter Injection
Multiple PHP remote file inclusion vulnerabilities in Nova CMS allow remote attackers to execute arbitrary PHP code via a URL in the (1) fileType parameter to optimizer/index.php, (2) id parameter to administrator/modules/moduleslist.php, (3) filename parameter to includes/function/gets.php, or (4) conf[blockfile] parameter to includes/function/usertpl.php.
by indoushka
CVE-2012-1200 EXPLOITDB text VERIFIED
Nova CMS - Remote File Inclusion via Multiple Parameter Injection
Multiple PHP remote file inclusion vulnerabilities in Nova CMS allow remote attackers to execute arbitrary PHP code via a URL in the (1) fileType parameter to optimizer/index.php, (2) id parameter to administrator/modules/moduleslist.php, (3) filename parameter to includes/function/gets.php, or (4) conf[blockfile] parameter to includes/function/usertpl.php.
by indoushka
CVE-2012-1199 EXPLOITDB text VERIFIED
Basic Analysis and Security Engine 1.4.5 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) BASE_path parameter to base_ag_main.php, (2) base_db_setup.php, (3) base_graph_common.php, (4) base_graph_display.php, (5) base_graph_form.php, (6) base_graph_main.php, (7) base_local_rules.php, (8) base_logout.php, (9) base_main.php, (10) base_maintenance.php, (11) base_payload.php, (12) base_qry_alert.php, (13) base_qry_common.php, (14) base_qry_main.php, (15) base_stat_alerts.php, (16) base_stat_class.php, (17) base_stat_common.php, (18) base_stat_ipaddr.php, (19) base_stat_iplink.php, (20) base_stat_ports.php, (21) base_stat_sensor.php, (22) base_stat_time.php, (23) base_stat_uaddr.php, (24) base_user.php, (25) index.php, (26) admin/base_roleadmin.php, (27) admin/base_useradmin.php, (28) admin/index.php, (29) help/base_setup_help.php, (30) includes/base_action.inc.php, (31) includes/base_cache.inc.php, (32) includes/base_db.inc.php, (33) includes/base_db.inc.php, (34) includes/base_include.inc.php, (35) includes/base_output_html.inc.php, (36) includes/base_output_query.inc.php, (37) includes/base_state_criteria.inc.php, (38) includes/base_state_query.inc.php or (39) setup/base_conf_contents.php; (40) GLOBALS[user_session_path] parameter to includes/base_state_common.inc.php; (41) BASE_Language parameter to setup/base_conf_contents.php; or (42) ado_inc_php parameter to setup/setup2.php.
by indoushka
CVE-2012-1199 EXPLOITDB text VERIFIED
Basic Analysis and Security Engine 1.4.5 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) BASE_path parameter to base_ag_main.php, (2) base_db_setup.php, (3) base_graph_common.php, (4) base_graph_display.php, (5) base_graph_form.php, (6) base_graph_main.php, (7) base_local_rules.php, (8) base_logout.php, (9) base_main.php, (10) base_maintenance.php, (11) base_payload.php, (12) base_qry_alert.php, (13) base_qry_common.php, (14) base_qry_main.php, (15) base_stat_alerts.php, (16) base_stat_class.php, (17) base_stat_common.php, (18) base_stat_ipaddr.php, (19) base_stat_iplink.php, (20) base_stat_ports.php, (21) base_stat_sensor.php, (22) base_stat_time.php, (23) base_stat_uaddr.php, (24) base_user.php, (25) index.php, (26) admin/base_roleadmin.php, (27) admin/base_useradmin.php, (28) admin/index.php, (29) help/base_setup_help.php, (30) includes/base_action.inc.php, (31) includes/base_cache.inc.php, (32) includes/base_db.inc.php, (33) includes/base_db.inc.php, (34) includes/base_include.inc.php, (35) includes/base_output_html.inc.php, (36) includes/base_output_query.inc.php, (37) includes/base_state_criteria.inc.php, (38) includes/base_state_query.inc.php or (39) setup/base_conf_contents.php; (40) GLOBALS[user_session_path] parameter to includes/base_state_common.inc.php; (41) BASE_Language parameter to setup/base_conf_contents.php; or (42) ado_inc_php parameter to setup/setup2.php.
by indoushka
CVE-2012-1199 EXPLOITDB text VERIFIED
Basic Analysis and Security Engine 1.4.5 - Remote Code Execution via PHP File Inclusion
Multiple PHP remote file inclusion vulnerabilities in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) BASE_path parameter to base_ag_main.php, (2) base_db_setup.php, (3) base_graph_common.php, (4) base_graph_display.php, (5) base_graph_form.php, (6) base_graph_main.php, (7) base_local_rules.php, (8) base_logout.php, (9) base_main.php, (10) base_maintenance.php, (11) base_payload.php, (12) base_qry_alert.php, (13) base_qry_common.php, (14) base_qry_main.php, (15) base_stat_alerts.php, (16) base_stat_class.php, (17) base_stat_common.php, (18) base_stat_ipaddr.php, (19) base_stat_iplink.php, (20) base_stat_ports.php, (21) base_stat_sensor.php, (22) base_stat_time.php, (23) base_stat_uaddr.php, (24) base_user.php, (25) index.php, (26) admin/base_roleadmin.php, (27) admin/base_useradmin.php, (28) admin/index.php, (29) help/base_setup_help.php, (30) includes/base_action.inc.php, (31) includes/base_cache.inc.php, (32) includes/base_db.inc.php, (33) includes/base_db.inc.php, (34) includes/base_include.inc.php, (35) includes/base_output_html.inc.php, (36) includes/base_output_query.inc.php, (37) includes/base_state_criteria.inc.php, (38) includes/base_state_query.inc.php or (39) setup/base_conf_contents.php; (40) GLOBALS[user_session_path] parameter to includes/base_state_common.inc.php; (41) BASE_Language parameter to setup/base_conf_contents.php; or (42) ado_inc_php parameter to setup/setup2.php.
by indoushka
By Source
All 31,386 Writeup 62,302 Exploitdb 50,076 Nomisec 22,417 Github 3,632 Metasploit 3,314 Vulncheck_xdb 929 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,573 ruby 6,005 c 3,628 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 131 go 73 postscript 25 typescript 25