Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-106590 EXPLOITDB text VERIFIED
Drupal Module CKEditor 3.0 < 3.6.2 - Persistent EventHandler Cross-Site Scripting
by MaXe
EIP-2026-112744 EXPLOITDB text VERIFIED
Toner Cart - 'show_series_ink.php' SQL Injection
by Lazmania61
CVE-2012-6525 EXPLOITDB text VERIFIED
phpbridges - SQL Injection via id Parameter
SQL injection vulnerability in members.php in PHPBridges allows remote attackers to execute arbitrary SQL commands via the id parameter.
by 3spi0n
CVE-2012-6524 EXPLOITDB text VERIFIED
powie pGB 2.12 - SQL Injection via kommentar.php id Parameter
SQL injection vulnerability in kommentar.php in pGB 2.12 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by 3spi0n
CVE-2012-0989 EXPLOITDB text VERIFIED
OneOrZero AIMS 2.8.0 Trial Edition build231211 - Cross-Site Scripting via PATH_INFO to index.php
Cross-site scripting (XSS) vulnerability in OneOrZero AIMS 2.8.0 Trial Edition build231211 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php.
by High-Tech Bridge SA
EIP-2026-109519 EXPLOITDB text VERIFIED
MMORPG Zone - 'view_news.php' SQL Injection
by Lazmania61
CVE-2012-6526 EXPLOITDB text VERIFIED
Vastal I-Tech Freelance Zone - SQL Injection via show_code.php code_id Parameter
SQL injection vulnerability in show_code.php in Vastal I-Tech Freelance Zone allows remote attackers to execute arbitrary SQL commands via the code_id parameter.
by Lazmania61
CVE-2012-0905 EXPLOITDB text VERIFIED
deV!L'z Clanportal Gamebase Addon - SQL Injection via gameid Parameter
SQL injection vulnerability in deV!L'z Clanportal (DZCP) Gamebase addon allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a detail action to index.php.
by Easy Laster
CVE-2012-0906 EXPLOITDB text VERIFIED
Moviebase addon <1.5.5 - SQL Injection
SQL injection vulnerability in the Moviebase addon for deV!L'z Clanportal (DZCP) 1.5.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a showkat action to index.php.
by Easy Laster
EIP-2026-108331 EXPLOITDB text VERIFIED
Joomla! Component com_discussions - SQL Injection
by Red Security TEAM
CVE-2012-0221 EXPLOITDB text VERIFIED
Rockwell Automation FactoryTalk CPR9-SR5 and RSLogix 5000 17-20 - Denial of Service via RNADiagReceiver Service
The FactoryTalk (FT) RNADiagReceiver service in Rockwell Automation Allen-Bradley FactoryTalk CPR9 through SR5 and RSLogix 5000 17 through 20 does not properly handle the return value from an unspecified function, which allows remote attackers to cause a denial of service (service outage) via a crafted packet.
by Luigi Auriemma
EIP-2026-111232 EXPLOITDB text VERIFIED
phpVideoPro 0.8.x/0.9.7 - Multiple Cross-Site Scripting Vulnerabilities
by Stefan Schurtz
EIP-2026-111036 EXPLOITDB text
PHPDomainRegister 0.4a-RC2-dev - Multiple Vulnerabilities
by Or4nG.M4N
EIP-2026-110730 EXPLOITDB text VERIFIED
PHP Membership Site Manager Script 2.1 - 'index.php' Cross-Site Scripting
by Atmon3r
EIP-2026-107417 EXPLOITDB text VERIFIED
Giveaway Manager - 'members.php' Cross-Site Scripting
by Am!r
EIP-2026-105580 EXPLOITDB text VERIFIED
BoltWire 3.4.16 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
by Stefan Schurtz
CVE-2012-0900 EXPLOITDB text VERIFIED
Beehive Forum 1.0.1 - Cross-Site Scripting via PATH_INFO to forum/register.php or forum/logon.php
Multiple cross-site scripting (XSS) vulnerabilities in Beehive Forum 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) forum/register.php or (2) forum/logon.php.
by Stefan Schurtz
CVE-2012-6528 EXPLOITDB text VERIFIED
ATutor < 2.1 - Cross-Site Scripting via PATH_INFO
Multiple cross-site scripting (XSS) vulnerabilities in ATutor before 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) themes/default/tile_search/index.tmpl.php, (2) login.php, (3) search.php, (4) password_reminder.php, (5) login.php/jscripts/infusion, (6) login.php/mods/_standard/flowplayer, (7) browse.php/jscripts/infusion/framework/fss, (8) registration.php/themes/default/ie_styles.css, (9) about.php, or (10) themes/default/social/basic_profile.tmpl.php.
by Stefan Schurtz
CVE-2012-0899 EXPLOITDB text VERIFIED
Annuaire PHP - Cross-Site Scripting via referencement/sites_inscription.php url Parameter
Cross-site scripting (XSS) vulnerability in referencement/sites_inscription.php in Annuaire PHP allows remote attackers to inject arbitrary web script or HTML via the url parameter and possibly the nom parameter.
by Atmon3r
EIP-2026-110752 EXPLOITDB text VERIFIED
PHP Ringtone Website - 'ringtones.php' Multiple Cross-Site Scripting Vulnerabilities
by Atmon3r
EIP-2026-102468 EXPLOITDB text
Cloupia End-to-end FlexPod Management - Directory Traversal
by Chris Rock
CVE-2011-4153 EXPLOITDB text
PHP 5.3.8 - Denial of Service via zend_strndup Return Value Mismanagement
PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that performs strndup operations on untrusted string data, as demonstrated by the define function in zend_builtin_functions.c, and unspecified functions in ext/soap/php_sdl.c, ext/standard/syslog.c, ext/standard/browscap.c, ext/oci8/oci8.c, ext/com_dotnet/com_typeinfo.c, and main/php_open_temporary_file.c.
by Maksymilian Arciemowicz
CVE-2012-0013 EXPLOITDB text
MS12-005 Microsoft Office ClickOnce Unsafe Object Package Handling Vulnerability
Incomplete blacklist vulnerability in the Windows Packager configuration in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 allows remote attackers to execute arbitrary code via a crafted ClickOnce application in a Microsoft Office document, related to .application files, aka "Assembly Execution Vulnerability."
by Byoungyoung Lee
CVE-2012-0781 EXPLOITDB text
PHP 5.3.8 - Denial of Service via Tidy::diagnose NULL Pointer Dereference
The tidy_diagnose function in PHP 5.3.8 might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via crafted input to an application that attempts to perform Tidy::diagnose operations on invalid objects, a different vulnerability than CVE-2011-4153.
by Maksymilian Arciemowicz
EIP-2026-112697 EXPLOITDB text
Tine 2.0 - Maischa Multiple Cross-Site Scripting Vulnerabilities
by Vulnerability-Lab
By Source
All 31,386 Writeup 62,313 Exploitdb 50,076 Nomisec 22,418 Github 3,633 Metasploit 3,314 Vulncheck_xdb 929 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,574 ruby 6,005 c 3,628 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 131 go 73 postscript 25 typescript 25