Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-111464 EXPLOITDB text
Pragyan CMS 2.6.1 - Arbitrary File Upload
by Dr.KroOoZ
EIP-2026-102365 EXPLOITDB text VERIFIED
Contus Job Portal - 'Category' SQL Injection
by Lazmania61
CVE-2012-0389 EXPLOITDB text VERIFIED
MailEnable < 4.26, 5.x < 5.53, 6.x < 6.03 - Cross-Site Scripting via ForgottenPassword.aspx Username Parameter
Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter.
by Sajjad Pourali
CVE-2012-0895 EXPLOITDB text VERIFIED
Count Per Day < 3.1.1 - Cross-Site Scripting via Map Parameter
Cross-site scripting (XSS) vulnerability in map/map.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map parameter.
by 6Scan
CVE-2012-6041 EXPLOITDB text VERIFIED
GreenBrowser < 6.0.1001 - Remote Code Execution via Crafted IFrame
Double free vulnerability in GreenBrowser before 6.0.1002, when the keyword search bar (F6) is activated, allows remote attackers to execute arbitrary code via a crafted iframe.
by NCNIPC
EIP-2026-114249 EXPLOITDB text
WordPress Plugin wp-autoyoutube - Blind SQL Injection
by longrifle0x
CVE-2012-0896 EXPLOITDB text VERIFIED
count_per_day < 3.1.1 - Unauthenticated Path Traversal via Download Parameter
Absolute path traversal vulnerability in download.php in the Count Per Day module before 3.1.1 for WordPress allows remote attackers to read arbitrary files via the f parameter.
by 6Scan
EIP-2026-108318 EXPLOITDB text VERIFIED
Joomla! Component com_contushdvideoshare 1.3 - 'id' SQL Injection
by Lazmania61
CVE-2012-6039 EXPLOITDB text VERIFIED
YABSoft Advanced Image Hosting Script - SQL Injection via view_comments.php gal Parameter
SQL injection vulnerability in view_comments.php in YABSoft Advanced Image Hosting (AIH) Script, possibly 2.3, allows remote attackers to execute arbitrary SQL commands via the gal parameter.
by Robert Cooper
CVE-2012-0389 EXPLOITDB text VERIFIED
MailEnable < 4.26, 5.x < 5.53, 6.x < 6.03 - Cross-Site Scripting via ForgottenPassword.aspx Username Parameter
Cross-site scripting (XSS) vulnerability in ForgottenPassword.aspx in MailEnable Professional, Enterprise, and Premium 4.26 and earlier, 5.x before 5.53, and 6.x before 6.03 allows remote attackers to inject arbitrary web script or HTML via the Username parameter.
by Sajjad Pourali
EIP-2026-118526 EXPLOITDB text VERIFIED
ExpressView Browser Plugin 6.5.0.3330 - Multiple Integer Overflow / Remote Code Execution Vulnerabilities
by Luigi Auriemma
CVE-2012-0988 EXPLOITDB text VERIFIED
KnowledgeTree 3.7.0.2 - Cross-Site Scripting via PATH_INFO to login.php admin.php or preferences.php
Multiple cross-site scripting (XSS) vulnerabilities in config/dmsDefaults.php in KnowledgeTree 3.7.0.2 and possibly earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) login.php, (2) admin.php, or (3) preferences.php.
by High-Tech Bridge SA
EIP-2026-108977 EXPLOITDB text VERIFIED
Kayako SupportSuite 3.x - Multiple Vulnerabilities
by Yuri Goltsev
CVE-2012-0031 EXPLOITDB text
Apache HTTP Server < 2.0.65 - Denial of Service via Scoreboard Shared Memory Segment
scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.
by halfdog
CVE-2012-6522 EXPLOITDB text
w-cms 2.01 - Path Traversal via p Parameter
Directory traversal vulnerability in the getContent function in codes/wcms.php in w-CMS 2.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter. NOTE: some of these details are obtained from third party information.
by th3.g4m3_0v3r
CVE-2012-5918 EXPLOITDB text VERIFIED
razorCMS 1.2 - Authenticated Directory Traversal via Directory Manipulation
razorCMS 1.2 allows remote authenticated users to access administrator directories and files by creating and deleting a directory.
by chap0
CVE-2012-0007 EXPLOITDB text VERIFIED
Microsoft Anti-Cross Site Scripting Library 3.x and 4.0 - Cross-Site Scripting via CSS Escaped Character Bypass
The Microsoft Anti-Cross Site Scripting (AntiXSS) Library 3.x and 4.0 does not properly evaluate characters after the detection of a Cascading Style Sheets (CSS) escaped character, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML input, aka "AntiXSS Library Bypass Vulnerability."
by Adi Cohen
CVE-2012-6499 EXPLOITDB text VERIFIED
Age Verification < 0.4 - Open Redirect via redirect_to Parameter
Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter.
by Gianluca Brindisi
CVE-2012-6499 EXPLOITDB text VERIFIED
Age Verification < 0.4 - Open Redirect via redirect_to Parameter
Open redirect vulnerability in age-verification.php in the Age Verification plugin 0.4 and earlier for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect_to parameter.
by Gianluca Brindisi
CVE-2012-6523 EXPLOITDB text
w-cms 2.01 - Cross-Site Scripting via p Parameter or COMMENT Parameter
Multiple cross-site scripting (XSS) vulnerabilities in w-CMS 2.01 allow remote attackers to inject arbitrary web script or HTML via (1) the p parameter in the getMenus function in codes/wcms.php; or the COMMENT parameter in (2) blog.php, (3) guestbook.php, or (4) forum.php in codes/. NOTE: some of these details are obtained from third party information.
by th3.g4m3_0v3r
CVE-2012-6038 EXPLOITDB text VERIFIED
razorCMS < 1.2.1 - Authenticated Path Traversal via dir Parameter
admin/core/admin_func.php in razorCMS before 1.2.1 does not properly restrict access to certain administrator directories and files, which allows remote authenticated users to read, edit, rename, move, copy and delete files via the (1) dir parameter in a fileman or (2) filemanview action. NOTE: this issue has been referred to as a "path traversal."
by chap0
CVE-2012-6500 EXPLOITDB text
Pragyan CMS < 3.0 - Path Traversal via Fileget Parameter
Directory traversal vulnerability in download.lib.php in Pragyan CMS 3.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the fileget parameter in a profile action to index.php.
by Or4nG.M4N
CVE-2012-6043 EXPLOITDB text VERIFIED
php-fusion 7.02.04 - Cross-Site Scripting via downloads.php cat_id Parameter
Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter.
by Am!r
CVE-2011-4191 EXPLOITDB text VERIFIED
Novell NetWare 6.5 SP8 - Buffer Overflow
Stack-based buffer overflow in the xdrDecodeString function in XNFS.NLM in Novell NetWare 6.5 SP8 allows remote attackers to execute arbitrary code or cause a denial of service (abend or NFS outage) via long packets.
by Francis Provencher
EIP-2026-104083 EXPLOITDB text VERIFIED
SonicWALL AntiSpam & EMail 7.3.1 - Multiple Vulnerabilities
by Benjamin Kunz Mejri
By Source
All 31,386 Writeup 62,313 Exploitdb 50,076 Nomisec 22,418 Github 3,633 Metasploit 3,314 Vulncheck_xdb 929 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,574 ruby 6,005 c 3,628 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 131 go 73 postscript 25 typescript 25