Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-118017 EXPLOITDB text
TOSHIBA DVD PLAYER Navi Support Service - 'TNaviSrv' Unquoted Service Path
by SamAlucard
EIP-2026-117326 EXPLOITDB text
Intel(R) Management Engine Components 6.0.0.1189 - 'LMS' Unquoted Service Path
by SamAlucard
EIP-2026-117163 EXPLOITDB text
File Sanitizer for HP ProtectTools 5.0.1.3 - 'HPFSService' Unquoted Service Path
by SamAlucard
CVE-2022-0441 EXPLOITDB CRITICAL text
MasterStudy LMS <2.7.6 - Info Disclosure
The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin
by numan türle
CVSS 9.8
CVE-2021-43062 EXPLOITDB MEDIUM text
FortiMail 6.2.0-6.2.7, 6.4.0-6.4.5, 6.3.0-6.3.7, 7.0.0-7.0.1 - XSS via FortiGuard URI Protection
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the FortiGuard URI protection service.
by Braiant Giraldo Villa
CVSS 6.1
CVE-2022-50931 EXPLOITDB HIGH text
TeamSpeak 3.5.6 - Local Privilege Escalation
TeamSpeak 3.5.6 contains an insecure file permissions vulnerability that allows local attackers to replace executable files with malicious binaries. Attackers can replace system executables like ts3client_win32.exe with custom files to potentially gain SYSTEM or Administrator-level access.
by Aryan Chehreghani
CVSS 7.8
CVE-2022-50930 EXPLOITDB HIGH text
Emerson PAC Machine Edition 9.80 - Privilege Escalation
Emerson PAC Machine Edition 9.80 contains an unquoted service path vulnerability in the TrapiServer service that allows local users to potentially execute code with elevated privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious code that would execute with LocalSystem permissions during service startup.
by Luis Martínez
CVSS 8.4
CVE-2022-50800 EXPLOITDB HIGH text
H3C SSL VPN 1.1 - User Enumeration via Login Script Credential Verification
H3C SSL VPN contains a user enumeration vulnerability that allows attackers to identify valid usernames through the 'txtUsrName' POST parameter. Attackers can submit different usernames to the login_submit.cgi endpoint and analyze response messages to distinguish between existing and non-existing accounts.
by LiquidWorm
CVSS 7.5
CVE-2022-26633 EXPLOITDB CRITICAL text
Simple Student Quarterly Result/Grade System v1.0 - SQL Injection
Simple Student Quarterly Result/Grade System v1.0 was discovered to contain a SQL injection vulnerability via /sqgs/Actions.php.
by Saud Alenazi
CVSS 9.8
CVE-2022-26632 EXPLOITDB CRITICAL text VERIFIED
Multi-Vendor Online Groceries Management System v1.0 - SQL Injection
Multi-Vendor Online Groceries Management System v1.0 was discovered to contain a blind SQL injection vulnerability via the id parameter in /products/view_product.php.
by Saud Alenazi
CVSS 9.8
CVE-2021-24966 EXPLOITDB MEDIUM text
Error Log Viewer <1.1.1 - Privilege Escalation
The Error Log Viewer WordPress plugin through 1.1.1 does not validate the path of the log file to clear, allowing high privilege users to clear arbitrary files on the web server, including those outside of the blog folder
by Ceylan BOZOĞULLARINDAN
CVSS 4.9
EIP-2026-101895 EXPLOITDB text
Network Video Recorder NVR304-16EP - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
by Luis Martínez
CVE-2022-50932 EXPLOITDB HIGH text
Kyocera Command Center RX ECOSYS M2035dn - Path Traversal
Kyocera Command Center RX ECOSYS M2035dn contains a directory traversal vulnerability that allows unauthenticated attackers to read sensitive system files by manipulating file paths under the /js/ path. Attackers can exploit the issue by sending requests like /js/../../../../.../etc/passwd%00.jpg (null-byte appended traversal) to access critical files such as /etc/passwd and /etc/shadow.
by Luis Martínez
CVSS 7.5
EIP-2026-112467 EXPLOITDB text
Subrion CMS 4.2.1 - Cross Site Request Forgery (CSRF) (Add Amin)
by Aryan Chehreghani
EIP-2026-104904 EXPLOITDB text
Accounting Journal Management System 1.0 - 'id' SQLi (Authenticated)
by Alperen Ergel
CVE-2022-50959 EXPLOITDB MEDIUM text
WordPress Contact Form Builder 1.6.1 Cross-Site Scripting via code_generator.php
WordPress Contact Form Builder 1.6.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by exploiting the form_id parameter. Attackers can craft malicious URLs to code_generator.php with script payloads in the form_id parameter to execute arbitrary JavaScript in victim browsers.
by Milad karimi
CVSS 6.1
CVE-2022-50958 EXPLOITDB MEDIUM text
WordPress Plugin Jetpack 9.1 Cross Site Scripting via grunion-form-view.php
WordPress Plugin Jetpack 9.1 contains a reflected cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by manipulating the post_id parameter. Attackers can craft URLs to the grunion-form-view.php endpoint with script payloads in the post_id parameter to execute arbitrary JavaScript in victim browsers.
by Milad karimi
CVSS 6.1
CVE-2022-50933 EXPLOITDB HIGH text
Cain & Abel 4.9.56 - Code Injection
Cain & Abel 4.9.56 contains an unquoted service path vulnerability that allows local attackers to potentially execute arbitrary code with elevated privileges. Attackers can exploit the unquoted binary path to inject malicious executables that will be launched with LocalSystem permissions.
by Aryan Chehreghani
CVSS 7.8
CVE-2022-25096 EXPLOITDB CRITICAL text
Home Owners Collection Management System 1.0 - SQL Injection via id Parameter
Home Owners Collection Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter in /members/view_member.php.
by Saud Alenazi
CVSS 9.8
CVE-2022-25095 EXPLOITDB CRITICAL text
Home Owners Collection Management System v1.0 - Info Disclosure
Home Owners Collection Management System v1.0 allows unauthenticated attackers to compromise user accounts via a crafted POST request.
by Saud Alenazi
CVSS 9.8
CVE-2022-25094 EXPLOITDB HIGH text
Home Owners Collection Management System v1.0 - Remote Code Execution via SystemSettings.php Cover Parameter
Home Owners Collection Management System v1.0 was discovered to contain a remote code execution (RCE) vulnerability via the parameter "cover" in SystemSettings.php.
by Saud Alenazi
CVSS 8.8
CVE-2022-23366 EXPLOITDB CRITICAL text
HMS v1.0 - SQL Injection via patientlogin.php
HMS v1.0 was discovered to contain a SQL injection vulnerability via patientlogin.php.
by nu11secur1ty
CVSS 9.8
CVE-2022-40878 EXPLOITDB HIGH text
Exam Reviewer Management System 1.0 - Authenticated RCE
In Exam Reviewer Management System 1.0, an authenticated attacker can upload a web-shell php file in profile page to achieve Remote Code Execution (RCE).
by Juli Agarwal
CVSS 8.8
CVE-2022-40877 EXPLOITDB CRITICAL text
Exam Reviewer Management System 1.0 - SQL Injection
Exam Reviewer Management System 1.0 is vulnerable to SQL Injection via the ‘id’ parameter.
by Juli Agarwal
CVSS 9.8
CVE-2022-24223 EXPLOITDB CRITICAL text
AtomCMS 2.0 - SQL Injection via Admin Login Endpoint
AtomCMS v2.0 was discovered to contain a SQL injection vulnerability via /admin/login.php.
by Luca Cuzzolin
CVSS 9.8
By Source
All 31,386 Writeup 62,188 Exploitdb 50,076 Nomisec 22,383 Github 3,590 Metasploit 3,311 Vulncheck_xdb 927 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,552 ruby 6,001 c 3,625 perl 2,849 html 2,074 php 1,333 bash 462 java 370 c++ 260 javascript 229 shell 131 go 73 postscript 25 typescript 25