Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-5252 EXPLOITDB text VERIFIED
Orchard 1.0.x-1.0.20, 1.1.x-1.1.30, 1.2.x-1.2.41, 1.3.x-1.3.9 - Open Redirect via ReturnUrl Parameter
Open redirect vulnerability in Users/Account/LogOff in Orchard 1.0.x before 1.0.21, 1.1.x before 1.1.31, 1.2.x before 1.2.42, and 1.3.x before 1.3.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the ReturnUrl parameter.
by Mesut Timur
CVE-2012-5343 EXPLOITDB text VERIFIED
Limny 3.0.1 - Cross-Site Scripting via PATH_INFO in admin/login.php
Cross-site scripting (XSS) vulnerability in admin/login.php in Limny 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO, related to the "PHP_SELF" variable.
by Gjoko Krstic
CVE-2011-5209 EXPLOITDB text VERIFIED
GraphicsClone Script - Cross-Site Scripting via Search Term Parameter
Cross-site scripting (XSS) vulnerability in search/ in GraphicsClone Script, possibly 1.11, allows remote attackers to inject arbitrary web script or HTML via the term parameter.
by Mr.PaPaRoSSe
CVE-2011-5193 EXPLOITDB text VERIFIED
phpace samswhois < 1.4.2.3 - Cross-Site Scripting via Domain Parameter
Cross-site scripting (XSS) vulnerability in vendors/samswhois/samswhois.inc.php in the Whois Search plugin 1.4.2.3 for WordPress, when the WHOIS widget is enabled, allows remote attackers to inject arbitrary web script or HTML via the domain parameter to index.php, a different vulnerability than CVE-2011-5194.
by Atmon3r
EIP-2026-113637 EXPLOITDB text VERIFIED
WordPress Plugin Comment Rating 2.9.20 - 'path' Cross-Site Scripting
by The Evil Thinker
CVE-2012-5294 EXPLOITDB text VERIFIED
MyStore Xpress Tienda Virtual - SQL Injection
SQL injection vulnerability in art_detalle.php in MyStore Xpress Tienda Virtual allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Arturo Zamora
CVE-2012-2316 EXPLOITDB text VERIFIED
OpenKM < 5.1.8-2 - Cross-Site Request Forgery via Admin Scripting Endpoint
Cross-site request forgery (CSRF) vulnerability in servlet/admin/AuthServlet.java in OpenKM 5.1.7 and other versions before 5.1.8-2 allows remote attackers to hijack the authentication of administrators for requests that execute arbitrary code via the script parameter to admin/scripting.jsp.
by Cyrill Brunschwiler
EIP-2026-114392 EXPLOITDB text VERIFIED
WSN Links Script 2.3.4 - SQL Injection
by H4ckCity Security Team
CVE-2012-5098 EXPLOITDB text VERIFIED
Php-X-Links - SQL Injection via id, cid, or t Parameter
Multiple SQL injection vulnerabilities in Php-X-Links, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to rate.php, (2) cid parameter to view.php, or (3) t parameter to pop.php.
by H4ckCity Security Team
CVE-2009-2436 EXPLOITDB text VERIFIED
MyPHPDating 1.0 - SQL Injection via Page ID Parameter
SQL injection vulnerability in page.php in Online Dating Software MyPHPDating 1.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
by ITTIHACK
CVE-2012-5295 EXPLOITDB text VERIFIED
FuseTalk Forums < 3.2 - Cross-Site Scripting via login.cfm windowed Parameter
Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the windowed parameter.
by sonyy
CVE-2012-5346 EXPLOITDB text VERIFIED
WordPress WP Live.php <1.2.1 - XSS
Cross-site scripting (XSS) vulnerability in wp-live.php in the WP Live.php module 1.2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parameter. NOTE: some of these details are obtained from third party information.
by H4ckCity Security Team
EIP-2026-112040 EXPLOITDB text VERIFIED
Siena CMS 1.242 - 'err' Cross-Site Scripting
by Net.Edit0r
CVE-2011-4885 EXPLOITDB text
PHP < 5.3.9 - Denial of Service via Hash Collision in Form Parameter Handling
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.
by infodox
CVE-2011-5207 EXPLOITDB text VERIFIED
TheCartPress < 1.1.6 - Cross-Site Scripting via tcp_name_post_XXXXX Parameter
Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter.
by 6Scan
EIP-2026-114111 EXPLOITDB text VERIFIED
WordPress Plugin The Welcomizer 1.3.9.4 - 'twiz-index.php' Cross-Site Scripting
by Am!r
CVE-2011-4362 EXPLOITDB text VERIFIED
lighttpd 1.4-1.4.29 - Denial of Service via Base64 Decode Integer Signedness Error
Integer signedness error in the base64_decode function in the HTTP authentication functionality (http_auth.c) in lighttpd 1.4 before 1.4.30 and 1.5 before SVN revision 2806 allows remote attackers to cause a denial of service (segmentation fault) via crafted base64 input that triggers an out-of-bounds read with a negative index.
by pi3
CVE-2011-5203 EXPLOITDB text VERIFIED
Akiva WebBoard < 8.0 - SQL Injection via WB/Default.asp Name Parameter
SQL injection vulnerability in WB/Default.asp in Akiva WebBoard before 8 SR 1 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party information.
by Alexander Fuchs
EIP-2026-109893 EXPLOITDB text VERIFIED
Neturf eCommerce Shopping Cart - 'searchFor' Cross-Site Scripting
by farbodmahini
CVE-2011-5200 EXPLOITDB text VERIFIED
DeDeCMS - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) list.php, (2) members.php, or (3) book.php.
by CWH & Nafsh
CVE-2011-5204 EXPLOITDB text VERIFIED
Akiva WebBoard 8.x - Plaintext Password Storage
Akiva WebBoard 8.x stores passwords in plaintext, which allows local users to obtain sensitive information by reading from the database.
by Alexander Fuchs
CVE-2011-5053 EXPLOITDB text
Wi-Fi Protected Setup Protocol - Improper Authentication via EAP-NACK Message Handling
The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages.
by cheffner
CVE-2011-5026 EXPLOITDB text VERIFIED
Winn GuestBook < 2.4.8d - Cross-Site Scripting via Name Parameter
Cross-site scripting (XSS) vulnerability in the addPost function in data/functions.php in Winn GuestBook before 2.4.8d allows remote attackers to inject arbitrary web script or HTML via the name parameter to index.php. NOTE: some of these details are obtained from third party information.
by G13
CVE-2011-5023 EXPLOITDB text VERIFIED
Pligg CMS 1.1.4 - Cross-Site Scripting via PATH_INFO to Search Program
Cross-site scripting (XSS) vulnerability in Pligg CMS 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the search program, a different vulnerability than CVE-2011-3986.
by SiteWatch
CVE-2011-5022 EXPLOITDB text VERIFIED
Pligg CMS 1.1.2 - SQL Injection via Status Parameter
SQL injection vulnerability in search.php in Pligg CMS 1.1.2 allows remote attackers to execute arbitrary SQL commands via the status parameter.
by SiteWatch
By Source
All 31,386 Writeup 62,320 Exploitdb 50,076 Nomisec 22,421 Github 3,644 Metasploit 3,314 Vulncheck_xdb 929 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,581 ruby 6,005 c 3,628 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 132 go 73 postscript 25 typescript 25