Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110513 EXPLOITDB text VERIFIED
PBCS Technology - 'articlenav.php' SQL Injection
by Kalashinkov3
EIP-2026-104807 EXPLOITDB text VERIFIED
11in1 CMS 1.0.1 - 'do.php' CRLF Injection
by LiquidWorm
EIP-2026-119304 EXPLOITDB text VERIFIED
XAMPP 1.7.7 - 'PHP_SELF' Multiple Cross-Site Scripting Vulnerabilities
by Gjoko Krstic
CVE-2007-4517 EXPLOITDB text
Oracle Database Server - Authenticated Buffer Overflow in XDB_PITRIG_PKG.PITRIG_DROPMETADATA Procedure
Buffer overflow in the XDB.XDB_PITRIG_PKG.PITRIG_DROPMETADATA procedure in Oracle 10g R2 allows remote authenticated users to execute arbitrary code via a long (1) OWNER or (2) NAME argument.
by David Maman
CVE-2011-4810 EXPLOITDB text VERIFIED
WHMCompleteSolution 3.x-4.x - Unauthenticated Path Traversal via Template File Parameter
Multiple directory traversal vulnerabilities in WHMCompleteSolution (WHMCS) 3.x and 4.x allow remote attackers to read arbitrary files via the templatefile parameter to (1) submitticket.php and (2) downloads.php, and (3) the report parameter to admin/reports.php.
by ZxH-Labs
EIP-2026-112245 EXPLOITDB text VERIFIED
SmartJobBoard - 'keywords' Cross-Site Scripting
by Mr.PaPaRoSSe
CVE-2011-5183 EXPLOITDB text VERIFIED
OrderSys <= 1.6.4 - SQL Injection via where_clause Parameter
Multiple SQL injection vulnerabilities in OrderSys 1.6.4 and earlier allow remote attackers to execute arbitrary SQL commands via the where_clause parameter to (1) index.php, (2) index_long.php, or (3) index_short.php in ordering/interface_creator/.
by muuratsalo
EIP-2026-109059 EXPLOITDB text VERIFIED
LabStoRe 1.5.4 - SQL Injection
by muuratsalo
EIP-2026-104958 EXPLOITDB text VERIFIED
Admin Bot - 'news.php' SQL Injection
by baltazar
EIP-2026-102415 EXPLOITDB text
Oracle NoSQL 11g 1.1.100 R2 - 'log' Directory Traversal
by Buherátor
EIP-2026-119377 EXPLOITDB text VERIFIED
HP Data Protector Media Operations 6.20 - Directory Traversal
by Luigi Auriemma
EIP-2026-115652 EXPLOITDB text VERIFIED
Microsoft Excel 2003 11.8335.8333 - Use-After-Free
by Luigi Auriemma
EIP-2026-114310 EXPLOITDB text VERIFIED
WordPress Theme Bonus 1.0 - 's' Cross-Site Scripting
by 3spi0n
CVE-2011-4813 EXPLOITDB text
WHMCompleteSolution 3.x.x - Path Traversal via clientarea.php templatefile Parameter
Directory traversal vulnerability in clientarea.php in WHMCompleteSolution (WHMCS) 3.x.x allows remote attackers to read arbitrary files via an invalid action and a ../ (dot dot slash) in the templatefile parameter.
by red virus
CVE-2011-4431 EXPLOITDB text VERIFIED
Merethis Centreon < 2.3.2 - Authenticated Path Traversal via Command Name Parameter
Directory traversal vulnerability in main.php in Merethis Centreon before 2.3.2 allows remote authenticated users to execute arbitrary commands via a .. (dot dot) in the command_name parameter.
by Christophe de la Fuente
CVE-2011-4825 EXPLOITDB text VERIFIED
Ajax File and Image Manager < 1.1 - Remote Code Execution via PHP Code Injection in data.php
Static code injection vulnerability in inc/function.base.php in Ajax File and Image Manager before 1.1, as used in tinymce before 1.4.2, phpMyFAQ 2.6 before 2.6.19 and 2.7 before 2.7.1, and possibly other products, allows remote attackers to inject arbitrary PHP code into data.php via crafted parameters.
by EgiX
EIP-2026-104992 EXPLOITDB text
Advanced Poll 2.02 - SQL Injection
by Yassin Aboukir
CVE-2011-4716 EXPLOITDB text VERIFIED
DreamBox DM800 Firmware < 1.6 - Path Traversal via File Parameter
Directory traversal vulnerability in file in DreamBox DM800 1.6rc3, 1.5rc1, and earlier allows remote attackers to read arbitrary files via the file parameter.
by Todor Donev
CVE-2011-4831 EXPLOITDB text VERIFIED
Web File Browser 0.4b14 - Authenticated Path Traversal via File Parameter
Directory traversal vulnerability in webFileBrowser.php in Web File Browser 0.4b14 allows remote authenticated users to read arbitrary files via a ..%2f (encoded dot dot) in the file parameter in a download action.
by Sangyun YOO
CVE-2011-4090 EXPLOITDB MEDIUM text VERIFIED
Serendipity < 1.6 - Cross-Site Scripting in Karma Plugin
Serendipity before 1.6 has an XSS issue in the karma plugin which may allow privilege escalation.
by Stefan Schurtz
CVSS 6.1
CVE-2011-4095 EXPLOITDB MEDIUM text VERIFIED
Jara 1.6 - Cross-Site Scripting
Jara 1.6 has an XSS vulnerability
by Or4nG.M4N
CVSS 6.1
EIP-2026-100210 EXPLOITDB text VERIFIED
CmyDocument - Multiple Cross-Site Scripting Vulnerabilities
by demonalex
CVE-2011-4811 EXPLOITDB text VERIFIED
BestShopPro - SQL Injection via pokaz_podkat.php str Parameter
SQL injection vulnerability in pokaz_podkat.php in BestShopPro allows remote attackers to execute arbitrary SQL commands via the str parameter.
by CoBRa_21
EIP-2026-119010 EXPLOITDB text VERIFIED
Oracle Hyperion Financial Management TList6 - ActiveX Control Remote Code Execution
by rgod
EIP-2026-117485 EXPLOITDB text VERIFIED
Microsoft Excel 2007 SP2 - Buffer Overwrite (MS11-021)
by Abysssec
By Source
All 31,386 Writeup 62,344 Exploitdb 50,076 Nomisec 22,425 Github 3,649 Metasploit 3,314 Vulncheck_xdb 929 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,585 ruby 6,005 c 3,628 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 132 go 73 postscript 25 typescript 25