Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-4830 EXPLOITDB text VERIFIED
Barter Sites com_listing 1.3 - Authenticated Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the com_listing component in Barter Sites component 1.3 for Joomla! allow remote authenticated users to inject arbitrary web script or HTML via the (1) listing_title, (2) description, (3) homeurl (aka Website Address), (4) paystring (aka Payment types accepted), (5) sell_price, (6) shipping_cost, and (7) quantity parameters to index.php.
by Chris Russell
EIP-2026-116008 EXPLOITDB text VERIFIED
Opera Web Browser 11.52 - Escape Sequence Stack Buffer Overflow (Denial of Service) (PoC)
by Marcel Bernhardt
EIP-2026-112199 EXPLOITDB text VERIFIED
SjXjV 2.3 - 'post.php' SQL Injection
by 599eme Man
EIP-2026-111329 EXPLOITDB text VERIFIED
Plici Search 2.0.0.Stable.r.1878 - 'p48-search.html' Cross-Site Scripting
by 599eme Man
CVE-2011-5113 EXPLOITDB text VERIFIED
Techfolio (com_techfolio) 1.0 - SQL Injection via catid Parameter
SQL injection vulnerability in frontend/models/techfoliodetail.php in Techfolio (com_techfolio) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.
by Chris Russell
EIP-2026-106784 EXPLOITDB text VERIFIED
eFront 3.6.10 - 'professor.php' Script Multiple SQL Injections
by Vulnerability Research Laboratory
CVE-2011-4803 EXPLOITDB text
WPTouch - SQL Injection via id Parameter
SQL injection vulnerability in wptouch/ajax.php in the WPTouch plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter.
by longrifle0x
EIP-2026-106782 EXPLOITDB text
eFront 3.6.10 (build 11944) - Multiple Vulnerabilities
by EgiX
EIP-2026-119303 EXPLOITDB text VERIFIED
XAMPP 1.7.4 - Cross-Site Scripting
by Sangteamtham
EIP-2026-113156 EXPLOITDB text VERIFIED
vTiger CRM 5.2.1 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities (2)
by LiquidWorm
CVE-2011-5185 EXPLOITDB text
Online Subtitles Workshop < 2.0 - Cross-Site Scripting via Comment Parameter
Cross-site scripting (XSS) vulnerability in video_comments.php in Online Subtitles Workshop before 2.0 rev 131 allows remote attackers to inject arbitrary web script or HTML via the comment parameter.
by M.Jock3R
EIP-2026-103023 EXPLOITDB text VERIFIED
Trend Micro IWSS 3.1 - Local Privilege Escalation
by Buguroo Offensive Security
CVE-2011-3315 EXPLOITDB text VERIFIED
Cisco Unified Communications Manager 5.x-8.x Path Traversal via Crafted URL
Directory traversal vulnerability in Cisco Unified Communications Manager (CUCM) 5.x and 6.x before 6.1(5)SU2, 7.x before 7.1(5b)SU2, and 8.x before 8.0(3), and Cisco Unified Contact Center Express (aka Unified CCX or UCCX) and Cisco Unified IP Interactive Voice Response (Unified IP-IVR) before 6.0(1)SR1ES8, 7.0(x) before 7.0(2)ES1, 8.0(x) through 8.0(2)SU3, and 8.5(x) before 8.5(1)SU2, allows remote attackers to read arbitrary files via a crafted URL, aka Bug IDs CSCth09343 and CSCts44049.
by Sandro Gauci
EIP-2026-108608 EXPLOITDB text
Joomla! Component com_yjcontactus - Local File Inclusion
by MeGo
EIP-2026-105124 EXPLOITDB text VERIFIED
Alsbtain Bulletin 1.5/1.6 - Multiple Local File Inclusions
by Null H4ck3r
EIP-2026-107902 EXPLOITDB text VERIFIED
InverseFlow 2.4 - Multiple Cross-Site Scripting Vulnerabilities
by Amir Expl0its
CVE-2011-1513 EXPLOITDB text VERIFIED
e107 < 0.7.24 - Remote Code Execution via MySQL Server Name Injection
Static code injection vulnerability in install_.php in e107 CMS 0.7.24 and probably earlier versions, when the installation script is not removed, allows remote attackers to inject arbitrary PHP code into e107_config.php via a crafted MySQL server name.
by Matt Bergin
CVE-2011-1985 EXPLOITDB HIGH text VERIFIED
Microsoft Windows - Privilege Escalation
win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, and Windows 7 Gold and SP1 does not properly validate user-mode input, which allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via a crafted application, aka "Win32k Null Pointer De-reference Vulnerability."
by KiDebug
CVSS 7.1
CVE-2011-4094 EXPLOITDB CRITICAL text
jara 1.6 - SQL Injection
Jara 1.6 has a SQL injection vulnerability.
by muuratsalo
CVSS 9.8
EIP-2026-107901 EXPLOITDB text
InverseFlow 2.4 - Cross-Site Request Forgery (Add Admin)
by EjRaM HaCkEr
EIP-2026-103481 EXPLOITDB text VERIFIED
Google Chrome - Denial of Service
by Prashant Uniyal
EIP-2026-115346 EXPLOITDB text VERIFIED
Google Chrome - Killing Thread (PoC)
by pigtail23
EIP-2026-119006 EXPLOITDB text VERIFIED
Oracle AutoVue 20.0.1 AutoVueX - ActiveX Control SaveViewStateToFile
by rgod
CVE-2013-6246 EXPLOITDB text VERIFIED
Dell Quest One Password Manager - Unauthenticated Information Disclosure via CAPTCHA Bypass
The Dell Quest One Password Manager, possibly 5.0, allows remote attackers to bypass CAPTCHA protections and obtain sensitive information (user's full name) by sending a login request with a valid domain and username but without the CaptchaType, UseCaptchaEveryTime, and CaptchaResponse parameters.
by Johnny Bravo
CVE-2011-4024 EXPLOITDB text
OCS Inventory NG < 2.0.1 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in ocsinventory in OCS Inventory NG 2.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by Nicolas DEROUET
By Source
All 31,386 Writeup 62,466 Exploitdb 50,076 Nomisec 22,446 Github 3,667 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,592 ruby 6,006 c 3,631 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 133 go 73 postscript 25 typescript 25