Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-114274 EXPLOITDB text
WordPress Plugin WPEasyStats 1.8 - Remote File Inclusion
by Ben Schmidt
EIP-2026-114112 EXPLOITDB text VERIFIED
WordPress Plugin TheCartPress 1.1.1 - Remote File Inclusion
by Ben Schmidt
CVE-2012-1205 EXPLOITDB text VERIFIED
Relocate Upload < 0.20 - Remote Code Execution via abspath Parameter
PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
by Ben Schmidt
EIP-2026-113896 EXPLOITDB text
WordPress Plugin Mini Mail Dashboard Widget 1.36 - Remote File Inclusion
by Ben Schmidt
EIP-2026-113880 EXPLOITDB text
WordPress Plugin Mailing List 1.3.2 - Remote File Inclusion
by Ben Schmidt
EIP-2026-113872 EXPLOITDB text
WordPress Plugin Livesig 0.4 - Remote File Inclusion
by Ben Schmidt
EIP-2026-113746 EXPLOITDB text VERIFIED
WordPress Plugin Filedownload 0.1 - 'download.php' Remote File Disclosure
by Septemb0x
EIP-2026-113683 EXPLOITDB text
WordPress Plugin Disclosure Policy 1.0 - Remote File Inclusion
by Ben Schmidt
EIP-2026-113563 EXPLOITDB text VERIFIED
WordPress Plugin Annonces 1.2.0.0 - Remote File Inclusion
by Ben Schmidt
CVE-2011-3981 EXPLOITDB text
Allwebmenus WordPress Plugin 1.1.3 - Remote Code Execution via abspath Parameter
PHP remote file inclusion vulnerability in actions.php in the Allwebmenus plugin 1.1.3 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.
by Ben Schmidt
EIP-2026-112735 EXPLOITDB text VERIFIED
Toko Lite CMS 1.5.2 - HTTP Response Splitting / Cross-Site Scripting
by Gjoko Krstic
EIP-2026-112734 EXPLOITDB text
Toko Lite CMS 1.5.2 - 'edit.php' HTTP Response Splitting
by LiquidWorm
EIP-2026-109863 EXPLOITDB text VERIFIED
net4visions (Multiple Products) - 'dir' Multiple Cross-Site Scripting Vulnerabilities
by Gjoko Krstic
CVE-2011-4106 EXPLOITDB text
TimThumb < 2.0 - Remote Code Execution via Domain Whitelist Bypass
TimThumb (timthumb.php) before 2.0 does not validate the entire source with the domain white list, which allows remote attackers to upload and execute arbitrary code via a URL containing a white-listed domain in the src parameter, then accessing it via a direct request to the file in the cache directory, as exploited in the wild in August 2011.
by Ben Schmidt
EIP-2026-105724 EXPLOITDB text VERIFIED
Card sharj 1.0 - Multiple SQL Injections
by Net.Edit0r
EIP-2026-104577 EXPLOITDB text VERIFIED
Apple Mac OSX (Lion) - Directory Services Security Bypass
by Defence in Depth
CVE-2011-2577 EXPLOITDB text
Cisco TelePresence C Series, E/EX, MXP < TC 4.0.0/F9.1 - DoS via SIP Packet
Unspecified vulnerability in Cisco TelePresence C Series Endpoints, E/EX Personal Video units, and MXP Series Codecs, when using software versions before TC 4.0.0 or F9.1, allows remote attackers to cause a denial of service (crash) via a crafted SIP packet to port 5060 or 5061, aka Bug ID CSCtq46500.
by Sense of Security
EIP-2026-100132 EXPLOITDB text VERIFIED
Aspgwy Access 1.0 - 'matchword' Cross-Site Scripting
by kurdish hackers team
EIP-2026-113660 EXPLOITDB text VERIFIED
WordPress Plugin Count per Day 2.17 - SQL Injection
by Miroslav Stampar
EIP-2026-111192 EXPLOITDB text VERIFIED
phpRS 2.8.1 - Multiple SQL Injections / Cross-Site Scripting
by iM4n
EIP-2026-100115 EXPLOITDB text VERIFIED
ASP Basit Haber Script 1.0 - 'id' SQL Injection
by m3rciL3Ss
EIP-2026-107802 EXPLOITDB text
iManager Plugin 1.2.8 - 'lang' Local File Inclusion
by LiquidWorm
EIP-2026-107801 EXPLOITDB text
iManager Plugin 1.2.8 - 'd' Arbitrary File Deletion
by LiquidWorm
CVE-2010-5281 EXPLOITDB text
CMScout IBrowser TinyMCE Plugin <1.4.1 - Path Traversal
Directory traversal vulnerability in ibrowser.php in the CMScout 2.09 IBrowser TinyMCE Plugin 1.4.1, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter. NOTE: some of these details are obtained from third party information.
by LiquidWorm
EIP-2026-100154 EXPLOITDB text VERIFIED
Ay Computer (Multiple Products) - Multiple SQL Injections
by m3rciL3Ss
By Source
All 31,386 Writeup 62,478 Exploitdb 50,076 Nomisec 22,448 Github 3,670 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,594 ruby 6,006 c 3,631 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 133 go 73 postscript 25 typescript 25