Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-111099 EXPLOITDB text VERIFIED
PHPJunkYard GBook 1.6/1.7 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-109364 EXPLOITDB text VERIFIED
MBoard 1.3 - 'url' Open Redirection
by High-Tech Bridge SA
CVE-2011-2522 EXPLOITDB text VERIFIED
Samba 3.x < 3.5.10 - Cross-Site Request Forgery in SWAT
Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.
by Narendra Shinde
CVE-2011-0222 EXPLOITDB text
Safari < 5.0.6 - Remote Code Execution via WebKit Memory Corruption
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
by Abysssec
CVE-2011-5071 EXPLOITDB text VERIFIED
Support Incident Tracker < 3.64 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.
by Yuri Goltsev
CVE-2011-5071 EXPLOITDB text VERIFIED
Support Incident Tracker < 3.64 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.
by Yuri Goltsev
CVE-2011-5071 EXPLOITDB text VERIFIED
Support Incident Tracker < 3.64 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.
by Yuri Goltsev
CVE-2011-5071 EXPLOITDB text VERIFIED
Support Incident Tracker < 3.64 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Support Incident Tracker (aka SiT!) before 3.64 allow remote attackers to execute arbitrary SQL commands via the (1) exc[] parameter to report_marketing.php, (2) selected[] parameter to tasks.php, (3) sites[] parameter to billable_incidents.php, or (4) search_string parameter to search.php. NOTE: some of these details are obtained from third party information.
by Yuri Goltsev
EIP-2026-110795 EXPLOITDB text
PHP-Barcode 0.3pl1 - Remote Code Execution
by beford
EIP-2026-110332 EXPLOITDB text
OpenX Ad Server 2.8.7 - Cross-Site Request Forgery
by Narendra Shinde
EIP-2026-104328 EXPLOITDB text
ManageEngine ServiceDesk Plus 8.0.0 Build 8013 - Improper User Privileges
by Narendra Shinde
EIP-2026-113441 EXPLOITDB text VERIFIED
Willscript Recipes Website Script Silver Edition - 'viewRecipe.php' SQL Injection
by Lazmania61
EIP-2026-110107 EXPLOITDB text VERIFIED
Online Grades 3.2.5 - Multiple Cross-Site Scripting Vulnerabilities
by Gjoko Krstic
EIP-2026-109653 EXPLOITDB text VERIFIED
MusicBox 3.7 - Multiple Vulnerabilities
by R@1D3N
EIP-2026-108580 EXPLOITDB text VERIFIED
Joomla! Component com_virtualmoney 1.5 - SQL Injection
by FL0RiX
EIP-2026-107449 EXPLOITDB text VERIFIED
Godly Forums - 'id' SQL Injection
by 3spi0n
EIP-2026-106043 EXPLOITDB text VERIFIED
CobraScripts Trading Marketplace Script - 'cid' SQL Injection
by Ehsan_Hp200
CVE-2011-0222 EXPLOITDB text
Safari < 5.0.6 - Remote Code Execution via WebKit Memory Corruption
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1.
by Nikita Tarakanov
EIP-2026-113003 EXPLOITDB text VERIFIED
vBulletin 4.0.x 4.1.3 - 'messagegroupid' SQL Injection
by fb1h2s
EIP-2026-112529 EXPLOITDB text VERIFIED
Synergy Software - 'id' SQL Injection
by Ehsan_Hp200
EIP-2026-109436 EXPLOITDB text
Mevin Basic PHP Events Lister 2.03 - Cross-Site Request Forgery
by Crazy_Hacker
EIP-2026-108794 EXPLOITDB text
Joomla! Component mod_spo - SQL Injection
by SeguridadBlanca
CVE-2011-4336 EXPLOITDB MEDIUM text VERIFIED
Tiki Wiki CMS/Groupware < 7.0 - Cross-Site Scripting via AJAX Parameter
Tiki Wiki CMS Groupware 7.0 has XSS via the GET "ajax" parameter to snarf_ajax.php.
by High-Tech Bridge SA
CVSS 6.1
EIP-2026-108518 EXPLOITDB text VERIFIED
Joomla! Component com_rsappt_pro2 - Local File Inclusion
by Don Tukulesto
EIP-2026-108187 EXPLOITDB text VERIFIED
Joomla! < 1.6.5 - Multiple Cross-Site Scripting Vulnerabilities
by YGN Ethical Hacker Group
By Source
All 31,386 Writeup 62,491 Exploitdb 50,076 Nomisec 22,459 Github 3,677 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,598 ruby 6,006 c 3,631 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 133 go 73 postscript 25 typescript 25