Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110660 EXPLOITDB text
PHP Captcha / Securimage 2.0.2 - Authentication Bypass
by Sense of Security
EIP-2026-111792 EXPLOITDB text VERIFIED
Room Juice 0.3.3 - 'display.php' Cross-Site Scripting
by AutoSec Tools
EIP-2026-109139 EXPLOITDB text VERIFIED
LimeSurvey 1.85+ - 'admin.php' Cross-Site Scripting
by Juan Manuel Garcia
CVE-2011-0962 EXPLOITDB text VERIFIED
Cisco Unified Operations Manager < 8.6 - Cross-Site Scripting via Tag Parameter
Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712.
by Sense of Security
CVE-2011-0961 EXPLOITDB text VERIFIED
CiscoWorks Common Services < 3.3 - Cross-Site Scripting via Device Parameter
Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704.
by Sense of Security
CVE-2011-0960 EXPLOITDB text VERIFIED
Cisco Unified Operations Manager < 8.6 - SQL Injection via CCMs or ccm Parameter
Multiple SQL injection vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to execute arbitrary SQL commands via (1) the CCMs parameter to iptm/PRTestCreation.do or (2) the ccm parameter to iptm/TelePresenceReportAction.do, aka Bug ID CSCtn61716.
by Sense of Security
CVE-2011-0959 EXPLOITDB text VERIFIED
Cisco Unified Operations Manager < 8.6 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Operations Manager (CUOM) before 8.6 allow remote attackers to inject arbitrary web script or HTML via (1) the extn parameter to iptm/advancedfind.do, (2) the deviceInstanceName parameter to iptm/ddv.do, the (3) cmd or (4) group parameter to iptm/eventmon, the (5) clusterName or (6) deviceName parameter to iptm/faultmon/ui/dojo/Main/eventmon_wrapper.jsp, or the (7) ccmName or (8) clusterName parameter to iptm/logicalTopo.do, aka Bug ID CSCtn61716.
by Sense of Security
CVE-2011-0966 EXPLOITDB text VERIFIED
CiscoWorks Common Services < 3.3 - Unauthenticated Path Traversal via Audit Log File Parameter
Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577.
by Sense of Security
CVE-2011-1838 EXPLOITDB text VERIFIED
TWiki < 5.0.2 - Cross-Site Scripting via origurl Parameter
Multiple cross-site scripting (XSS) vulnerabilities in TemplateLogin.pm in TWiki before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via the origurl parameter to a (1) view script or (2) login script.
by Mesut Timur
EIP-2026-108693 EXPLOITDB text
Joomla! Component jDownloads 1.0 - Arbitrary File Upload
by Al-Ghamdi
CVE-2011-1930 EXPLOITDB CRITICAL text VERIFIED
klibc 1.5.20-1.5.21 - Remote Code Execution via DHCP Reply Handling
In klibc 1.5.20 and 1.5.21, the DHCP options written by ipconfig to /tmp/net-$DEVICE.conf are not properly escaped. This may allow a remote attacker to send a specially crafted DHCP reply which could execute arbitrary code with the privileges of any process which sources DHCP options.
by maximilian attems
CVSS 9.8
CVE-2011-0966 EXPLOITDB text VERIFIED
CiscoWorks Common Services < 3.3 - Unauthenticated Path Traversal via Audit Log File Parameter
Directory traversal vulnerability in cwhp/auditLog.do in the Homepage Auditing component in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter, aka Bug ID CSCto35577.
by Sense of Security
CVE-2011-0961 EXPLOITDB text VERIFIED
CiscoWorks Common Services < 3.3 - Cross-Site Scripting via Device Parameter
Cross-site scripting (XSS) vulnerability in cwhp/device.center.do in the Help servlet in Cisco CiscoWorks Common Services 3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the device parameter, aka Bug ID CSCto12704.
by Sense of Security
CVE-2011-0962 EXPLOITDB text VERIFIED
Cisco Unified Operations Manager < 8.6 - Cross-Site Scripting via Tag Parameter
Cross-site scripting (XSS) vulnerability in CSCOnm/servlet/com.cisco.nm.help.ServerHelpEngine in the Common Services Device Center in Cisco Unified Operations Manager (CUOM) before 8.6 allows remote attackers to inject arbitrary web script or HTML via the tag parameter, aka Bug ID CSCto12712.
by Sense of Security
CVE-2011-10033 EXPLOITDB CRITICAL text VERIFIED
WordPress Plugin <=1.4.2 - Code Injection
The WordPress plugin is-human <= v1.4.2 contains an eval injection vulnerability in /is-human/engine.php that can be triggered via the 'type' parameter when the 'action' parameter is set to 'log-reset'. The root cause is unsafe use of eval() on user-controlled input, which can lead to execution of attacker-supplied PHP and OS commands. This may result in arbitrary code execution as the webserver user, site compromise, or data exfiltration. The is-human plugin was made defunct in June 2008 and is no longer available for download. This vulnerability was exploited in the wild in March 2012.
by neworder
EIP-2026-111336 EXPLOITDB text
Pligg CMS 1.1.4 - SQL Injection
by Null-0x00
EIP-2026-110658 EXPLOITDB text VERIFIED
PHP Calendar Basic 2.3 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-112957 EXPLOITDB text
Vanilla Forum 2.0.17.9 - Local File Inclusion
by AutoSec Tools
EIP-2026-110315 EXPLOITDB text VERIFIED
openQRM 4.8 - 'source_tab' Cross-Site Scripting
by AutoSec Tools
EIP-2026-109959 EXPLOITDB text VERIFIED
NoticeBoardPro 1.0 - Multiple Vulnerabilities
by AutoSec Tools
EIP-2026-109386 EXPLOITDB text VERIFIED
MediaInSpot CMS - SQL Injection
by Iolo Morganwg
EIP-2026-109385 EXPLOITDB text VERIFIED
MediaInSpot CMS - Local File Inclusion (2)
by wlhaan haker
EIP-2026-109286 EXPLOITDB text VERIFIED
Mambo Component Docman 1.3.0 - Multiple SQL Injections
by KedAns-Dz
EIP-2026-108303 EXPLOITDB text VERIFIED
Joomla! Component com_cbcontact - 'contact_id' SQL Injection
by KedAns-Dz
EIP-2026-108073 EXPLOITDB text
Jcow 4.2.1 - Local File Inclusion
by AutoSec Tools
By Source
All 31,386 Writeup 62,507 Exploitdb 50,076 Nomisec 22,463 Github 3,685 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,604 ruby 6,006 c 3,632 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 133 go 73 postscript 25 typescript 25