Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-1546 EXPLOITDB text VERIFIED
Andy's PHP Knowledgebase <0.95.3 - SQL Injection
Multiple SQL injection vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.3 allow remote attackers to execute arbitrary SQL commands via the s parameter to (1) a_viewusers.php or (2) keysearch.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (3) id or (4) start parameter to pending.php, or the (5) aid parameter to a_authordetails.php. NOTE: some of these details are obtained from third party information.
by Mark Stanislav
CVE-2011-1487 EXPLOITDB text VERIFIED
Perl 5.10.x-5.12.3 and 5.13.x-5.13.11 - Taint Protection Bypass via lc, lcfirst, uc, and ucfirst Functions
The (1) lc, (2) lcfirst, (3) uc, and (4) ucfirst functions in Perl 5.10.x, 5.11.x, and 5.12.x through 5.12.3, and 5.13.x through 5.13.11, do not apply the taint attribute to the return value upon processing tainted input, which might allow context-dependent attackers to bypass the taint protection mechanism via a crafted string.
by mmartinec
EIP-2026-100232 EXPLOITDB text VERIFIED
CosmoQuest - Authentication Bypass
by Net.Edit0r
EIP-2026-118462 EXPLOITDB text VERIFIED
Easy File Sharing Web Server 5.8 - Multiple Vulnerabilities
by AutoSec Tools
EIP-2026-114453 EXPLOITDB text VERIFIED
XOOPS - 'view_photos.php' Cross-Site Scripting
by KedAns-Dz
CVE-2011-1671 EXPLOITDB text VERIFIED
Tracks 1.7.2, 2.0RC2, and 2.0devel - Cross-Site Scripting via PATH_INFO to todos/tag/
Cross-site scripting (XSS) vulnerability in app/controllers/todos_controller.rb in Tracks 1.7.2, 2.0RC2, and 2.0devel allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to todos/tag/. NOTE: some of these details are obtained from third party information.
by Mesut Timur
EIP-2026-112393 EXPLOITDB text VERIFIED
Spitfire 1.0.3x - 'cms_username' Cross-Site Scripting
by High-Tech Bridge SA
EIP-2026-110392 EXPLOITDB text VERIFIED
oscss2 2.1.0 rc12 - Multiple Vulnerabilities
by AutoSec Tools
EIP-2026-110391 EXPLOITDB text VERIFIED
osCSS 2.1 - Multiple Cross-Site Scripting / Local File Inclusions
by AutoSec Tools
EIP-2026-105882 EXPLOITDB text VERIFIED
Claroline 1.10 - Persistent Cross-Site Scripting
by AutoSec Tools
CVE-2011-1556 EXPLOITDB text VERIFIED
Andy's PHP Knowledgebase 0.95.4 - SQL Injection
SQL injection vulnerability in plugins/pdfClasses/pdfgen.php in Andy's PHP Knowledgebase (Aphpkb) 0.95.4 allows remote attackers to execute arbitrary SQL commands via the pdfa parameter.
by AutoSec Tools
CVE-2011-4342 EXPLOITDB text
BackWPup < 1.7.1 - Remote Code Execution via wpabs Parameter
PHP remote file inclusion vulnerability in wp_xml_export.php in the BackWPup plugin before 1.7.2 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the wpabs parameter.
by Sense of Security
EIP-2026-113264 EXPLOITDB text VERIFIED
webEdition CMS 6.1.0.2 - 'DOCUMENT_ROOT' Local File Inclusion
by eidelweiss
EIP-2026-113263 EXPLOITDB text
webEdition CMS - Local File Inclusion
by eidelweiss
EIP-2026-107613 EXPLOITDB text VERIFIED
Honey Soft Web Solution - Multiple Vulnerabilities
by **RoAd_KiLlEr**
EIP-2026-105881 EXPLOITDB text VERIFIED
Claroline 1.10 - Multiple HTML Injection Vulnerabilities
by AutoSec Tools
EIP-2026-105097 EXPLOITDB text VERIFIED
Alkacon OpenCMS 7.5.x - Multiple Cross-Site Scripting Vulnerabilities
by antisnatchor
EIP-2026-119291 EXPLOITDB text
wodWebServer.NET 1.3.3 - Directory Traversal
by AutoSec Tools
EIP-2026-113265 EXPLOITDB text VERIFIED
webEdition CMS 6.1.0.2 - Multiple Vulnerabilities
by AutoSec Tools
EIP-2026-112158 EXPLOITDB text VERIFIED
SimplisCMS 1.0.3.0 - Multiple Vulnerabilities
by NassRawI
EIP-2026-110336 EXPLOITDB text VERIFIED
OrangeHRM 2.6.2 - 'jobVacancy.php' Cross-Site Scripting
by AutoSec Tools
EIP-2026-105790 EXPLOITDB text VERIFIED
Cetera eCommerce - Multiple Cross-Site Scripting / SQL Injections
by MustLive
EIP-2026-107043 EXPLOITDB text
Family Connections CMS 2.3.2 - Persistent Cross-Site Scripting / XML Injection
by LiquidWorm
EIP-2026-107041 EXPLOITDB text VERIFIED
Family Connections 2.3.2 - 'subject' HTML Injection
by Zero Science Lab
EIP-2026-112527 EXPLOITDB text VERIFIED
SyndeoCMS 2.8.02 - Multiple Vulnerabilities (2)
by High-Tech Bridge SA
By Source
All 31,386 Writeup 62,508 Exploitdb 50,076 Nomisec 22,472 Github 3,695 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,606 ruby 6,006 c 3,632 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 135 go 73 postscript 25 typescript 25