Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-100295 EXPLOITDB text VERIFIED
EAFlashUpload 2.5 - Arbitrary File Upload
by Daniel Godoy
CVE-2011-1569 EXPLOITDB text VERIFIED
Douran Portal 3.9.7.8 - Info Disclosure
download.aspx in Douran Portal 3.9.7.8 allows remote attackers to obtain source code of arbitrary files under the web root via (1) a trailing ".", (2) a trailing space, or (3) mixed case in the FileNameAttach parameter.
by AJAX Security Team
EIP-2026-113221 EXPLOITDB text VERIFIED
Web Poll Pro 1.0.3 - 'error' HTML Injection
by Hector.x90
EIP-2026-110998 EXPLOITDB text
Phpbuddies - Arbitrary File Upload
by Xr0b0t
EIP-2026-109019 EXPLOITDB text
Kleophatra 0.1.4 - Arbitrary File Upload
by Xr0b0t
EIP-2026-105960 EXPLOITDB text VERIFIED
CMS Balitbang 3.3 - Arbitrary File Upload
by eidelweiss
EIP-2026-105382 EXPLOITDB text VERIFIED
Balitbang CMS 3.3 - Multiple Vulnerabilities
by Xr0b0t
EIP-2026-114468 EXPLOITDB text VERIFIED
XOOPS 2.x - Multiple Cross-Site Scripting Vulnerabilities
by Aung Khant
EIP-2026-112805 EXPLOITDB text VERIFIED
Tugux CMS - 'nid' Blind SQL Injection
by eidelweiss
EIP-2026-105976 EXPLOITDB text
CMS Loko Media - Local File Download
by Xr0b0t
CVE-2011-0421 EXPLOITDB text
PHP < 5.3.6 - Denial of Service via Empty ZIP Archive in Zip Extension
The _zip_name_locate function in zip_name_locate.c in the Zip extension in PHP before 5.3.6 does not properly handle a ZIPARCHIVE::FL_UNCHANGED argument, which might allow context-dependent attackers to cause a denial of service (NULL pointer dereference) via an empty ZIP archive that is processed with a (1) locateName or (2) statName operation.
by Maksymilian Arciemowicz
EIP-2026-117508 EXPLOITDB text
Microsoft Source Code Analyzer for SQL Injection 1.3 - Improper Permissions
by LiquidWorm
EIP-2026-114074 EXPLOITDB text VERIFIED
WordPress Plugin Sodahead Polls 2.0.2 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-113996 EXPLOITDB text VERIFIED
WordPress Plugin Rating-Widget 1.3.1 - Multiple Cross-Site Scripting Vulnerabilities
by Todor Donev
EIP-2026-112806 EXPLOITDB text
Tugux CMS 1.0_final - Multiple Vulnerabilities
by Aodrulez
EIP-2026-108286 EXPLOITDB text
Joomla! Component com_booklibrary - SQL Injection
by Marc Doudiet
EIP-2026-108177 EXPLOITDB text
Joomla! 1.6 - Multiple SQL Injections
by Aung Khant
CVE-2011-5267 EXPLOITDB text
WikiWig 5.01 - Cross-Site Scripting via SpellChecker Module Parameters
Multiple cross-site scripting (XSS) vulnerabilities in spell-check-savedicts.php in the SpellChecker module in Xinha, as used in WikiWig 5.01 and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) to_p_dict or (2) to_r_list parameter. NOTE: this issue might be related to the htmlarea plugin and CVE-2013-5670.
by AutoSec Tools
EIP-2026-111392 EXPLOITDB text
pointter PHP content management system 1.2 - Multiple Vulnerabilities
by LiquidWorm
EIP-2026-109218 EXPLOITDB text VERIFIED
LotusCMS 3.0.3 - Multiple Vulnerabilities
by High-Tech Bridge SA
EIP-2026-105360 EXPLOITDB text
b2evolution 4.0.3 - Persistent Cross-Site Scripting
by AutoSec Tools
EIP-2026-105199 EXPLOITDB text VERIFIED
AplikaMedia CMS - 'page_info.php' SQL Injection
by H3X
CVE-2011-0745 EXPLOITDB text VERIFIED
SugarCRM < 6.1.3 - Authenticated Information Disclosure via ShowDuplicates Action
SugarCRM before 6.1.3 does not properly handle reloads and direct requests for a warning page produced by a certain duplicate check, which allows remote authenticated users to discover (1) the names of customers via a ShowDuplicates action to the Accounts module, reachable through index.php; or (2) the names of contact persons via a ShowDuplicates action to the Contacts module, reachable through index.php.
by RedTeam Pentesting GmbH
EIP-2026-109200 EXPLOITDB text
Log1 CMS 2.0 - Multiple Vulnerabilities
by Aodrulez
EIP-2026-105610 EXPLOITDB text VERIFIED
BoutikOne - 'search.php' Multiple SQL Injections
by cdx.security
By Source
All 31,386 Writeup 62,509 Exploitdb 50,076 Nomisec 22,473 Github 3,698 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 480 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,607 ruby 6,006 c 3,632 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 135 go 73 postscript 25 typescript 25