Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-105609 EXPLOITDB text VERIFIED
BoutikOne - 'rss_top10.php?lang' SQL Injection
by cdx.security
EIP-2026-105608 EXPLOITDB text VERIFIED
BoutikOne - 'rss_promo.php?lang' SQL Injection
by cdx.security
EIP-2026-105607 EXPLOITDB text VERIFIED
BoutikOne - 'rss_news.php?lang' SQL Injection
by cdx.security
EIP-2026-105606 EXPLOITDB text VERIFIED
BoutikOne - 'rss_flash.php?lang' SQL Injection
by cdx.security
EIP-2026-105605 EXPLOITDB text VERIFIED
BoutikOne - 'list.php?path' SQL Injection
by cdx.security
EIP-2026-105603 EXPLOITDB text VERIFIED
BoutikOne - 'categorie.php?path' SQL Injection
by cdx.security
EIP-2026-104110 EXPLOITDB text VERIFIED
Trend Micro WebReputation API 10.5 - URI SecURIty Bypass
by DcLabs Security Research Group
EIP-2026-102200 EXPLOITDB text VERIFIED
iOS Checkview 1.1 - Directory Traversal
by kim@story
EIP-2026-100559 EXPLOITDB text
SmarterMail 8.0 - Multiple Cross-Site Scripting Vulnerabilities
by Hoyt LLC Research
EIP-2026-106195 EXPLOITDB text VERIFIED
Cover Vision - SQL Injection
by Egyptian.H4x0rz
EIP-2026-106136 EXPLOITDB text VERIFIED
Constructr CMS 3.03 - Multiple Remote Vulnerabilities
by LiquidWorm
CVE-2010-4437 EXPLOITDB text
Oracle WebLogic Server Servlet Container - Confidentiality and Integrity Impact
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 9.0, 9.1, 9.2.4, 10.0.2, 10.3.2, and 10.3.3 allows remote attackers to affect confidentiality and integrity via unknown vectors related to Servlet Container.
by Roberto Suggi Liverani
EIP-2026-102664 EXPLOITDB text VERIFIED
Linux NTP query client 4.2.6p1 - Heap Overflow
by mr_me
EIP-2026-100561 EXPLOITDB text VERIFIED
SmarterStats 6.0 - Multiple Vulnerabilities
by Hoyt LLC Research
CVE-2011-5267 EXPLOITDB text VERIFIED
WikiWig 5.01 - Cross-Site Scripting via SpellChecker Module Parameters
Multiple cross-site scripting (XSS) vulnerabilities in spell-check-savedicts.php in the SpellChecker module in Xinha, as used in WikiWig 5.01 and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1) to_p_dict or (2) to_r_list parameter. NOTE: this issue might be related to the htmlarea plugin and CVE-2013-5670.
by John Leitch
EIP-2026-113859 EXPLOITDB text VERIFIED
WordPress Plugin Lazyest Gallery 1.0.26 - 'image' Cross-Site Scripting
by High-Tech Bridge SA
EIP-2026-113434 EXPLOITDB text VERIFIED
Wikiwig 5.01 - Cross-Site Scripting / HTML Injection
by AutoSec Tools
EIP-2026-108996 EXPLOITDB text VERIFIED
Keynect eCommerce - SQL Injection
by Arturo Zamora
CVE-2011-1467 EXPLOITDB text VERIFIED
PHP < 5.3.6 - Denial of Service via NumberFormatter::setSymbol Invalid Argument
Unspecified vulnerability in the NumberFormatter::setSymbol (aka numfmt_set_symbol) function in the Intl extension in PHP before 5.3.6 allows context-dependent attackers to cause a denial of service (application crash) via an invalid argument, a related issue to CVE-2010-4409.
by thoger
EIP-2026-100781 EXPLOITDB text VERIFIED
Cosmoshop 10.05.00 - Multiple Cross-Site Scripting / SQL Injections
by High-Tech Bridge SA
CVE-2010-3486 EXPLOITDB text VERIFIED
SmarterMail 7.1.3876 - Path Traversal
Directory traversal vulnerability in FileStorageUpload.ashx in SmarterMail 7.1.3876 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash), (2) %5C (encoded backslash), or (3) %255c (double-encoded backslash) in the name parameter.
by Hoyt LLC Research
EIP-2026-100399 EXPLOITDB text VERIFIED
Luch Web Designer - Multiple SQL Injections
by p0pc0rn
CVE-2011-0167 EXPLOITDB text VERIFIED
Safari < 5.0.4 - Same Origin Policy Bypass via WebKit Window Functionality
The windows functionality in WebKit in Apple Safari before 5.0.4 allows remote attackers to bypass the Same Origin Policy, and force the upload of arbitrary local files from a client computer, via a crafted web site.
by Aaron Sigel
EIP-2026-111723 EXPLOITDB text VERIFIED
recordpress 0.3.1 - Multiple Vulnerabilities
by Khashayar Fereidani
EIP-2026-106913 EXPLOITDB text
Esselbach Storyteller CMS System 1.8 - SQL Injection
by Shamus
By Source
All 31,386 Writeup 62,509 Exploitdb 50,076 Nomisec 22,473 Github 3,698 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 480 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,607 ruby 6,006 c 3,632 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 135 go 73 postscript 25 typescript 25