Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-107329 EXPLOITDB text
Galilery 1.0 - Local File Inclusion
by lemlajt
EIP-2026-106556 EXPLOITDB text
dotProject 2.1.5 - Multiple Vulnerabilities
by lemlajt
EIP-2026-103423 EXPLOITDB text VERIFIED
Battlefield 2/2142 - Packet Null Pointer Dereference Remote Denial of Service
by Luigi Auriemma
EIP-2026-102208 EXPLOITDB text VERIFIED
iOS SideBooks 1.0 - Directory Traversal
by R3d@l3rt_ Sp@2K_ Sunlight
EIP-2026-102202 EXPLOITDB text VERIFIED
iOS FtpDisc 1.0 - Directory Traversal
by R3d@l3rt_ Sp@2K_ Sunlight
EIP-2026-100248 EXPLOITDB text VERIFIED
DIY Web CMS - Multiple Vulnerabilities
by p0pc0rn
EIP-2026-113461 EXPLOITDB text VERIFIED
Woltlab Burning Board 2.3.6 Addon - 'hilfsmittel.php' SQL Injection
by Crazyball
EIP-2026-105411 EXPLOITDB text VERIFIED
Batavi 1.0 - Multiple Local File Inclusion / Cross-Site Scripting Vulnerabilities
by AutoSec Tools
EIP-2026-103938 EXPLOITDB text VERIFIED
IBM Lotus Sametime - stconf.nsf Cross-Site Scripting
by Dave Daly
CVE-2011-1038 EXPLOITDB text VERIFIED
IBM Lotus Sametime 8.0.1 - Cross-Site Scripting via stconf.nsf Parameters
Multiple cross-site scripting (XSS) vulnerabilities in stconf.nsf in the server in IBM Lotus Sametime 8.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the messageString parameter in a WebMessage action or (2) the PATH_INFO.
by Dave Daly
EIP-2026-107751 EXPLOITDB text
Icy Phoenix 1.3.0.53a - HTTP Referer Persistent Cross-Site Scripting
by Saif El-Sherei
EIP-2026-107825 EXPLOITDB text VERIFIED
Independent Escort CMS - Blind SQL Injection
by NoNameMT
EIP-2026-106938 EXPLOITDB text
eventum issue tracking system 2.3.1 - Persistent Cross-Site Scripting
by Saif El-Sherei
EIP-2026-106906 EXPLOITDB text VERIFIED
Escort Directory CMS - SQL Injection
by NoNameMT
CVE-2011-1060 EXPLOITDB text VERIFIED
WSN Guest 1.24 - SQL Injection via wsnuser Cookie
SQL injection vulnerability in the member function in classes/member.php in WSN Guest 1.24 allows remote attackers to execute arbitrary SQL commands via the wsnuser cookie to index.php.
by Aliaksandr Hartsuyeu
CVE-2013-1916 EXPLOITDB HIGH text VERIFIED
WordPress User Photo Plugin 0.9.4 - Unrestricted File Upload
In WordPress Plugin User Photo 0.9.4, when a photo is uploaded, it is only partially validated and it is possible to upload a backdoor on the server hosting WordPress. This backdoor can be called (executed) even if the photo has not been yet approved.
by ADVtools
CVSS 8.8
EIP-2026-107354 EXPLOITDB text
GAzie 5.10 - 'Login' Multiple Vulnerabilities
by LiquidWorm
CVE-2011-0420 EXPLOITDB text VERIFIED
PHP 5.3.5 - Denial of Service via Invalid Size Argument in grapheme_extract
The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.
by Maksymilian Arciemowicz
CVE-2011-0420 EXPLOITDB text VERIFIED
PHP 5.3.5 - Denial of Service via Invalid Size Argument in grapheme_extract
The grapheme_extract function in the Internationalization extension (Intl) for ICU for PHP 5.3.5 allows context-dependent attackers to cause a denial of service (crash) via an invalid size argument, which triggers a NULL pointer dereference.
by Maksymilian Arciemowicz
EIP-2026-109784 EXPLOITDB text VERIFIED
mySeatXT 0.164 - 'lang' Local File Inclusion
by AutoSec Tools
CVE-2010-4738 EXPLOITDB text VERIFIED
Rae Media INC Real Estate <3.0 - SQL Injection
Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city.asp in the Multi Agent System and (2) resulttype.asp in the Single Agent System.
by R4dc0re
CVE-2010-4738 EXPLOITDB text VERIFIED
Rae Media INC Real Estate <3.0 - SQL Injection
Multiple SQL injection vulnerabilities in Rae Media INC Real Estate Single and Multi Agent System 3.0 allow remote attackers to execute arbitrary SQL commands via the probe parameter to (1) multi/city.asp in the Multi Agent System and (2) resulttype.asp in the Single Agent System.
by R4dc0re
EIP-2026-113431 EXPLOITDB text VERIFIED
Wikipad 1.6.0 - Cross-Site Scripting / HTML Injection / Information Disclosure
by High-Tech Bridge SA
EIP-2026-111989 EXPLOITDB text
Seo Panel 2.2.0 - SQL Injection
by High-Tech Bridge SA
EIP-2026-111145 EXPLOITDB text VERIFIED
phpMyBitTorrent 2.0.4 - SQL Injection
by #forkbombers
By Source
All 31,386 Writeup 62,524 Exploitdb 50,076 Nomisec 22,474 Github 3,707 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 480 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,611 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 136 go 73 postscript 25 typescript 25