Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110620 EXPLOITDB text VERIFIED
Photopad 1.2 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-110026 EXPLOITDB text
omegabill 1.0 build 6 - Multiple Vulnerabilities
by AutoSec Tools
EIP-2026-109438 EXPLOITDB text VERIFIED
MG2 0.5.1 - Multiple Cross-Site Scripting Vulnerabilities
by LiquidWorm
EIP-2026-107456 EXPLOITDB text VERIFIED
Gollos 2.8 - Multiple Cross-Site Scripting Vulnerabilities
by High-Tech Bridge SA
EIP-2026-107392 EXPLOITDB text VERIFIED
Getsimple CMS 2.03 - 'upload-ajax.php' Arbitrary File Upload
by s3rg3770 & Chuzz
EIP-2026-111836 EXPLOITDB text
RunCMS 2.2.2 - Multiple Vulnerabilities
by High-Tech Bridge SA
EIP-2026-108933 EXPLOITDB text VERIFIED
jSchool Advanced - SQL Injection
by eXa.DisC
EIP-2026-105333 EXPLOITDB text
AWCM 2.2 Final - Persistent Cross-Site Scripting
by _84kur10_
CVE-2011-1062 EXPLOITDB text
TaskFreak! 0.6.4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php; the (5) dir and (6) show parameters to print_list.php; and the (7) HTTP referer header to rss.php. NOTE: some of these details are obtained from third party information.
by LiquidWorm
CVE-2011-1062 EXPLOITDB text VERIFIED
TaskFreak! 0.6.4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php; the (5) dir and (6) show parameters to print_list.php; and the (7) HTTP referer header to rss.php. NOTE: some of these details are obtained from third party information.
by LiquidWorm
CVE-2011-1062 EXPLOITDB text VERIFIED
TaskFreak! 0.6.4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php; the (5) dir and (6) show parameters to print_list.php; and the (7) HTTP referer header to rss.php. NOTE: some of these details are obtained from third party information.
by LiquidWorm
CVE-2011-1062 EXPLOITDB text VERIFIED
TaskFreak! 0.6.4 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in include/html/header.php in TaskFreak! 0.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) sContext, (2) sort, (3) dir, and (4) show parameters in a save action to index.php; the (5) dir and (6) show parameters to print_list.php; and the (7) HTTP referer header to rss.php. NOTE: some of these details are obtained from third party information.
by LiquidWorm
CVE-2011-1100 EXPLOITDB text
Pixelpost 1.7.3 - Authenticated SQL Injection via findfid, id, selectfcat, selectfmon, or selectftag Parameter
Multiple SQL injection vulnerabilities in admin/index.php in Pixelpost 1.7.3 allow remote authenticated users to execute arbitrary SQL commands via the (1) findfid, (2) id, (3) selectfcat, (4) selectfmon, or (5) selectftag parameter in an images action.
by LiquidWorm
EIP-2026-106905 EXPLOITDB text VERIFIED
Escort Agency CMS - Blind SQL Injection
by NoNameMT
EIP-2026-106505 EXPLOITDB text VERIFIED
Dokeos 1.8.6 2 - 'style' Cross-Site Scripting
by AutoSec Tools
EIP-2026-109053 EXPLOITDB text VERIFIED
Kunena < 1.5.13 / < 1.6.3 - SQL Injection
by Red Matter
CVE-2009-0932 EXPLOITDB text VERIFIED
Horde < 3.2.4 and 3.3.3 and Horde Groupware < 1.1.5 - Remote Code Execution via Image Driver Path Traversal
Directory traversal vulnerability in framework/Image/Image.php in Horde before 3.2.4 and 3.3.3 and Horde Groupware before 1.1.5 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the Horde_Image driver name.
by skysbsb
EIP-2026-107384 EXPLOITDB text VERIFIED
Geomi CMS 1.2/3.0 - SQL Injection
by ThunDEr HeaD
EIP-2026-111835 EXPLOITDB text VERIFIED
RunCMS 2.2.2 - 'register.php' SQL Injection
by High-Tech Bridge SA
CVE-2010-3272 EXPLOITDB text VERIFIED
ZOHO ManageEngine ADSelfService Plus <4.5 Build 4500 - RCE
accounts/ValidateAnswers in the security-questions implementation in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 makes it easier for remote attackers to reset user passwords, and consequently obtain access to arbitrary user accounts, via a modified (1) Hide_Captcha or (2) quesList parameter in a validateAll action.
by Core Security
CVE-2010-3274 EXPLOITDB text VERIFIED
ZOHO ManageEngine ADSelfService Plus <4.5.4500 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in EmployeeSearch.cc in the Employee Search Engine in ZOHO ManageEngine ADSelfService Plus before 4.5 Build 4500 allow remote attackers to inject arbitrary web script or HTML via the searchString parameter in a (1) showList or (2) Search action.
by Core Security
EIP-2026-106529 EXPLOITDB text VERIFIED
Dolphin 7.0.4 - Multiple Cross-Site Scripting Vulnerabilities
by AutoSec Tools
EIP-2026-101349 EXPLOITDB text
Linksys WAP610N - Root Access Security
by Matteo Ignaccolo
EIP-2026-113720 EXPLOITDB text
WordPress Plugin Enable Media Replace - Multiple Vulnerabilities
by Ulf Harnhammar
EIP-2026-113202 EXPLOITDB text VERIFIED
Web 2.0 Social Network Freunde Community - SQL Injection
by NoNameMT
By Source
All 31,386 Writeup 62,524 Exploitdb 50,076 Nomisec 22,474 Github 3,707 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 480 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,611 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 136 go 73 postscript 25 typescript 25