Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
CVE-2011-0903 EXPLOITDB text VERIFIED
AR Web Content Manager 2.2 - Path Traversal via awcm_theme or awcm_lang Cookie
Multiple directory traversal vulnerabilities in AR Web Content Manager (AWCM) 2.2 allow remote attackers to read arbitrary files and possibly have other unspecified impact via a .. (dot dot) in the (1) awcm_theme or (2) awcm_lang cookie to (a) index.php or (b) header.php.
by Cucura
EIP-2026-114177 EXPLOITDB text VERIFIED
WordPress Plugin Videox7 UGC 2.5.3.2 - 'listid' Cross-Site Scripting
by AutoSec Tools
EIP-2026-113741 EXPLOITDB text VERIFIED
WordPress Plugin Featured Content 0.0.1 - 'listid' Cross-Site Scripting
by AutoSec Tools
EIP-2026-113739 EXPLOITDB text VERIFIED
WordPress Plugin FCChat Widget 2.1.7 - 'path' Cross-Site Scripting
by AutoSec Tools
EIP-2026-113595 EXPLOITDB text VERIFIED
WordPress Plugin BezahlCode Generator 1.0 - 'gen_name' Cross-Site Scripting
by AutoSec Tools
EIP-2026-113235 EXPLOITDB text VERIFIED
web@all 1.1 - 'url' Cross-Site Scripting
by AutoSec Tools
CVE-2011-0773 EXPLOITDB text VERIFIED
PivotX < 2.2.3 - Cross-Site Scripting via Image Parameter
Cross-site scripting (XSS) vulnerability in pivotx/modules/module_image.php in PivotX before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the image parameter.
by AutoSec Tools
CVE-2011-0772 EXPLOITDB text VERIFIED
PivotX < 2.2.2 - Cross-Site Scripting via Color or Src Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php.
by High-Tech Bridge SA
CVE-2011-0772 EXPLOITDB text VERIFIED
PivotX < 2.2.2 - Cross-Site Scripting via Color or Src Parameter
Multiple cross-site scripting (XSS) vulnerabilities in PivotX 2.2.0, and possibly other versions before 2.2.2, allow remote attackers to inject arbitrary web script or HTML via the (1) color parameter to includes/blogroll.php or (2) src parameter to includes/timwrapper.php.
by High-Tech Bridge SA
EIP-2026-104884 EXPLOITDB text
ab Web CMS 1.35 - Multiple Vulnerabilities
by Dr.0rYX & Cr3W-DZ
CVE-2011-0902 EXPLOITDB text
Sun Microsystems SunScreen Firewall <5.9 - RCE
Multiple untrusted search path vulnerabilities in the Java Service in Sun Microsystems SunScreen Firewall on SunOS 5.9 allow local users to execute arbitrary code via a modified (1) PATH or (2) LD_LIBRARY_PATH environment variable.
by kingcope
CVE-2011-0678 EXPLOITDB text VERIFIED
Lomtec ActiveWeb Professional 3.0 - Unauthenticated Arbitrary File Upload via EasyEdit Module
Unrestricted file upload vulnerability in the EasyEdit module in Lomtec ActiveWeb Professional 3.0 allows remote attackers to execute arbitrary code by uploading an executable file via the UploadDirectory and Accepted Extensions fields in the getImagefile component of EasyEdit.cfm.
by StenoPlasma
EIP-2026-117490 EXPLOITDB text VERIFIED
Microsoft Fax - Cover Page Editor 5.2.3790.3959 Double-Free Memory Corruption
by Luigi Auriemma
EIP-2026-114150 EXPLOITDB text VERIFIED
WordPress Plugin Uploader 1.0 - 'num' Cross-Site Scripting
by AutoSec Tools
EIP-2026-113978 EXPLOITDB text VERIFIED
WordPress Plugin Powerhouse Museum Collection Image Grid 0.9.1.1 - 'tbpv_username' Cross-Site Scripting
by AutoSec Tools
EIP-2026-113942 EXPLOITDB text VERIFIED
WordPress Plugin oQey-Gallery 0.2 - 'tbpv_domain' Cross-Site Scripting
by AutoSec Tools
EIP-2026-113740 EXPLOITDB text VERIFIED
WordPress Plugin Feature Slideshow 1.0.6 - 'src' Cross-Site Scripting
by AutoSec Tools
EIP-2026-108273 EXPLOITDB text
Joomla! Component com_b2portfolio 1.0.0 - Multiple SQL Injections
by Salvatore Fresta
EIP-2026-114231 EXPLOITDB text VERIFIED
WordPress Plugin WP Publication Archive 2.0.1 - 'file' Information Disclosure
by AutoSec Tools
EIP-2026-114216 EXPLOITDB text VERIFIED
WordPress Plugin WP Featured Post with Thumbnail 3.0 - 'src' Cross-Site Scripting
by AutoSec Tools
CVE-2011-0740 EXPLOITDB text VERIFIED
RSS Feed Reader 0.1 for WordPress - Cross-Site Scripting via rss_url Parameter
Cross-site scripting (XSS) vulnerability in magpie/scripts/magpie_slashbox.php in RSS Feed Reader 0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the rss_url parameter.
by AutoSec Tools
EIP-2026-113573 EXPLOITDB text VERIFIED
WordPress Plugin Audio 0.5.1 - 'showfile' Cross-Site Scripting
by AutoSec Tools
EIP-2026-110674 EXPLOITDB text VERIFIED
PHP Coupon Script 6.0 - 'bus' Blind SQL Injection
by h4ck3r
EIP-2026-111012 EXPLOITDB text VERIFIED
phpCMS 9.0 - Blind SQL Injection
by eidelweiss
EIP-2026-106275 EXPLOITDB text
cultbooking 2.0.4 - Multiple Vulnerabilities
by LiquidWorm
By Source
All 31,386 Writeup 62,525 Exploitdb 50,076 Nomisec 22,475 Github 3,710 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 480 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,612 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 137 go 73 postscript 25 typescript 25