Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-108826 EXPLOITDB text
Joomla! Component People 1.0.0 - SQL Injection
by Salvatore Fresta
EIP-2026-105080 EXPLOITDB text VERIFIED
Alguest 1.1c-patched - 'elimina' SQL Injection
by Aliaksandr Hartsuyeu
EIP-2026-109126 EXPLOITDB text VERIFIED
LifeType 1.2.10 - HTTP Referer Persistent Cross-Site Scripting
by Saif El-Sherei
EIP-2026-108173 EXPLOITDB text
Joomla! 1.5.22 / 1.6.0 - 'com_mailto' Spam Mail Relay
by Jeff Channell
CVE-2011-0503 EXPLOITDB text
vam_shop <= 1.6.1 - Cross-Site Request Forgery in Admin User Management
Cross-site request forgery (CSRF) vulnerability in VaM Shop 1.6, 1.6.1, and probably earlier versions allows remote attackers to hijack the authentication of administrators for requests that (1) change user status via admin/customers.php or (2) change user permissions via admin/accounting.php. NOTE: some of these details are obtained from third party information.
by High-Tech Bridge SA
EIP-2026-113401 EXPLOITDB text
whCMS 0.115 - Cross-Site Request Forgery
by High-Tech Bridge SA
CVE-2011-0504 EXPLOITDB text
vam_shop 1.6-1.6.1 - Cross-Site Scripting via status, search, or STORE_NAME Parameter
Multiple cross-site scripting (XSS) vulnerabilities in VaM Shop 1.6, 1.6.1, and probably earlier versions llow remote attackers to inject arbitrary web script or HTML via the (1) status parameter to admin/orders.php, (2) search parameter to admin/customers.php, or (3) STORE_NAME parameter to admin/configuration.php.
by High-Tech Bridge SA
EIP-2026-106973 EXPLOITDB text
Extcalendar 2 - 'calendar.php' SQL Injection
by Lagripe-Dz & Mca-Crb
EIP-2026-106878 EXPLOITDB text
energine 2.3.8 - Multiple Vulnerabilities
by High-Tech Bridge SA
CVE-2011-5318 EXPLOITDB text
diafan.cms < 5.0 - Cross-Site Request Forgery via Admin Actions
Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.CMS before 5.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify articles via a save_post action to admin/news/saveNEWS_ID/, (2) modify settings via a save_post action to admin/site/save2/, or (3) modify credentials via a save_post action to admin/usersite/save2/.
by High-Tech Bridge SA
EIP-2026-106002 EXPLOITDB text VERIFIED
CMS Tovar - 'tovar.php' SQL Injection
by jos_ali_joe
EIP-2026-105698 EXPLOITDB text
Cambio 0.5a - Cross-Site Request Forgery
by High-Tech Bridge SA
CVE-2010-4301 EXPLOITDB text
Wireshark 1.4.0-1.4.1 - Denial of Service via ZigBee ZCL Discover Attributes Packet
epan/dissectors/packet-zbee-zcl.c in the ZigBee ZCL dissector in Wireshark 1.4.0 through 1.4.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted ZCL packet, related to Discover Attributes.
by Fred Fierling
CVE-2010-4254 EXPLOITDB text VERIFIED
Mono with Moonlight < 2.3.0 - Remote Code Execution via Generic Method Argument Validation Bypass
Mono, when Moonlight before 2.3.0.1 or 2.99.x before 2.99.0.10 is used, does not properly validate arguments to generic methods, which allows remote attackers to bypass generic constraints, and possibly execute arbitrary code, via a crafted method call.
by Chris Howie
EIP-2026-113436 EXPLOITDB text VERIFIED
WikLink 0.1.3 - Multiple SQL Injections
by Aliaksandr Hartsuyeu
CVE-2011-0443 EXPLOITDB text VERIFIED
tinybb 1.2 - SQL Injection via id Parameter in Profile Action
SQL injection vulnerability in inc/tinybb-settings.php in tinyBB 1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action to index.php. NOTE: some of these details are obtained from third party information.
by Aodrulez
EIP-2026-109361 EXPLOITDB text
Maximus CMS 1.1.2 - 'FCKeditor' Arbitrary File Upload
by eidelweiss
EIP-2026-108914 EXPLOITDB text VERIFIED
Joomla! Plugin Captcha 4.5.1 - Local File Disclosure
by dun
CVE-2011-0505 EXPLOITDB text
Zwii 2.1.1 - Remote File Inclusion via set[template][value] Parameter
Directory traversal vulnerability in system/system.php in Zwii 2.1.1, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the set[template][value] parameter.
by Abdi Mohamed
EIP-2026-113893 EXPLOITDB text VERIFIED
WordPress Plugin mingle forum 1.0.26 - Multiple Vulnerabilities
by Charles Hooper
EIP-2026-111873 EXPLOITDB text VERIFIED
sahana agasti 0.6.5 - Multiple Vulnerabilities
by dun
EIP-2026-108921 EXPLOITDB text VERIFIED
Joostina 1.3 - 'index.php' Cross-Site Scripting
by MustLive
EIP-2026-106847 EXPLOITDB text
Elxis CMS 2009.2 - Remote File Inclusion
by n0n0x
CVE-2011-0506 EXPLOITDB text VERIFIED
Tsixm Axdcms - Path Traversal
Directory traversal vulnerability in modules/profile/user.php in Ax Developer CMS (AxDCMS) 0.1.1 allows remote attackers to execute arbitrary code via a .. (dot dot) in the aXconf[default_language] parameter.
by n0n0x
EIP-2026-116331 EXPLOITDB text VERIFIED
StageTracker 2.5 - Denial of Service
by freak_out
By Source
All 31,386 Writeup 62,525 Exploitdb 50,076 Nomisec 22,475 Github 3,710 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 480 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,612 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 231 shell 137 go 73 postscript 25 typescript 25