Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110393 EXPLOITDB text
osDate - 'uploadvideos.php' Arbitrary File Upload
by Xa7m3d
EIP-2026-108448 EXPLOITDB text VERIFIED
Joomla! Component com_mtree 2.1.5 - Arbitrary File Upload
by jdc
CVE-2010-3428 EXPLOITDB text VERIFIED
Intermesh Group-Office 3.5.9 - SQL Injection
SQL injection vulnerability in modules/notes/json.php in Intermesh Group-Office 3.5.9 allows remote attackers to execute arbitrary SQL commands via the category_id parameter in a category action.
by ViciOuS
EIP-2026-100400 EXPLOITDB text VERIFIED
Luftguitar CMS - Upload Arbitrary File
by Abysssec
EIP-2026-112538 EXPLOITDB text VERIFIED
System Shop - 'Module aktka' SQL Injection
by secret
EIP-2026-109768 EXPLOITDB text VERIFIED
MyHobbySite 1.01 - SQL Injection / Authentication Bypass
by YuGj VN
EIP-2026-105128 EXPLOITDB text VERIFIED
Alstrasoft AskMe Pro 2.1 - 'profile.php' SQL Injection
by CoBRa_21
CVE-2010-3404 EXPLOITDB text VERIFIED
eshtery CMS - SQL Injection via Criteria Field or Admin Login Username
Multiple SQL injection vulnerabilities in eshtery CMS (aka eshtery.com) allow remote attackers to execute arbitrary SQL commands via the (1) Criteria field in an unspecified form related to catlgsearch.aspx or (2) user name to an unspecified form related to adminlogin.aspx.
by Abysssec
EIP-2026-115394 EXPLOITDB text VERIFIED
HP Data Protector Media Operations 6.11 (Multiple Modules) - Null Pointer Dereference Denial of Service
by d0lc3
EIP-2026-111299 EXPLOITDB text VERIFIED
piwigo-2.1.2 - Multiple Vulnerabilities
by Sweet
EIP-2026-103252 EXPLOITDB text VERIFIED
YOPS - Web Server Remote Command Execution
by Rodrigo Escobar
EIP-2026-100119 EXPLOITDB text VERIFIED
ASP Nuke - SQL Injection
by Abysssec
CVE-2010-3457 EXPLOITDB text
Symphony CMS 2.0.7 and 2.1.1 - Cross-Site Scripting via Website Field or Recipient Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.0.7 and 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) fields[website] parameter in the post comments feature in articles/a-primer-to-symphony-2s-default-theme/ or (2) send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information.
by JosS
CVE-2010-1813 EXPLOITDB text VERIFIED
iPhone OS < 4.1 - Remote Code Execution via HTML Object Outlines
WebKit in Apple iOS before 4.1 on the iPhone and iPod touch allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via vectors involving HTML object outlines.
by Jose A. Vazquez
CVE-2010-3458 EXPLOITDB text
Symphony CMS <2.1.1 - SQL Injection
SQL injection vulnerability in lib/toolkit/events/event.section.php in Symphony CMS 2.0.7 and 2.1.1 allows remote attackers to execute arbitrary SQL commands via the send-email[recipient] parameter to about/. NOTE: some of these details are obtained from third party information.
by JosS
CVE-2010-3426 EXPLOITDB text VERIFIED
JPhone <1.0 Alpha 3 - Path Traversal
Directory traversal vulnerability in jphone.php in the JPhone (com_jphone) component 1.0 Alpha 3 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.
by Chip d3 bi0s
CVE-2010-3419 EXPLOITDB text
Haudenschilt Family Connections CMS 2.2.3 - Remote Code Execution via current_user_id Parameter
Multiple PHP remote file inclusion vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 2.2.3 allow remote attackers to execute arbitrary PHP code via a URL in the current_user_id parameter to (1) familynews.php and (2) settings.php.
by LoSt.HaCkEr
CVE-2009-3355 EXPLOITDB text VERIFIED
Datetopia Buy Dating Site 1.0 - Cross-Site Scripting via profile.php s_r Parameter
Cross-site scripting (XSS) vulnerability in profile.php in Datetopia Buy Dating Site 1.0 allows remote attackers to inject arbitrary web script or HTML via the s_r parameter.
by Moudi
EIP-2026-113124 EXPLOITDB text
Visitors Google Map Lite 1.0.1 Free mod_visitorsgooglemap Module - SQL Injection
by Chip d3 bi0s
CVE-2010-4893 EXPLOITDB text VERIFIED
FestOS 2.3b - Cross-Site Scripting via Category Parameter
Cross-site scripting (XSS) vulnerability in foodvendors.php in FestOS 2.3b allows remote attackers to inject arbitrary web script or HTML via the category parameter in a details action.
by Abysssec
CVE-2010-3456 EXPLOITDB text VERIFIED
EnergyScripts Simple Download 1.0 - Path Traversal
Directory traversal vulnerability in download.php in EnergyScripts (ES) Simple Download 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
by Kazza
EIP-2026-104216 EXPLOITDB text
CS-Cart 1.3.3 - 'install.php' Cross-Site Scripting
by crmpays
EIP-2026-100562 EXPLOITDB text VERIFIED
SmarterTools SmarterStats 5.3.3819 - 'frmHelp.aspx' Cross-Site Scripting
by David Hoyt
EIP-2026-100109 EXPLOITDB text VERIFIED
aradblog - Multiple Vulnerabilities
by Abysssec
EIP-2026-100672 EXPLOITDB text
FreeBSD 8.1/7.3 - 'vm.pmap' Local Race Condition
by Maksymilian Arciemowicz
By Source
All 31,386 Writeup 62,594 Exploitdb 50,076 Nomisec 22,498 Github 3,743 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 480 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,633 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,334 bash 462 java 371 c++ 261 javascript 231 shell 138 go 73 postscript 25 typescript 25