Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-111346 EXPLOITDB text
Plogger - Remote File Disclosure
by Mr.tro0oqy
CVE-2010-4939 EXPLOITDB text
MailForm 1.2 - Remote Code Execution via Theme Parameter
PHP remote file inclusion vulnerability in index.php in MailForm 1.2 allows remote attackers to execute arbitrary PHP code via a URL in the theme parameter.
by LoSt.HaCkEr
CVE-2010-4934 EXPLOITDB text
Get Tube < 4.51 - SQL Injection via video.php id Parameter
SQL injection vulnerability in video.php in Get Tube 4.51 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Mr.P3rfekT
EIP-2026-106771 EXPLOITDB text VERIFIED
Edit-X PHP CMS - 'search_text' Cross-Site Scripting
by High-Tech Bridge SA
EIP-2026-105999 EXPLOITDB text VERIFIED
CMS Source - Multiple Input Validation Vulnerabilities
by High-Tech Bridge SA
EIP-2026-119569 EXPLOITDB text
PHP-Nuke 8.1 SEO Arabic - Remote File Inclusion
by LoSt.HaCkEr
CVE-2009-3252 EXPLOITDB text VERIFIED
Dave Robinson Rockbandcms - SQL Injection
Multiple SQL injection vulnerabilities in news.php in Rock Band CMS 0.10 allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) id parameters.
by Affix
EIP-2026-104073 EXPLOITDB text VERIFIED
ServletExec - Directory Traversal / Authentication Bypass
by Stefano Di Paola
EIP-2026-102470 EXPLOITDB text VERIFIED
Computer Associates Oneview Monitor 6.0 - 'doSave.jsp' Remote Code Execution
by Giorgio Fedon
EIP-2026-119047 EXPLOITDB text VERIFIED
Portable Document Format - Specification Signature Collision
by Florian Zumbiehl
CVE-2010-4943 EXPLOITDB text
Saurus CMS 4.7.0 - Remote Code Execution via Class Path Parameter
Multiple PHP remote file inclusion vulnerabilities in Saurus CMS 4.7.0 allow remote attackers to execute arbitrary PHP code via a URL in the class_path parameter to (1) file.php or (2) com_del.php.
by LoSt.HaCkEr
EIP-2026-111134 EXPLOITDB text
phpMUR - Remote File Disclosure
by Offensive
EIP-2026-109741 EXPLOITDB text VERIFIED
MybbCentral TagCloud 2.0 - 'Topic' HTML Injection
by 3ethicalhackers.com
EIP-2026-109031 EXPLOITDB text VERIFIED
KnowledgeTree 3.5.2 Community Edition - Persistent Cross-Site Scripting
by fdiskyou
CVE-2010-4924 EXPLOITDB text
clearBudget 0.9.8 - Remote Code Execution via actionPath Parameter
PHP remote file inclusion vulnerability in logic/controller.class.php in clearBudget 0.9.8 allows remote attackers to execute arbitrary PHP code via a URL in the actionPath parameter. NOTE: this issue has been disputed by a reliable third party
by Offensive
EIP-2026-102455 EXPLOITDB text
Apache JackRabbit 2.0.0 - webapp XPath Injection
by ADEO Security
EIP-2026-118262 EXPLOITDB text VERIFIED
AoA Audio Extractor - Remote ActiveX SEH JIT Spray (ASLR + DEP Bypass)
by Dr_IDE
CVE-2010-2554 EXPLOITDB HIGH text VERIFIED
Microsoft Windows Vista/Server 2008/7 Privilege Escalation via Registry Key ACL Misconfiguration
The Tracing Feature for Services in Microsoft Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 has incorrect ACLs on its registry keys, which allows local users to gain privileges via vectors involving a named pipe and impersonation, aka "Tracing Registry Key ACL Vulnerability."
by Cesar Cerrudo
CVSS 7.8
CVE-2010-1897 EXPLOITDB text VERIFIED
Windows Kernel win32k.sys - Privilege Escalation via Pseudo-Handle Validation Bypass
The Windows kernel-mode drivers in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and R2, and Windows 7 do not properly validate pseudo-handle values in callback parameters during window creation, which allows local users to gain privileges via a crafted application, aka "Win32k Window Creation Vulnerability."
by Core Security
EIP-2026-112535 EXPLOITDB text VERIFIED
SyntaxCMS - 'rows_per_page' SQL Injection
by High-Tech Bridge SA
CVE-2009-4869 EXPLOITDB text VERIFIED
Nasim Guest Book 1.2 - Cross-Site Scripting via Page Parameter
Cross-site scripting (XSS) vulnerability in index.php in Nasim Guest Book 1.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
by Moudi
CVE-2010-4941 EXPLOITDB text VERIFIED
com_teams 1_1028_100809_1711 - SQL Injection via PlayerID Parameter
SQL injection vulnerability in the Teams (com_teams) component 1_1028_100809_1711 for Joomla! allows remote attackers to execute arbitrary SQL commands via the PlayerID parameter in a player save action to index.php.
by Salvatore Fresta
CVE-2010-4937 EXPLOITDB text VERIFIED
Amblog 1.0 for Joomla! - SQL Injection via articleid or catid Parameter
Multiple SQL injection vulnerabilities in the Amblog (com_amblog) component 1.0 for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) articleid or (2) catid parameter to index.php.
by Salvatore Fresta
EIP-2026-104050 EXPLOITDB text VERIFIED
Play! Framework 1.0.3.1 - Directory Traversal
by kripthor
EIP-2026-111482 EXPLOITDB text VERIFIED
Preation Eden Platform 27.7.2010 - Multiple HTML Injection Vulnerabilities
by High-Tech Bridge SA
By Source
All 31,386 Writeup 62,596 Exploitdb 50,076 Nomisec 22,501 Github 3,746 Metasploit 3,315 Vulncheck_xdb 930 Inthewild 514 Gitlab 483 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,634 ruby 6,006 c 3,635 perl 2,849 html 2,076 php 1,334 bash 462 java 371 c++ 261 javascript 231 shell 139 go 73 postscript 25 typescript 25