Text Exploits

31,386 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109110 EXPLOITDB text
Library Management System 2.0 - Auth Bypass SQL Injection
by Manish Solanki
CVE-2020-36948 EXPLOITDB CRITICAL text
VestaCP 0.9.8-26 - Incorrect Authorization via LoginAs Session Token Manipulation
VestaCP 0.9.8-26 contains a session token vulnerability in the LoginAs module that allows remote attackers to manipulate authentication tokens. Attackers can exploit insufficient token validation to access user accounts and perform unauthorized login requests without proper administrative permissions.
by Vulnerability-Lab
CVSS 9.8
EIP-2026-118660 EXPLOITDB text
Huawei HedEx Lite 200R006C00SPC005 - Path Traversal
by Vulnerability-Lab
EIP-2026-112561 EXPLOITDB text
Task Management System 1.0 - Unrestricted File Upload to Remote Code Execution
by Saeed Bala Ahmed
EIP-2026-112559 EXPLOITDB text
Task Management System 1.0 - 'id' SQL Injection
by Saeed Bala Ahmed
EIP-2026-112558 EXPLOITDB text
Task Management System 1.0 - 'First Name and Last Name' Stored XSS
by Saeed Bala Ahmed
EIP-2026-104479 EXPLOITDB text
VestaCP 0.9.8-26 - 'backup' Information Disclosure
by Vulnerability-Lab
CVE-2020-35378 EXPLOITDB CRITICAL text
Online Bus Ticket Reservation 1.0 - SQL Injection via Login Username and Password Fields
SQL Injection in the login page in Online Bus Ticket Reservation 1.0 allows attackers to execute arbitrary SQL commands and bypass authentication via the username and password fields.
by Sakshi Sharma
CVSS 9.8
CVE-2020-35272 EXPLOITDB MEDIUM text
Employee Performance Evaluation System 1.0 - Stored Cross-Site Scripting in Admin Portal Task and Description Fields
Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Admin Portal in the Task and Description fields.
by Ritesh Gohil
CVSS 4.8
EIP-2026-117493 EXPLOITDB text
Microsoft GamingServices 2.47.10001.0 - 'GamingServices' Unquoted Service Path
by Ismael Nava
CVE-2023-34666 EXPLOITDB MEDIUM text
Phpgurukul Cyber Cafe Management System 1.0 - Cross-Site Scripting via Admin Username Parameter
Cross-site scripting (XSS) vulnerability in Phpgurukul Cyber Cafe Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the admin username parameter.
by Pruthvi Nekkanti
CVSS 6.1
CVE-2021-43456 EXPLOITDB HIGH text
Rumble Mail Server 0.51.3135 - Buffer Overflow
An Unquoted Service Path vulnerablility exists in Rumble Mail Server 0.51.3135 via via a specially crafted file in the RumbleService executable service path.
by Mohammed Alshehri
CVSS 7.8
CVE-2020-36958 EXPLOITDB HIGH text
Kite 1.2020.1119.0 - Code Injection
Kite 1.2020.1119.0 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:\Program Files\Kite\KiteService.exe' to inject malicious executables and escalate privileges on the system.
by Ismael Nava
CVSS 7.8
CVE-2020-36949 EXPLOITDB HIGH text
TapinRadio 2.13.7 - Denial of Service via Proxy Settings Input Overflow
TapinRadio 2.13.7 contains a denial of service vulnerability in the application proxy settings that allows attackers to crash the program by overflowing input fields. Attackers can paste a large buffer of 20,000 characters into the username and address fields to cause the application to become unresponsive and require reinstallation.
by Ismael Nava
CVSS 7.5
CVE-2020-27515 EXPLOITDB MEDIUM text
Savsoft Quiz v5.0 - Stored Cross-Site Scripting via Skype ID Field
A Cross Site Scripting (XSS) vulnerability in Savsoft Quiz v5.0 allows remote attackers to inject arbitrary web script or HTML via the Skype ID field.
by Dipak Panchal
CVSS 6.1
EIP-2026-116153 EXPLOITDB text
RarmaRadio 2.72.5 - Denial of Service (PoC)
by Ismael Nava
EIP-2026-113011 EXPLOITDB text
vBulletin 5.6.3 - 'group' Cross Site Scripting
by Vincent666
CVE-2020-37238 EXPLOITDB MEDIUM text
CMS Made Simple 2.2.15 Stored XSS via SVG File Upload
CMS Made Simple 2.2.15 contains a stored cross-site scripting vulnerability that allows authenticated users with Content Manager access to inject malicious scripts through SVG file uploads. Attackers can upload SVG files containing embedded JavaScript to the file manager, which executes when other authenticated users access the uploaded file, enabling cookie theft and session hijacking.
by Eshan Singh
CVSS 6.4
CVE-2020-37237 EXPLOITDB MEDIUM text
Composr CMS 10.0.34 Persistent Cross-Site Scripting via banners
Composr CMS 10.0.34 contains a persistent cross-site scripting vulnerability that allows authenticated administrators to inject malicious scripts through the banner management interface. Attackers with admin credentials can inject XSS payloads in the Description field of the Add banner functionality, which execute for all website visitors when they access the home page.
by Parshwa Bhavsar
CVSS 6.4
CVE-2021-47902 EXPLOITDB HIGH text
Testa Online Test Management System <3.4.7 - SQL Injection
Testa Online Test Management System 3.4.7 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'q' search parameter. Attackers can inject malicious SQL code in the search field to extract database information, potentially accessing sensitive user or system data.
by Ultra Security Team
CVSS 8.2
CVE-2020-36960 EXPLOITDB MEDIUM text
Forma LMS < 2.3 - Stored Cross-Site Scripting via User Profile First and Last Name Fields
Forma LMS 2.3 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious scripts into user profile first and last name fields. Attackers can craft scripts like '<script>alert(document.cookie)</script>' to execute arbitrary JavaScript when the profile is viewed by other users.
by Hemant Patidar
CVSS 6.4
CVE-2020-36959 EXPLOITDB HIGH text
IDT PC Audio 1.0.6499.0 - Privilege Escalation
IDT PC Audio 1.0.6499.0 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the STacSV service to inject malicious code that would execute with LocalSystem account permissions during service startup.
by Diego Cañada
CVSS 7.8
CVE-2020-36951 EXPLOITDB HIGH text
Phpscript-sgh 0.1.0 - SQL Injection
Phpscript-sgh 0.1.0 contains a time-based blind SQL injection vulnerability in the admin interface that allows attackers to manipulate database queries through the 'id' parameter. Attackers can exploit this vulnerability by crafting malicious payloads that trigger time delays, enabling them to extract sensitive database information through conditional sleep techniques.
by KeopssGroup0day_Inc
CVSS 8.2
CVE-2020-36950 EXPLOITDB MEDIUM text
Laravel Nova 3.7.0 - Authenticated Denial of Service via Range Parameter
Laravel Nova 3.7.0 contains a denial of service vulnerability that allows authenticated users to crash the application by manipulating the 'range' parameter. Attackers can send simultaneous requests with an extremely high range value to overwhelm and crash the server.
by iqzer0
CVSS 6.5
CVE-2020-35349 EXPLOITDB MEDIUM text
Savsoft Quiz 5 - Stored Cross-Site Scripting via Custom Field Title Parameter
Savsoft Quiz 5 is affected by: Cross Site Scripting (XSS) via field_title (aka a title on the custom fields page).
by Dhruv Patel
CVSS 4.8
By Source
All 31,386 Writeup 62,320 Exploitdb 50,076 Nomisec 22,421 Github 3,644 Metasploit 3,314 Vulncheck_xdb 929 Inthewild 514 Gitlab 479 Gitee 415 Patchapalooza 312
By Language
text 31,386 python 6,581 ruby 6,005 c 3,628 perl 2,849 html 2,076 php 1,333 bash 462 java 371 c++ 261 javascript 229 shell 132 go 73 postscript 25 typescript 25