Text Exploits

31,343 exploits tracked across all sources.

Sort: Activity Stars
CVE-2020-36988 EXPLOITDB MEDIUM text
PDW File Browser 1.3 - XSS
PDW File Browser version 1.3 contains stored and reflected cross-site scripting vulnerabilities that allow authenticated attackers to inject malicious scripts through file rename and path parameters. Attackers can craft malicious URLs or rename files with XSS payloads to execute arbitrary JavaScript in victims' browsers when they access the file browser.
by David Bimmel
CVSS 5.4
CVE-2020-36878 EXPLOITDB HIGH text
ReQuest Serious Play Media Player 3.0 - Info Disclosure
ReQuest Serious Play Media Player 3.0 contains an unauthenticated file disclosure vulnerability when input passed through the 'file' parameter in and script is not properly verified before being used to read web log files. Attackers can exploit this to disclose contents of files from local resources.
by LiquidWorm
CVE-2020-36877 EXPLOITDB CRITICAL text
ReQuest Serious Play F3 Media Server 7.0.3 - RCE
ReQuest Serious Play F3 Media Server 7.0.3 contains an unauthenticated remote code execution vulnerability that allows attackers to execute arbitrary commands as the web server user. Attackers can upload PHP executable files via the Quick File Uploader page, resulting in remote code execution on the server.
by LiquidWorm
CVE-2020-36876 EXPLOITDB HIGH text
ReQuest Serious Play F3 Media Server <7.0.3.4968 - Info Disclosure
ReQuest Serious Play F3 Media Server versions 7.0.3.4968 (Pro), 7.0.2.4954, 6.5.2.4954, 6.4.2.4681, 6.3.2.4203, and 2.0.1.823 allows unauthenticated attackers to disclose the webserver's Python debug log file containing system information, credentials, paths, processes and command arguments running on the device. Attackers can access sensitive information by visiting the message_log page.
by LiquidWorm
CVE-2020-27980 EXPLOITDB MEDIUM text
Genexis Platinum-4410 Firmware - XSS
Genexis Platinum-4410 P4410-V2-1.28 devices allow stored XSS in the WLAN SSID parameter. This could allow an attacker to perform malicious actions in which the XSS popup will affect all privileged users.
by Amal Mohandas
CVSS 5.4
EIP-2026-110109 EXPLOITDB text
Online Health Care System 1.0 - Multiple Cross Site Scripting (Stored)
by Akıner Kısa
CVE-2020-28130 EXPLOITDB CRITICAL text
Online Library Management System - Unrestricted File Upload
An Arbitrary File Upload in the Upload Image component in SourceCodester Online Library Management System 1.0 allows the user to conduct remote code execution via admin/borrower/index.php?view=add because .php files can be uploaded to admin/borrower/photos (under the web root).
by Jyotsna Adhana
CVSS 9.8
CVE-2020-28129 EXPLOITDB MEDIUM text
Admerc Gym Management System - XSS
Stored Cross-site scripting (XSS) vulnerability in SourceCodester Gym Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php?page=packages via vulnerable fields 'Package Name' and 'Description'.
by Jyotsna Adhana
CVSS 6.1
CVE-2020-29288 EXPLOITDB CRITICAL text
Gym Management System - SQL Injection
An SQL injection vulnerability was discovered in Gym Management System In manage_user.php file, GET parameter 'id' is vulnerable.
by Jyotsna Adhana
CVSS 9.8
CVE-2020-27956 EXPLOITDB CRITICAL text
Car Rental Management System - Unrestricted File Upload
An Arbitrary File Upload in the Upload Image component in SourceCodester Car Rental Management System 1.0 allows the user to conduct remote code execution via admin/index.php?page=manage_car because .php files can be uploaded to admin/assets/uploads/ (under the web root).
by Jyotsna Adhana
CVSS 9.8
EIP-2026-112928 EXPLOITDB text
User Registration & Login and User Management System 2.1 - SQL Injection
by Ihsan Sencan
EIP-2026-112433 EXPLOITDB text
Stock Management System 1.0 - 'brandId and categoriesId' SQL Injection
by Ihsan Sencan
EIP-2026-111924 EXPLOITDB text
School Faculty Scheduling System 1.0 - 'username' SQL Injection
by Jyotsna Adhana
EIP-2026-111923 EXPLOITDB text
School Faculty Scheduling System 1.0 - 'id' SQL Injection
by Jyotsna Adhana
EIP-2026-111391 EXPLOITDB text
Point of Sales 1.0 - 'username' SQL Injection
by Jyotsna Adhana
EIP-2026-111390 EXPLOITDB text
Point of Sales 1.0 - 'id' SQL Injection
by Ankita Pal
EIP-2026-109213 EXPLOITDB text
Lot Reservation Management System 1.0 - Cross-Site Scripting (Stored)
by Ankita Pal
EIP-2026-109212 EXPLOITDB text VERIFIED
Lot Reservation Management System 1.0 - Authentication Bypass
by Ankita Pal
EIP-2026-107539 EXPLOITDB text
Gym Management System 1.0 - Authentication Bypass
by Jyotsna Adhana
CVE-2020-27993 EXPLOITDB MEDIUM text
Hrsale - Path Traversal
Hrsale 2.0.0 allows download?type=files&filename=../ directory traversal to read arbitrary files.
by Sosecure
CVSS 5.3
EIP-2026-112435 EXPLOITDB text
Stock Management System 1.0 - 'Product Name' Persistent Cross-Site Scripting
by Adeeb Shah
EIP-2026-112434 EXPLOITDB text
Stock Management System 1.0 - 'Categories Name' Persistent Cross-Site Scripting
by Adeeb Shah
EIP-2026-112432 EXPLOITDB text
Stock Management System 1.0 - 'Brand Name' Persistent Cross-Site Scripting
by Adeeb Shah
EIP-2026-111926 EXPLOITDB text
School Faculty Scheduling System 1.0 - Stored Cross Site Scripting POC
by Jyotsna Adhana
EIP-2026-111925 EXPLOITDB text
School Faculty Scheduling System 1.0 - Authentication Bypass POC
by Jyotsna Adhana
By Source
All 31,343 Exploitdb 50,123 Writeup 46,867 Nomisec 21,211 Metasploit 3,189 Github 2,293 Vulncheck_xdb 900 Inthewild 518 Gitlab 439 Gitee 415 Patchapalooza 312
By Language
text 31,343 ruby 5,920 python 5,760 c 3,551 perl 2,854 html 2,055 php 1,334 bash 459 java 360 javascript 260 c++ 247 shell 73 go 42 postscript 25 xml 24