Text Exploits

EIP-2026-112866 EXPLOITDB text VERIFIED

UliCMS v9.8.1 - SQL Injection

by Manuel García Cárdenas

View

EIP-2026-112524 EXPLOITDB text

Symphony CMS 2.6.3 - Multiple SQL Injections

by Sachin Wagh

View

EIP-2026-110285 EXPLOITDB text

OpenDocMan 1.3.4 - Cross-Site Request Forgery

by Curesec Research Team

View

EIP-2026-105292 EXPLOITDB text

ATutor 2.2 - Multiple Cross-Site Scripting Vulnerabilities

by Curesec Research Team

View

CVE-2016-1525 EXPLOITDB HIGH text

NETGEAR Management System NMS300 <1.5.0.11 - Path Traversal

Directory traversal vulnerability in data/config/image.do in NETGEAR Management System NMS300 1.5.0.11 and earlier allows remote authenticated users to read arbitrary files via a .. (dot dot) in the realName parameter.

by Pedro Ribeiro

CVSS 8.6

View

CVE-2016-0862 EXPLOITDB MEDIUM text VERIFIED

General Electric GE Industrial Solutions UPS SNMP/Web Adapter <4.8 ...

General Electric (GE) Industrial Solutions UPS SNMP/Web Adapter devices with firmware before 4.8 allow remote authenticated users to obtain sensitive cleartext account information via unspecified vectors.

by Karn Ganeshen

CVSS 6.5

View

CVE-2015-7247 EXPLOITDB CRITICAL text

D-link Dvg-n5402sp Firmware - Information Disclosure

D-Link DVG-N5402SP with firmware W1000CN-00, W1000CN-03, or W2000EN-00 discloses usernames, passwords, keys, values, and web account hashes (super and admin) in plaintext when running a configuration backup, which allows remote attackers to obtain sensitive information.

by Karn Ganeshen

CVSS 9.8

View

EIP-2026-112691 EXPLOITDB text

TimeClock Software 0.995 - (Authenticated ) Multiple SQL Injections

by Benetrix

View

CVE-2014-2045 EXPLOITDB MEDIUM text

Viprinet Multichannel VPN Router 300 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the username when (1) logging in or (2) creating an account in the old interface, (3) username when creating an account in the new interface, (4) hostname in the old interface, (5) inspect parameter in the config module, (6) commands parameter in the atcommands tool, or (7) host parameter in the ping tool.

by Portcullis

CVSS 6.1

View

CVE-2015-4594 EXPLOITDB CRITICAL text

Eclinicalworks Population Health - Improper Access Control

eClinicalWorks Population Health (CCMR) suffers from a session fixation vulnerability. When authenticating a user, the application does not assign a new session ID, making it possible to use an existent session ID.

by Jerold Hoong

CVSS 9.8

View

CVE-2015-4592 EXPLOITDB HIGH text

Eclinicalworks Population Health - SQL Injection

eClinicalWorks Population Health (CCMR) suffers from an SQL injection vulnerability in portalUserService.jsp which allows remote authenticated users to inject arbitrary malicious database commands as part of user input.

by Jerold Hoong

CVSS 8.8

View

CVE-2015-4591 EXPLOITDB MEDIUM text

Eclinicalworks Population Health - XSS

eClinicalWorks Population Health (CCMR) suffers from a cross site scripting vulnerability in login.jsp which allows remote unauthenticated users to inject arbitrary javascript via the strMessage parameter.

by Jerold Hoong

CVSS 6.1

View

EIP-2026-104319 EXPLOITDB text

Manage Engine Network Configuration Manager Build 11000 - Cross-Site Request Forgery

by Kaustubh G. Padwad

View

EIP-2026-103624 EXPLOITDB text VERIFIED

pdfium - opj_t2_read_packet_header 'libopenjpeg' Heap Use-After-Free

by Google Security Research

View

CVE-2015-4593 EXPLOITDB HIGH text

Eclinicalworks Population Health - CSRF

eClinicalWorks Population Health (CCMR) suffers from a cross-site request forgery (CSRF) vulnerability in portalUserService.jsp which allows remote attackers to hijack the authentication of content administrators for requests that could lead to the creation, modification and deletion of users, appointments and employees.

by Jerold Hoong

CVSS 8.8

View

EIP-2026-116581 EXPLOITDB text

WPS Office < 2016 - '.xls' Heap Memory Corruption

by Francis Provencher

View

EIP-2026-116580 EXPLOITDB text

WPS Office < 2016 - '.ppt' Heap Memory Corruption

by Francis Provencher

View

EIP-2026-116579 EXPLOITDB text

WPS Office < 2016 - '.ppt' drawingContainer Memory Corruption

by Francis Provencher

View

EIP-2026-116578 EXPLOITDB text

WPS Office < 2016 - '.doc' OneTableDocumentStream Memory Corruption

by Francis Provencher

View

EIP-2026-114953 EXPLOITDB text

Autonics DAQMaster 1.7.3 - DQP Parsing Buffer Overflow Code Execution (PoC)

by LiquidWorm

View

EIP-2026-107959 EXPLOITDB text

iScripts EasyCreate 3.0 - Multiple Vulnerabilities

by Bikramaditya Guha

View

EIP-2026-104323 EXPLOITDB text

ManageEngine EventLog Analyzer 4.0 < 10 - Privilege Escalation

by GraphX

View

EIP-2026-102375 EXPLOITDB text

Hippo CMS 10.1 - Multiple Vulnerabilities

by LiquidWorm

View

EIP-2026-114044 EXPLOITDB text VERIFIED

WordPress Plugin Simple Add Pages or Posts 1.6 - Cross-Site Request Forgery

by ALIREZA_PROMIS

View

EIP-2026-111541 EXPLOITDB text

ProjectSend r582 - Multiple Vulnerabilities

by Filippo Cavallarin

View