Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2015-3440 EXPLOITDB text VERIFIED
WordPress <4.2.1 - XSS
Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.1 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type.
by klikki
EIP-2026-114141 EXPLOITDB text
WordPress Plugin Ultimate Product Catalogue - SQL Injection (2)
by Felipe Molina
EIP-2026-114140 EXPLOITDB text
WordPress Plugin Ultimate Product Catalogue - SQL Injection (1)
by Felipe Molina
EIP-2026-113381 EXPLOITDB text VERIFIED
WebUI 1.5b6 - Remote Code Execution
by TUNISIAN CYBER
CVE-2015-3643 EXPLOITDB HIGH text
usb-creator <0.2.38.3ubuntu0.1 - Privilege Escalation
usb-creator before 0.2.38.3ubuntu0.1 on Ubuntu 12.04 LTS, before 0.2.56.3ubuntu0.1 on Ubuntu 14.04 LTS, before 0.2.62ubuntu0.3 on Ubuntu 14.10, and before 0.2.67ubuntu0.1 on Ubuntu 15.04 allows local users to gain privileges by leveraging a missing call check_polkit for the KVMTest method.
by Tavis Ormandy
CVSS 7.8
CVE-2015-2844 EXPLOITDB text VERIFIED
GoAutoDial GoAdmin CE - Remote Code Execution via cpanel PATH_INFO Parameter
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1420434000 allows remote attackers to execute arbitrary commands via the $action portion of the PATH_INFO.
by Chris McCurley
CVE-2015-2843 EXPLOITDB text VERIFIED
GoAutoDial GoAdmin CE - SQL Injection via User Credentials or PATH_INFO
Multiple SQL injection vulnerabilities in GoAutoDial GoAdmin CE before 3.3-1421902800 allow remote attackers to execute arbitrary SQL commands via the (1) user_name or (2) user_pass parameter in go_login.php or the PATH_INFO to (3) go_login/validate_credentials/admin/ or (4) index.php/go_site/go_get_user_info/.
by Chris McCurley
CVE-2015-2842 EXPLOITDB text VERIFIED
GoAutoDial GoAdmin CE 3.x - Unauthenticated Arbitrary File Upload via Voice Files Upload
Unrestricted file upload vulnerability in go_audiostore.php in the audiostore (Voice Files) upload functionality in GoAutoDial GoAdmin CE 3.x before 3.3-1421902800 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in sounds/.
by Chris McCurley
CVE-2015-3314 EXPLOITDB HIGH text
WordPress Tune Library <1.5.5 - SQL Injection
SQL injection vulnerability in WordPress Tune Library plugin before 1.5.5.
by Hannes Trunde
CVSS 8.1
EIP-2026-113924 EXPLOITDB text
WordPress Plugin NEX-Forms < 3.0 - SQL Injection
by Claudio Viviani
EIP-2026-113898 EXPLOITDB text
WordPress Plugin MiwoFTP 1.0.5 - Arbitrary File Download (2)
by dadou dz
CVE-2015-3313 EXPLOITDB CRITICAL text
WordPress Community Events <1.4 - SQL Injection
SQL injection vulnerability in WordPress Community Events plugin before 1.4.
by Hannes Trunde
CVSS 9.8
CVE-2015-2845 EXPLOITDB text VERIFIED
GoAutoDial GoAdmin CE - OS Command Injection via cpanel PATH_INFO
The cpanel function in go_site.php in GoAutoDial GoAdmin CE before 3.3-1421902800 allows remote attackers to execute arbitrary commands via the $type portion of the PATH_INFO.
by Chris McCurley
EIP-2026-104430 EXPLOITDB text
SevenIT SevDesk 3.10 - Multiple Web Vulnerabilities
by Vulnerability-Lab
EIP-2026-102311 EXPLOITDB text
Wifi Drive Pro 1.2 iOS - Local File Inclusion
by Vulnerability-Lab
EIP-2026-102272 EXPLOITDB text
Photo Manager Pro 4.4.0 iOS - Local File Inclusion
by Vulnerability-Lab
EIP-2026-102271 EXPLOITDB text
Photo Manager Pro 4.4.0 iOS - Code Execution
by Vulnerability-Lab
EIP-2026-102258 EXPLOITDB text
Mobile Drive HD 1.8 - Local File Inclusion
by Vulnerability-Lab
CVE-2014-7951 EXPLOITDB MEDIUM text
Android 4.0.4 - Path Traversal and Arbitrary File Write via ADB Backup Tar Headers
Directory traversal vulnerability in the Android debug bridge (aka adb) in Android 4.0.4 allows physically proximate attackers with a direct connection to the target Android device to write to arbitrary files owned by system via a .. (dot dot) in the tar archive headers.
by Imre Rad
CVSS 4.6
CVE-2014-5370 EXPLOITDB text VERIFIED
BlueDragon < 7.1.1 - Path Traversal via CFChart Servlet QUERY_STRING
Directory traversal vulnerability in the CFChart servlet (com.naryx.tagfusion.cfm.cfchartServlet) in New Atlanta BlueDragon before 7.1.1.18527 allows remote attackers to read or possibly delete arbitrary files via a .. (dot dot) in the QUERY_STRING to cfchart.cfchart.
by Portcullis
CVE-2005-1200 EXPLOITDB text
AZ Bulletin Board 1.0.07a-1.0.07c - Remote File Inclusion via dir_src or abs_layer Parameter
PHP remote file inclusion vulnerability in main_index.php in AZ Bulletin Board (AZbb) 1.0.07a through 1.0.07c allows remote attackers to execute arbitrary PHP code by modifying the (1) dir_src or (2) abs_layer parameter to reference a URL on a remote web server that contains the code.
by GulfTech Security
CVE-2015-2572 EXPLOITDB text
Oracle Hyperion <11.1.2.5.216 - Info Disclosure
Unspecified vulnerability in the Oracle Hyperion Smart View for Office component in Oracle Hyperion 11.1.2.5.216 and earlier, when running on Windows, allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Core.
by sajith
CVE-2015-0493 EXPLOITDB text
Oracle Outside In Technology - Unspecified Vuln
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.4.1, 8.5.0, and 8.5.1 allows local users to affect availability via unknown vectors related to Outside In Filters, a different vulnerability than CVE-2015-0474.
by Francis Provencher
EIP-2026-113551 EXPLOITDB text
WordPress Plugin Ajax Store Locator 1.2 - SQL Injection
by Claudio Viviani
EIP-2026-113897 EXPLOITDB text
WordPress Plugin MiwoFTP 1.0.5 - Arbitrary File Download (1)
by Necmettin COSKUN