Text Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars

EIP-2026-111118 EXPLOITDB text

phpList 3.0.6/3.0.10 - SQL Injection

by Vulnerability-Lab

View

CVE-2014-9439 EXPLOITDB text

Easy File Sharing Web Server 6.8 - XSS

Cross-site scripting (XSS) vulnerability in Easy File Sharing Web Server 6.8 allows remote attackers to inject arbitrary web script or HTML via the username field during registration, which is not properly handled by forum.ghp.

by Sick Psycko

View

EIP-2026-104399 EXPLOITDB text

Pimcore CMS 2.3.0/3.0 - SQL Injection

by Vulnerability-Lab

View

CVE-2014-2239 EXPLOITDB text

Lazarus Guestbook 1.22 - Multiple Vulnerabilities

by TaurusOmar

View

CVE-2014-9436 EXPLOITDB text

SysAid On-Premise <14.4.2 - Path Traversal

Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile.

by Bernhard Mueller

View

EIP-2026-116891 EXPLOITDB text

BitRaider Streaming Client 1.3.3.4098 - Local Privilege Escalation

by LiquidWorm

View

CVE-2014-9440 EXPLOITDB text

phpMyRecipes 1.2.2 - SQL Injection

SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the category parameter.

by Manish Tanwar

View

CVE-2014-7208 EXPLOITDB text

GParted <0.15.0 - Command Injection

GParted before 0.15.0 allows local users to execute arbitrary commands with root privileges via shell metacharacters in a crafted filesystem label.

by SEC Consult

View

CVE-2014-9412 EXPLOITDB text

NetIQ Access Manager 4.x - XSS

Multiple cross-site scripting (XSS) vulnerabilities in NetIQ Access Manager (NAM) 4.x before 4.1 allow remote attackers to inject arbitrary web script or HTML via (1) an arbitrary parameter to roma/jsp/debug/debug.jsp or (2) an arbitrary parameter in a debug.DumpAll action to nps/servlet/webacc, a different issue than CVE-2014-5216.

by SEC Consult

View

CVE-2004-1417 EXPLOITDB text

Psychostats < 2.2.4 - XSS

Cross-site scripting (XSS) vulnerability in login.php in PsychoStats 2.2.4 Beta and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter.

by GulfTech Security

View

CVE-2014-9581 EXPLOITDB text

Codiad 2.4.3 - Path Traversal

Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.

by TaurusOmar

View

CVE-2014-9580 EXPLOITDB text

ProjectSend r561 - XSS

Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload. NOTE: this issue was originally incorrectly mapped to CVE-2014-1155; see CVE-2014-1155 for more information.

by TaurusOmar

View

CVE-2011-3713 EXPLOITDB text

cFTP r80 - Info Disclosure

cFTP r80 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by templates/session_check.php and certain other files.

by TaurusOmar

View

CVE-2014-9254 EXPLOITDB text

MiniBB <20141127 - SQL Injection

bb_func_unsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to index.php.

by Kacper Szurek

View

CVE-2014-9445 EXPLOITDB text

Installatron GQ File Manager 0.2.5 - SQL Injection

SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks by creating a file that generates an error. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.

by TaurusOmar

View

CVE-2014-9582 EXPLOITDB text

Codiad 2.4.3 - XSS

Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename action. NOTE: this issue was originally incorrectly mapped to CVE-2014-1137; see CVE-2014-1137 for more information.

by TaurusOmar

View

EIP-2026-101585 EXPLOITDB text

CIK Telecom VoIP Router SVG6000RW - Privilege Escalation / Command Execution

by Chako

View

CVE-2014-9522 EXPLOITDB text

CMS Papoo Light 6.0.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light 6.0.0 (Rev 4701) allow remote attackers to inject arbitrary web script or HTML via the (1) author field to guestbook.php or (2) username field to account.php.

by Steffen Rösemann

View

EIP-2026-119429 EXPLOITDB text

Soitec SmartEnergy 1.4 - SCADA Login SQL Injection / Authentication Bypass

by LiquidWorm

View

EIP-2026-111741 EXPLOITDB text

ResourceSpace 6.4.5976 - Cross-Site Scripting / SQL Injection / Insecure Cookie Handling

by Adler Freiheit

View

CVE-2014-9258 EXPLOITDB text

GLPI <0.85.1 - SQL Injection

SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.

by Kacper Szurek

View

CVE-2014-9218 EXPLOITDB text

phpMyAdmin <4.0.10.7-4.2.13.1 - DoS

libraries/common.inc.php in phpMyAdmin 4.0.x before 4.0.10.7, 4.1.x before 4.1.14.8, and 4.2.x before 4.2.13.1 allows remote attackers to cause a denial of service (resource consumption) via a long password.

by Javer Nieto & Andres Rojas

View

CVE-2015-0107 EXPLOITDB MEDIUM text

IBM Change And Configuration Management Database - Path Traversal

IBM Tivoli IT Asset Management for IT, Tivoli Service Request Manager, and Change and Configuration Management Database 7.1 through 7.1.1.8 and 7.2 and Maximo Asset Management and Maximo Industry Solutions 7.1 through 7.1.1.8, 7.5 before 7.5.0.7 IFIX003, and 7.6 before 7.6.0.0 IFIX002 allow remote authenticated users to conduct directory traversal attacks via unspecified vectors.

by Jakub Palaczynski

CVSS 6.5

View

CVE-2014-5462 EXPLOITDB text VERIFIED

Open-emr Openemr < 4.1.2 - SQL Injection

Multiple SQL injection vulnerabilities in OpenEMR 4.1.2 (Patch 7) and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) layout_id parameter to interface/super/edit_layout.php; (2) form_patient_id, (3) form_drug_name, or (4) form_lot_number parameter to interface/reports/prescriptions_report.php; (5) payment_id parameter to interface/billing/edit_payment.php; (6) id parameter to interface/forms_admin/forms_admin.php; (7) form_pid or (8) form_encounter parameter to interface/billing/sl_eob_search.php; (9) sortby parameter to interface/logview/logview.php; form_facility parameter to (10) procedure_stats.php, (11) pending_followup.php, or (12) pending_orders.php in interface/orders/; (13) patient, (14) encounterid, (15) formid, or (16) issue parameter to interface/patient_file/deleter.php; (17) search_term parameter to interface/patient_file/encounter/coding_popup.php; (18) text parameter to interface/patient_file/encounter/search_code.php; (19) form_addr1, (20) form_addr2, (21) form_attn, (22) form_country, (23) form_freeb_type, (24) form_partner, (25) form_name, (26) form_zip, (27) form_state, (28) form_city, or (29) form_cms_id parameter to interface/practice/ins_search.php; (30) form_pid parameter to interface/patient_file/problem_encounter.php; (31) patient, (32) form_provider, (33) form_apptstatus, or (34) form_facility parameter to interface/reports/appointments_report.php; (35) db_id parameter to interface/patient_file/summary/demographics_save.php; (36) p parameter to interface/fax/fax_dispatch_newpid.php; or (37) patient_id parameter to interface/patient_file/reminder/patient_reminders.php.

by Portcullis

View

CVE-2014-9528 EXPLOITDB text

HumHub <0.10.0-rc.1 - SQL Injection

SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to execute arbitrary SQL commands via the from parameter to index.php. NOTE: this can be leveraged for cross-site scripting (XSS) attacks via a request that causes an error.

by Jos Wetzels_ Emiel Florijn

View

By Source

All 31,337

By Language

text 31,337