Text Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101330 EXPLOITDB text
IPUX CL5452/CL5132 IP Camera - 'UltraSVCamX.ocx' ActiveX Stack Buffer Overflow
by LiquidWorm
CVE-2014-9034 EXPLOITDB text
WordPress Long Password DoS
wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016.
by Javer Nieto & Andres Rojas
CVE-2014-9016 EXPLOITDB text
Drupal <7.34, phpass <6.2.1 - DoS
The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.
by Javer Nieto & Andres Rojas
CVE-2014-9113 EXPLOITDB text
CCH Wolters Kluwer ProSystem fx Engagement <7.1 - Privilege Escalation
CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktopService, (3) PFXSYNPFTService, and (4) P2EWinService service files in PFX Engagement\, which allows local users to obtain LocalSystem privileges via a Trojan horse file.
by Information Paradox
EIP-2026-114423 EXPLOITDB text
xEpan 1.0.4 - Multiple Vulnerabilities
by Parikesit _ Kurawa
CVE-2014-8429 EXPLOITDB text
Xavoc Xepan Cms < 1.0.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts via a crafted request to the owner/users page.
by High-Tech Bridge SA
CVE-2014-9119 EXPLOITDB text VERIFIED
DB Backup plugin <4.5 - Path Traversal
Directory traversal vulnerability in download.php in the DB Backup plugin 4.5 and earlier for Wordpress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
by Ashiyane Digital Security Team
CVE-2014-8507 EXPLOITDB text
Google Android < 4.4.4 - SQL Injection
Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via the (1) wapAppId or (2) contentType field of a PDU for a malformed WAPPush message, aka Bug 17969135.
by Baidu X-Team
CVE-2014-10011 EXPLOITDB text
Trendnet Tv-ip422w - Memory Corruption
Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password, (5) SetCGIAPNAME, (6) AccountCode, or (7) RemoteHost function.
by LiquidWorm
CVE-2014-9173 EXPLOITDB text
Google Doc Embedder <2.5.15 - SQL Injection
SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter.
by Kacper Szurek
EIP-2026-106234 EXPLOITDB text
Crea8Social 1.3 - Persistent Cross-Site Scripting
by Halil Dalabasmaz
CVE-2014-9175 EXPLOITDB text
wpDataTables <1.5.3 - SQL Injection
SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a get_wdtable action to wp-admin/admin-ajax.php.
by Claudio Viviani
CVE-2014-8799 EXPLOITDB text
DukaPress <2.5.4 - Path Traversal
Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.
by Kacper Szurek
CVE-2014-9260 EXPLOITDB HIGH text
WordPress <2.7.3 - Authenticated RCE
The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option.
by Kacper Szurek
CVSS 8.8
CVE-2014-9348 EXPLOITDB text
RobotStats 1.0 - SQL Injection
SQL injection vulnerability in the formulaireRobot function in admin/robots.lib.php in RobotStats 1.0 allows remote attackers to execute arbitrary SQL commands via the robot parameter to admin/robots.php.
by ZoRLu Bugrahan
EIP-2026-104666 EXPLOITDB text
PHP 5.5.12 - Locale::parseLocale Memory Corruption
by John Leitch
CVE-2014-8768 EXPLOITDB text
tcpdump <4.7 - DoS
Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.
by Steffen Bauch
EIP-2026-103526 EXPLOITDB text
JourneyMap 5.0.0RC2 Ultimate Edition - Resource Consumption (Denial of Service)
by CovertCodes
CVE-2014-9350 EXPLOITDB text
TP-Link TL-WR740N <3.17.0 - DoS
TP-Link TL-WR740N 4 with firmware 3.17.0 Build 140520, 3.16.6 Build 130529, and 3.16.4 Build 130205 allows remote attackers to cause a denial of service (httpd crash) via vectors involving a "new" value in the isNew parameter to PingIframeRpm.htm.
by LiquidWorm
CVE-2014-8387 EXPLOITDB text VERIFIED
Advantech Eki-6340 Firmware - OS Command Injection
cgi/utility.cgi in Advantech EKI-6340 2.05 Wi-Fi Mesh Access Point allows remote authenticated users to execute arbitrary commands via shell metacharacters in the pinghost parameter to ping.cgi.
by Core Security
CVE-2014-9349 EXPLOITDB text
RobotStats 1.0 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in admin/robots.lib.php in RobotStats 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) nom or (2) user_agent parameter to admin/robots.php.
by ZoRLu Bugrahan
EIP-2026-117796 EXPLOITDB text
Privacyware Privatefirewall 7.0 - Unquoted Service Path Privilege Escalation
by LiquidWorm
CVE-2014-8877 EXPLOITDB text
CreativeMinds CM Downloads Manager <2.0.4 - RCE
The alterSearchQuery function in lib/controllers/CmdownloadController.php in the CreativeMinds CM Downloads Manager plugin before 2.0.4 for WordPress allows remote attackers to execute arbitrary PHP code via the CMDsearch parameter to cmdownloads/, which is processed by the PHP create_function function.
by Phi Ngoc Le
EIP-2026-101882 EXPLOITDB text
Netgear WNR500 Wireless Router - 'webproc?getpage' Traversal Arbitrary File Access
by LiquidWorm
CVE-2014-9178 EXPLOITDB text VERIFIED
Smarty Pants Plugins SP Project & Document Manager <2.4.1 - SQL Inj...
Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) vendor_email[] parameter in the email_vendor function or id parameter in the (2) download_project, (3) download_archive, or (4) remove_cat function.
by ITAS Team
By Source
All 31,337 Writeup 59,980 Exploitdb 49,996 Nomisec 21,611 Metasploit 3,219 Github 2,556 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,936 ruby 5,908 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 53 postscript 25 xml 24