Text Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-8801 EXPLOITDB text VERIFIED
Paid Memberships Pro <1.7.15 - Path Traversal
Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUERY_STRING in a getfile action to wp-admin/admin-ajax.php.
by Kacper Szurek
CVE-2014-9237 EXPLOITDB text
Pricertif E-Commerce 3.0 - SQL Injection
SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request.
by BGA Security
CVE-2014-1806 EXPLOITDB text
Microsoft .NET Framework <4.5.2 - RCE
The .NET Remoting implementation in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5, 3.5.1, 4, 4.5, and 4.5.1 does not properly restrict memory access, which allows remote attackers to execute arbitrary code via vectors involving malformed objects, aka "TypeFilterLevel Vulnerability."
by James Forshaw
CVE-2014-9236 EXPLOITDB text
Zoph <0.9.1 - XSS
Cross-site scripting (XSS) vulnerability in php/edit_photos.php in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) photographer_id or (2) _crumb parameter.
by Manuel García Cárdenas
CVE-2014-9243 EXPLOITDB text
WebsiteBaker 2.8.3 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to wb/admin/admintools/tool.php or (2) section_id parameter to edit_module_files.php, (3) news/add_post.php, (4) news/modify_group.php, (5) news/modify_post.php, or (6) news/modify_settings.php in wb/modules/.
by Manuel García Cárdenas
CVE-2014-8469 EXPLOITDB text
Moxi9 Phpfox < 3.7.6 - XSS
Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox before 4 Beta allows remote attackers to inject arbitrary web script or HTML via the User-Agent header.
by spyk2r
EIP-2026-109715 EXPLOITDB text VERIFIED
MyBB Forums 1.8.2 - Persistent Cross-Site Scripting
by Avinash Thapa
CVE-2014-8995 EXPLOITDB text
Maarch LetterBox 2.8 - SQL Injection
SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie.
by ZoRLu Bugrahan
CVE-2014-8493 EXPLOITDB text
ZTE Zxhn H108l Firmware - Access Control
ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.
by Project Zero Labs
CVE-2014-8493 EXPLOITDB text
ZTE Zxhn H108l Firmware - Access Control
ZTE ZXHN H108L with firmware 4.0.0d_ZRQ_GR4 allows remote attackers to modify the CWMP configuration via a crafted request to Forms/access_cwmp_1.
by Project Zero Labs
CVE-2014-100013 EXPLOITDB text
Clientresponse - XSS
Multiple cross-site scripting (XSS) vulnerabilities in clientResponse 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Subject or (2) Message field.
by Halil Dalabasmaz
CVE-2014-8682 EXPLOITDB text
Gogs 0.3.1-9-0.5.x - SQL Injection
Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go.
by Timo Schmid
CVE-2014-8681 EXPLOITDB text
Gogs <0.5.6.1025 - SQL Injection
SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues.
by Timo Schmid
CVE-2014-9115 EXPLOITDB text
Piwigo <2.5.5, <2.6.x before 2.6.4, <2.7.x before 2.7.2 - SQL Injec...
SQL injection vulnerability in the rate_picture function in include/functions_rate.inc.php in Piwigo before 2.5.5, 2.6.x before 2.6.4, and 2.7.x before 2.7.2 allows remote attackers to execute arbitrary SQL commands via the rate parameter to picture.php, related to an improper data type in a comparison of a non-numeric value that begins with a digit.
by Manuel García Cárdenas
CVE-2014-9241 EXPLOITDB text
MyBB 1.8.x <1.8.2 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to report.php, (2) signature parameter in a do_editsig action to usercp.php, or (3) title parameter in the style-templates module in an edit_template action or (4) file parameter in the config-languages module in an edit action to admin/index.php.
by smash
CVE-2014-8997 EXPLOITDB text VERIFIED
DigitalVidhya Digi Online Examination System 2.0 - RCE
Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in assets/uploads/images/.
by Halil Dalabasmaz
CVE-2014-9237 EXPLOITDB text
Pricertif E-Commerce 3.0 - SQL Injection
SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request.
by Onur Alanbel (BGA)
CVE-2014-8727 EXPLOITDB text
F5 BIG-IP <10.2.2 - Path Traversal
Multiple directory traversal vulnerabilities in F5 BIG-IP before 10.2.2 allow local users with the "Resource Administrator" or "Administrator" role to enumerate and delete arbitrary files via a .. (dot dot) in the name parameter to (1) tmui/Control/jspmap/tmui/system/archive/properties.jsp or (2) tmui/Control/form.
by Anastasios Monachos
EIP-2026-115099 EXPLOITDB text
CorelDRAW X7 CDR File - 'CdrTxt.dll' Off-by-One Stack Corruption
by LiquidWorm
CVE-2014-9179 EXPLOITDB text
WordPress SupportEzzy Ticket System 1.2.5 - XSS
Cross-site scripting (XSS) vulnerability in the SupportEzzy Ticket System plugin 1.2.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the "URL (optional)" field in a new ticket.
by Halil Dalabasmaz
CVE-2014-9312 EXPLOITDB HIGH text
Photo Gallery 1.2.5 - Info Disclosure
Unrestricted File Upload vulnerability in Photo Gallery 1.2.5.
by Kacper Szurek
CVSS 8.8
CVE-2014-8728 EXPLOITDB text
Subex ROC Fraud Mgmt <7.4 - SQL Injection
SQL injection vulnerability in the login page (login/login) in Subex ROC Fraud Management (aka Fraud Management System and FMS) 7.4 and earlier allows remote attackers to execute arbitrary SQL commands via the ranger_user[name] parameter.
by Anastasios Monachos
CVE-2014-8498 EXPLOITDB text
Zohocorp Manageengine Password Manager Pro < 7.1 - SQL Injection
SQL injection vulnerability in BulkEditSearchResult.cc in ManageEngine Password Manager Pro (PMP) and Password Manager Pro Managed Service Providers (MSP) edition before 7.1 build 7105 allows remote authenticated users to execute arbitrary SQL commands via the SEARCH_ALL parameter.
by Pedro Ribeiro
CVE-2014-9004 EXPLOITDB text VERIFIED
vldPersonals <2.7.1 - XSS
Cross-site scripting (XSS) vulnerability in vldPersonals before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a member_profile action to index.php.
by Mr T
CVE-2014-10013 EXPLOITDB text
Strategy11 Awp Classifieds - SQL Injection
SQL injection vulnerability in the Another WordPress Classifieds Plugin plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the keywordphrase parameter in a dosearch action.
by dill
By Source
All 31,337 Writeup 59,980 Exploitdb 49,996 Nomisec 21,618 Metasploit 3,219 Github 2,556 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,936 ruby 5,908 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 53 postscript 25 xml 24