Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-8800 EXPLOITDB text
Nextend Facebook Connect <1.5.1 - XSS
Cross-site scripting (XSS) vulnerability in nextend-facebook-settings.php in the Nextend Facebook Connect plugin before 1.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the fb_login_button parameter in a newfb_update_options action.
by Kacper Szurek
CVE-2014-6235 EXPLOITDB text
ke_dompdf < 0.0.3 - Remote Code Execution
Unspecified vulnerability in the ke DomPDF extension before 0.0.5 for TYPO3 allows remote attackers to execute arbitrary code via unknown vectors.
by RedTeam Pentesting
EIP-2026-112401 EXPLOITDB text
SQL Buddy 1.3.3 - Remote Code Execution
by Fady Mohammed Osman
EIP-2026-101930 EXPLOITDB text
Prolink PRN2001 - Multiple Vulnerabilities
by Herman Groeneveld
CVE-2014-9303 EXPLOITDB text
EntryPass N5200 Active Network Control Panel - Unauthenticated Exposure of Sensitive Information via URL Character Range
EntryPass N5200 Active Network Control Panel allows remote attackers to read device memory and obtain the administrator username and password via a URL starting with an ASCII character o through z or A through D, different vectors than CVE-2014-8868.
by RedTeam Pentesting
EIP-2026-101332 EXPLOITDB text
IPUX Cube Type CS303C IP Camera - 'UltraMJCamX.ocx' ActiveX Stack Buffer Overflow
by LiquidWorm
EIP-2026-101331 EXPLOITDB text
IPUX CS7522/CS2330/CS2030 IP Camera - 'UltraHVCamX.ocx' ActiveX Stack Buffer Overflow
by LiquidWorm
EIP-2026-101330 EXPLOITDB text
IPUX CL5452/CL5132 IP Camera - 'UltraSVCamX.ocx' ActiveX Stack Buffer Overflow
by LiquidWorm
CVE-2014-9034 EXPLOITDB text
WordPress Long Password DoS
wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long password that is improperly handled during hashing, a similar issue to CVE-2014-9016.
by Javer Nieto & Andres Rojas
CVE-2014-9016 EXPLOITDB text
Drupal 7.x < 7.34 and Secure Password Hashes 6.x-2.x < 6.x-2.1 - Denial of Service via Password Hashing API
The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and memory consumption) via a crafted request.
by Javer Nieto & Andres Rojas
CVE-2014-9113 EXPLOITDB text
CCH Wolters Kluwer ProSystem fx Engagement <7.1 - Privilege Escalation
CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktopService, (3) PFXSYNPFTService, and (4) P2EWinService service files in PFX Engagement\, which allows local users to obtain LocalSystem privileges via a Trojan horse file.
by Information Paradox
EIP-2026-114423 EXPLOITDB text
xEpan 1.0.4 - Multiple Vulnerabilities
by Parikesit _ Kurawa
CVE-2014-8429 EXPLOITDB text
xEpan CMS <= 1.0.4.1 - Cross-Site Request Forgery via Administrative Account Creation
Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests that create new administrative accounts via a crafted request to the owner/users page.
by High-Tech Bridge SA
CVE-2014-9119 EXPLOITDB text VERIFIED
DB Backup plugin <4.5 - Path Traversal
Directory traversal vulnerability in download.php in the DB Backup plugin 4.5 and earlier for Wordpress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
by Ashiyane Digital Security Team
CVE-2014-8507 EXPLOITDB text
Android < 4.4.4 - SQL Injection via WAPPushManager PDU Fields
Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow remote attackers to execute arbitrary SQL commands, and consequently launch an activity or service, via the (1) wapAppId or (2) contentType field of a PDU for a malformed WAPPush message, aka Bug 17969135.
by Baidu X-Team
CVE-2014-10011 EXPLOITDB text
TRENDnet TV-IP422W and TV-IP422WN - Stack-Based Buffer Overflow in UltraCam ActiveX Control
Stack-based buffer overflow in UltraCamLib in the UltraCam ActiveX Control (UltraCamX.ocx) for the TRENDnet SecurView camera TV-IP422WN allows remote attackers to execute arbitrary code via a long string to the (1) CGI_ParamSet, (2) OpenFileDlg, (3) SnapFileName, (4) Password, (5) SetCGIAPNAME, (6) AccountCode, or (7) RemoteHost function.
by LiquidWorm
CVE-2014-9173 EXPLOITDB text
Google Doc Embedder <2.5.15 - SQL Injection
SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter.
by Kacper Szurek
EIP-2026-106234 EXPLOITDB text
Crea8Social 1.3 - Persistent Cross-Site Scripting
by Halil Dalabasmaz
CVE-2014-9175 EXPLOITDB text
wpDataTables <1.5.3 - SQL Injection
SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a get_wdtable action to wp-admin/admin-ajax.php.
by Claudio Viviani
CVE-2014-8799 EXPLOITDB text
dukapress < 2.5.3 - Path Traversal via src Parameter in dp_image.php
Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter to lib/dp_image.php.
by Kacper Szurek
CVE-2014-9260 EXPLOITDB HIGH text
WordPress <2.7.3 - Authenticated RCE
The basic_settings function in the download manager plugin for WordPress before 2.7.3 allows remote authenticated users to update every WordPress option.
by Kacper Szurek
CVSS 8.8
CVE-2014-9348 EXPLOITDB text
RobotStats 1.0 - SQL Injection via Robot Parameter
SQL injection vulnerability in the formulaireRobot function in admin/robots.lib.php in RobotStats 1.0 allows remote attackers to execute arbitrary SQL commands via the robot parameter to admin/robots.php.
by ZoRLu Bugrahan
EIP-2026-104666 EXPLOITDB text
PHP 5.5.12 - Locale::parseLocale Memory Corruption
by John Leitch
CVE-2014-8768 EXPLOITDB text
tcpdump <4.7 - DoS
Multiple Integer underflows in the geonet_print function in tcpdump 4.5.0 through 4.6.2, when in verbose mode, allow remote attackers to cause a denial of service (segmentation fault and crash) via a crafted length value in a Geonet frame.
by Steffen Bauch
EIP-2026-103526 EXPLOITDB text
JourneyMap 5.0.0RC2 Ultimate Edition - Resource Consumption (Denial of Service)
by CovertCodes