Text Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-7177 EXPLOITDB text VERIFIED
Enalean Tuleap <7.2 - Info Disclosure
XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/.
by Portcullis
CVE-2014-8656 EXPLOITDB text
Compal Broadband Networks CH6640E/CG6640E Wireless Gateway 1.0 - In...
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the root account, which makes it easier for remote attackers to obtain access to certain sensitive information via unspecified vectors.
by LiquidWorm
CVE-2014-8655 EXPLOITDB text
Compal Broadband Networks CH6640E-CH6640-3.5.11.7-NOSH - Auth Bypass
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to bypass authentication and obtain sensitive information via an (a) admin or a (b) root value in the userData cookie in a request to (1) CmgwWirelessSecurity.xml, (2) DocsisConfigFile.xml, or (3) CmgwBasicSetup.xml in xml/ or (4) basicDDNS.html, (5) basicLanUsers.html, or (6) rootDesc.xml.
by LiquidWorm
CVE-2014-8654 EXPLOITDB text
Compal Broadband Networks CH6640E/CG6640E Wireless Gateway 1.0 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway hardware 1.0 with firmware CH6640-3.5.11.7-NOSH allow remote attackers to hijack the authentication of administrators for requests that (1) have unspecified impact on DDNS configuration via a request to basicDDNS.html, (2) change the wifi password via the psKey parameter to setWirelessSecurity.html, (3) add a static MAC address via the MacAddress parameter in an add_static action to setBasicDHCP1.html, or (4) enable or disable UPnP via the UPnP parameter in an apply action to setAdvancedOptions.html.
by LiquidWorm
CVE-2014-8653 EXPLOITDB text
Compal Broadband Networks (CBN) CH6640E/CG6640E Wireless Gateway 1....
Cross-site scripting (XSS) vulnerability in Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to inject arbitrary web script or HTML via the userData cookie.
by LiquidWorm
CVE-2014-8347 EXPLOITDB HIGH text
Claris Filemaker Pro - Authentication Bypass
An Authentication Bypass vulnerability exists in the MatchPasswordData function in DBEngine.dll in Filemaker Pro 13.03 and Filemaker Pro Advanced 12.04, which could let a malicious user obtain elevated privileges.
by Giuseppe D'Amore
CVSS 7.8
CVE-2014-8586 EXPLOITDB text
CP Multi View Event Calendar - SQL Injection
SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter.
by Claudio Viviani
CVE-2014-6277 EXPLOITDB text VERIFIED
GNU Bash <4.3 - RCE
GNU Bash through 4.3 bash43-026 does not properly parse function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code or cause a denial of service (uninitialized memory access, and untrusted-pointer read and write operations) via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-6271 and CVE-2014-7169.
by Michal Zalewski
CVE-2014-9000 EXPLOITDB text
Mule Enterprise Management Console - Privilege Escalation
Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was originally reported for ESB Runtime 3.5.1, but it originates in MMC.
by Brandon Perry
EIP-2026-102308 EXPLOITDB text
WebDisk+ 2.1 iOS - Code Execution
by Vulnerability-Lab
EIP-2026-102237 EXPLOITDB text
Folder Plus 2.5.1 iOS - Persistent Cross-Site Scripting
by Vulnerability-Lab
CVE-2014-8657 EXPLOITDB text
Compal Broadband Networks - DoS
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH allows remote attackers to cause a denial of service (disconnect all wifi clients) via a request to wirelessChannelStatus.html.
by LiquidWorm
CVE-2014-8770 EXPLOITDB text
MAGMI <0.7.17a - RCE
Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a PHP file, then accessing the PHP file via a direct request to it in magmi/plugins/.
by Parvinder Bhasin
CVE-2013-3304 EXPLOITDB text
Dell EqualLogic PS4000 <6.0 - Path Traversal
Directory traversal vulnerability in Dell EqualLogic PS4000 with firmware 6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.
by XLabs Security
EIP-2026-107074 EXPLOITDB text
Feng Office 1.7.4 - Cross-Site Scripting
by AutoSec Tools
CVE-2013-7057 EXPLOITDB text
Axway Securetransport < 5.1 - CSRF
Cross-site request forgery (CSRF) vulnerability in Axway SecureTransport 5.1 SP2 and earlier allows remote attackers to hijack the authentication of unspecified users for requests that upload arbitrary files via a crafted request to api/v1.0/files/.
by Emmanuel Law
EIP-2026-101666 EXPLOITDB text
Dell SonicWALL Gms 7.2.x - Code Injection
by Vulnerability-Lab
CVE-2014-5507 EXPLOITDB text
PRO Softnet Corporation Ibackup < 10.0.0.32 - Access Control
iBackup 10.0.0.32 and earlier uses weak permissions (Everyone: Full Control) for ib_service.exe, which allows local users to gain privileges via a Trojan horse file.
by Glafkos Charalambous
EIP-2026-102246 EXPLOITDB text
iFunBox Free 1.1 iOS - Local File Inclusion
by Vulnerability-Lab
EIP-2026-102232 EXPLOITDB text
File Manager 4.2.10 iOS - Code Execution
by Vulnerability-Lab
CVE-2014-0995 EXPLOITDB text VERIFIED
SAP Netweaver < 7.01 - Improper Input Validation
The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the Trace Pattern.
by Core Security
EIP-2026-102248 EXPLOITDB text
Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-118000 EXPLOITDB text
Telefonica O2 Connection Manager 8.7 - Service Trusted Path Privilege Escalation
by LiquidWorm
EIP-2026-117999 EXPLOITDB text
Telefonica O2 Connection Manager 3.4 - Local Privilege Escalation
by LiquidWorm
CVE-2014-100003 EXPLOITDB text VERIFIED
Yourmembers - SQL Injection
SQL injection vulnerability in includes/ym-download_functions.include.php in the Code Futures YourMembers plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ym_download_id parameter to the default URI.
by TranDinhTien
By Source
All 31,337 Writeup 60,059 Exploitdb 49,996 Nomisec 21,618 Metasploit 3,219 Github 2,556 Vulncheck_xdb 904 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,936 ruby 5,908 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 90 go 53 postscript 25 xml 24