Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-113140 EXPLOITDB text VERIFIED
VoipSwitch - 'user.php' Local File Inclusion
by 0x4148
CVE-2014-125116 EXPLOITDB CRITICAL text VERIFIED
HybridAuth 2.0.9-2.2.2 - Unauthenticated Remote Code Execution via install.php Config Injection
A remote code execution vulnerability exists in HybridAuth versions 2.0.9 through 2.2.2 due to insecure use of the install.php installation script. The script remains accessible after deployment and fails to sanitize input before writing to the application’s config.php file. An unauthenticated attacker can inject arbitrary PHP code into config.php, which is later executed when the file is loaded. This allows attackers to achieve remote code execution on the server. Exploitation of this issue will overwrite the existing configuration, rendering the application non-functional.
by @u0x
CVE-2014-5275 EXPLOITDB text
Pro Chat Rooms Text Chat Rooms 8.2.0 - Authenticated SQL Injection via Password, Email, or ID Parameter
Multiple SQL injection vulnerabilities in includes/functions.php in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to execute arbitrary SQL commands via the (1) password, (2) email, or (3) id parameter.
by Mike Manzotti
EIP-2026-114278 EXPLOITDB text VERIFIED
WordPress Plugin wpSS - 'ss_handler.php' SQL Injection
by Ashiyane Digital Security Team
CVE-2014-5276 EXPLOITDB text
Pro Chat Rooms Text Chat Rooms 8.2.0 - Authenticated Cross-Site Scripting via Profile Picture Upload or Edit Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via (1) an uploaded profile picture or (2) the edit parameter to profiles/index.php.
by Mike Manzotti
EIP-2026-107070 EXPLOITDB text
Feng Office - Persistent Cross-Site Scripting
by Juan Sacco
EIP-2026-102305 EXPLOITDB text
Video WiFi Transfer 1.01 - Directory Traversal
by Vulnerability-Lab
EIP-2026-102239 EXPLOITDB text
FreeDisk 1.01 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2014-2595 EXPLOITDB CRITICAL text VERIFIED
Barracuda WAF 7.8.1.013 - Auth Bypass
Barracuda Web Application Firewall (WAF) 7.8.1.013 allows remote attackers to bypass authentication by leveraging a permanent authentication token obtained from a query string.
by Nick Hayes
CVSS 9.8
EIP-2026-111666 EXPLOITDB text VERIFIED
RaidenTunes - 'music_out.php' Cross-Site Scripting
by LiquidWorm
EIP-2026-102073 EXPLOITDB text
TP-Link TL-WR740N v4 Router (FW-Ver. 3.16.6 Build 130529 Rel.47286n) - Command Execution
by Christoph Kuhl
CVE-2014-5091 EXPLOITDB CRITICAL text
status2k 2.5 - Remote Code Execution via Multies Parameter
A vulnerability exits in Status2K 2.5 Server Monitoring Software via the multies parameter to includes/functions.php, which could let a malicious user execute arbitrary PHP code.
by Shayan S
CVSS 9.8
CVE-2014-5081 EXPLOITDB CRITICAL text
sphider < 1.3.6, sphider-pro < 3.2, sphider-plus < 3.2 - Authentication Bypass
sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass
by Shayan S
CVSS 9.8
CVE-2014-5094 EXPLOITDB text
status2k - Unauthenticated Sensitive Information Exposure via phpinfo Action
Status2k allows remote attackers to obtain configuration information via a phpinfo action in a request to status/index.php, which calls the phpinfo function.
by Shayan S
CVE-2014-5087 EXPLOITDB CRITICAL text
Sphider < 1.3.6 - Remote Code Execution via admin/spiderfuncs.php
A vulnerability exists in Sphider Search Engine prior to 1.3.6 due to exec calls in admin/spiderfuncs.php, which could let a remote malicious user execute arbitrary code.
by Shayan S
CVSS 9.8
CVE-2014-4170 EXPLOITDB CRITICAL text
ArticleFR 11.06.2014 - Privilege Escalation
A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain access or modify or delete database information.
by High-Tech Bridge SA
CVSS 9.8
EIP-2026-103286 EXPLOITDB text
ISPConfig 3.0.54p1 - (Authenticated) Admin Privilege Escalation
by mra
EIP-2026-102300 EXPLOITDB text
TigerCom iFolder+ 1.2 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-102278 EXPLOITDB text
Photo WiFi Transfer 1.01 - Directory Traversal
by Vulnerability-Lab
EIP-2026-101615 EXPLOITDB text
D-Link AP 3200 - Multiple Vulnerabilities
by pws
CVE-2014-3136 EXPLOITDB HIGH text
D-Link DWR-113 Firmware < 2.03b02 - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in D-Link DWR-113 (Rev. Ax) with firmware before 2.03b02 allows remote attackers to hijack the authentication of administrators for requests that change the admin password via unspecified vectors.
by Blessen Thomas
CVSS 8.8
EIP-2026-102312 EXPLOITDB text
WiFi HD 7.3.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2014-5193 EXPLOITDB text VERIFIED
Sphider 1.3.6 - Cross-Site Scripting via Category Parameter
Cross-site scripting (XSS) vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the category parameter. NOTE: the url parameter vector is already covered by CVE-2014-5082.
by Mike Manzotti
CVE-2014-5192 EXPLOITDB text VERIFIED
Sphider 1.3.6 - SQL Injection via Admin Filter Parameter
SQL injection vulnerability in admin/admin.php in Sphider 1.3.6 allows remote attackers to execute arbitrary SQL commands via the filter parameter.
by Mike Manzotti
CVE-2014-5082 EXPLOITDB text VERIFIED
sphider < 1.3.6 - SQL Injection via site_id or url Parameter
Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (2) url parameter.
by Mike Manzotti