Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-5201 EXPLOITDB text
Gallery Objects 0.4 - SQL Injection via viewid Parameter
SQL injection vulnerability in the Gallery Objects plugin 0.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the viewid parameter in a go_view_object action to wp-admin/admin-ajax.php.
by Claudio Viviani
EIP-2026-100753 EXPLOITDB text VERIFIED
Barracuda Networks Message Archiver 650 - Persistent Cross-Site Scripting
by Vulnerability-Lab
CVE-2014-5100 EXPLOITDB text VERIFIED
Omeka < 2.2.1 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user account via a request to admin/users/add, (2) insert cross-site scripting (XSS) sequences via the api_key_label parameter to admin/users/api-keys/1, or (3) disable file validation via a request to admin/settings/edit-security.
by LiquidWorm
CVE-2014-5104 EXPLOITDB text VERIFIED
ol-commerce 2.1.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php.
by AtT4CKxT3rR0r1ST
CVE-2014-5104 EXPLOITDB text VERIFIED
ol-commerce 2.1.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php.
by AtT4CKxT3rR0r1ST
CVE-2014-5104 EXPLOITDB text VERIFIED
ol-commerce 2.1.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php.
by AtT4CKxT3rR0r1ST
CVE-2014-5104 EXPLOITDB text VERIFIED
ol-commerce 2.1.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) affiliate_banner_id parameter to affiliate_show_banner.php, (3) country parameter in a process action to create_account.php, or (4) entry_country_id parameter in an edit action to admin/create_account.php.
by AtT4CKxT3rR0r1ST
CVE-2014-5111 EXPLOITDB text VERIFIED
Fonality trixbox - Path Traversal via Lang Parameter
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.
by AtT4CKxT3rR0r1ST
CVE-2014-5112 EXPLOITDB text VERIFIED
Fonality trixbox - Remote Code Execution via lang Parameter
maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter.
by AtT4CKxT3rR0r1ST
CVE-2014-5111 EXPLOITDB text VERIFIED
Fonality trixbox - Path Traversal via Lang Parameter
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.
by AtT4CKxT3rR0r1ST
CVE-2014-5109 EXPLOITDB text VERIFIED
Fonality trixbox - SQL Injection via mac Parameter in endpoint_generic.php
SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action.
by AtT4CKxT3rR0r1ST
CVE-2014-5111 EXPLOITDB text VERIFIED
Fonality trixbox - Path Traversal via Lang Parameter
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.
by AtT4CKxT3rR0r1ST
CVE-2014-5111 EXPLOITDB text VERIFIED
Fonality trixbox - Path Traversal via Lang Parameter
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/asterisk_info.php, (3) repo/repo.php, or (4) endpointcfg/endpointcfg.php in maint/modules/.
by AtT4CKxT3rR0r1ST
CVE-2014-9919 EXPLOITDB MEDIUM text VERIFIED
Bilboplanet 2.0 - Stored Cross-Site Scripting via Fullname Parameter
An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the fullname parameter to signup.php.
by Vivek N
CVSS 6.1
CVE-2014-9918 EXPLOITDB MEDIUM text VERIFIED
Bilboplanet 2.0 - Stored Cross-Site Scripting via signup.php user_id Parameter
An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the user_id parameter to signup.php.
by Vivek N
CVSS 6.1
CVE-2014-9917 EXPLOITDB MEDIUM text VERIFIED
Bilboplanet 2.0 - Stored Cross-Site Scripting via Tags Parameter
An issue was discovered in Bilboplanet 2.0. There is a stored XSS vulnerability when adding a tag via the user/?page=tribes tags parameter.
by Vivek N
CVSS 6.1
CVE-2014-9916 EXPLOITDB MEDIUM text VERIFIED
Bilboplanet 2.0 - Cross-Site Scripting via Tribe Name or Tags Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) tribe_name or (2) tags parameter in a tribes page request to user/ or the (3) user_id or (4) fullname parameter to signup.php.
by Vivek N
CVSS 6.1
CVE-2014-4960 EXPLOITDB text VERIFIED
Joomla! com_youtubegallery <4.1.7 - SQL Injection
Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) listid or (2) themeid parameter to index.php.
by Pham Van Khanh
CVE-2014-9301 EXPLOITDB text VERIFIED
Alfresco Community Edition <5.0.a - SSRF
Server-side request forgery (SSRF) vulnerability in the proxy servlet in Alfresco Community Edition before 5.0.a allows remote attackers to trigger outbound requests to intranet servers, conduct port scans, and read arbitrary files via a crafted URI in the endpoint parameter.
by V. Paulikas
CVE-2014-9302 EXPLOITDB text VERIFIED
Alfresco Community Edition < 5.0.a - Server-Side Request Forgery via CMIS Browser Servlet URL Parameter
Server-side request forgery (SSRF) vulnerability in the cmisbrowser servlet in Content Management Interoperability Service (CMIS) in Alfresco Community Edition 5.0.a and earlier allows remote attackers to trigger outbound requests via a crafted URI in the url parameter.
by V. Paulikas
CVE-2014-5350 EXPLOITDB text
Bitdefender GravityZone < 5.1.5.386 - Path Traversal via Web Console or Update Server
Multiple directory traversal vulnerabilities in Bitdefender GravityZone before 5.1.11.432 allow remote attackers to read arbitrary files via a (1) .. (dot dot) in the id parameter to webservice/CORE/downloadFullKitEpc/a/1 in the Web Console or (2) %2E%2E (encoded dot dot) in the default URI to port 7074 on the Update Server.
by SEC Consult
CVE-2014-4965 EXPLOITDB text
Shopizer < 1.1.5 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Shopizer 1.1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) customername parameter to central/orders/searchcriteria.action; (2) productname, (3) availability, or (4) status parameter to central/catalog/productlist.action; or unspecified vectors in (5) WebContent/orders/orderlist.jsp.
by SEC Consult
CVE-2014-9094 EXPLOITDB text VERIFIED
Digital Zoom Studio Video Gallery - Cross-Site Scripting via swfloc or designrand Parameter
Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) swfloc or (2) designrand parameter.
by MustLive
CVE-2014-5455 EXPLOITDB MEDIUM text
ptservice <3.0 - Privilege Escalation
Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a crafted program.exe file in the %SYSTEMDRIVE% folder.
by LiquidWorm
CVSS 5.3
EIP-2026-105006 EXPLOITDB text
Aerohive HiveOS 5.1r5 < 6.1r5 - Multiple Vulnerabilities
by DearBytes