Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-4718 EXPLOITDB text VERIFIED
Lunar CMS < 3.3 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Lunar CMS before 3.3-3 allow remote attackers to hijack the authentication of administrators for requests that (1) add Super users via a request to admin/user_create.php or conduct cross-site scripting (XSS) attacks via the (2) email or (3) subject parameter in contact_form.ext.php to admin/extensions.php.
by LiquidWorm
CVE-2014-3119 EXPLOITDB HIGH text
web2project < 3.1 - Authenticated SQL Injection via Search String or Update Key Parameter
Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search_string parameter in the contacts module to index.php or allow remote attackers to execute arbitrary SQL commands via the updatekey parameter to (2) do_updatecontact.php or (3) updatecontact.php.
by High-Tech Bridge SA
CVSS 8.8
CVE-2014-4154 EXPLOITDB text
ZTE ZXV10 W300 Firmware W300V1.0.0a_ZRD_LK - Unprotected Credential Exposure via tc2wanfun.js
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA password via a direct request for basic/tc2wanfun.js.
by Osanda Malith Jayathissa
CVE-2014-4019 EXPLOITDB HIGH text
ZTE ZXV10 W300 W300V1.0.0a_ZRD_LK - Unauthenticated Sensitive Information Exposure
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direct request for rom-0.
by Osanda Malith Jayathissa
CVSS 7.5
CVE-2014-4018 EXPLOITDB text
ZTE ZXV10 W300 Firmware W300V1.0.0a_ZRD_LK - Default Password for Admin Account
The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.
by Osanda Malith Jayathissa
CVE-2014-4644 EXPLOITDB text VERIFIED
Cacti superlinks plugin 1.4-2 - SQL Injection via id Parameter
SQL injection vulnerability in superlinks.php in the superlinks plugin 1.4-2 for Cacti allows remote attackers to execute arbitrary SQL commands via the id parameter.
by Napsterakos
CVE-2014-4155 EXPLOITDB text
ZTE ZXV10 W300 Firmware W300V1.0.0a_ZRD_LK - Cross-Site Request Forgery via Admin Password Change
Cross-site request forgery (CSRF) vulnerability in the ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK allows remote attackers to hijack the authentication of administrators for requests that change the admin password via a request to Forms/tools_admin_1.
by Osanda Malith Jayathissa
CVE-2014-3778 EXPLOITDB text
ARRIS SBG901 - Cross-Site Request Forgery in goform/RgDdns
Multiple cross-site request forgery (CSRF) vulnerabilities in goform/RgDdns in ARRIS (formerly Motorola) SBG901 SURFboard Wireless Cable Modem allow remote attackers to hijack the authentication of administrators for requests that (1) change the dns service via the DdnsService parameter, (2) change the username via the DdnsUserName parameter, (3) change the password via the DdnsPassword parameter, or (4) change the host name via the DdnsHostName parameter.
by Blessen Thomas
CVE-2013-5758 EXPLOITDB text
Yealink SIP-T38G - Authenticated OS Command Injection via cgiServer.exx System Method
cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files.
by Mr.Un1k0d3r
CVE-2013-5758 EXPLOITDB text
Yealink SIP-T38G - Authenticated OS Command Injection via cgiServer.exx System Method
cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running unauthorized services, changing directory permissions, and modifying files.
by Mr.Un1k0d3r
CVE-2013-5756 EXPLOITDB text
Yealink SIP-T38G - Authenticated Path Traversal via Page Parameter
Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx.
by Mr.Un1k0d3r
EIP-2026-115919 EXPLOITDB text VERIFIED
netKar PRO 1.1 - '.nkuser' File Creation Null Pointer Denial of Service
by A reliable source
CVE-2010-0733 EXPLOITDB text VERIFIED
PostgreSQL < 8.4.1 - Authenticated Denial of Service via Hashtable Size Calculation Overflow
Integer overflow in src/backend/executor/nodeHash.c in PostgreSQL 8.4.1 and earlier, and 8.5 through 8.5alpha2, allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with many LEFT JOIN clauses, related to certain hashtable size calculations.
by Bernt Marius Johnsen
CVE-2013-5757 EXPLOITDB text
Yealink SIP-T38G - Authenticated Path Traversal via dumpConfigFile Function
Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parameter to cgi-bin/cgiServer.exx.
by Mr.Un1k0d3r
CVE-2013-5755 EXPLOITDB text
Yealink SIP-T38G - Hardcoded Passwords for User, Admin, and Var Accounts
config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) for the var account, which makes it easier for remote attackers to obtain access via unspecified vectors.
by Mr.Un1k0d3r
CVE-2014-3427 EXPLOITDB text VERIFIED
Yealink VoIP Phones <28.72.0.2 - CRLF Injection
CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model parameter to servlet.
by Jesus Oquendo
CVE-2014-3977 EXPLOITDB text VERIFIED
IBM AIX 6.1/7.1 & VIOS 2.2.x - Local Privilege Escalation
libodm.a in IBM AIX 6.1 and 7.1, and VIOS 2.2.x, allows local users to overwrite arbitrary files via a symlink attack on a temporary file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-2179.
by Portcullis
CVE-2014-4166 EXPLOITDB text VERIFIED
SHOUTcast DNAS 2.2.1 - Cross-Site Scripting via MP3 Title Field
Cross-site scripting (XSS) vulnerability in the song history in SHOUTcast DNAS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the mp3 title field.
by rob222
CVE-2014-4034 EXPLOITDB text VERIFIED
ZeroCMS 1.0 - SQL Injection via article_id Parameter
SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
by LiquidWorm
CVE-2014-4030 EXPLOITDB text VERIFIED
JW Player for Flash & HTML5 Video Plugin < 2.1.4 - Cross-Site Request Forgery via Player Deletion
Cross-site request forgery (CSRF) vulnerability in the JW Player plugin before 2.1.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that remove players via a delete action to wp-admin/admin.php.
by Tom Adams
CVE-2014-4163 EXPLOITDB text VERIFIED
WordPress Featured Comments 1.2.1 - CSRF
Multiple cross-site request forgery (CSRF) vulnerabilities in the Featured Comments plugin 1.2.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that change the (1) buried or (2) featured status of a comment via a request to wp-admin/admin-ajax.php.
by Tom Adams
CVE-2014-4307 EXPLOITDB text
WebTitan < 4.01 - SQL Injection via categories-x.php sortkey Parameter
SQL injection vulnerability in categories-x.php in WebTitan before 4.04 allows remote attackers to execute arbitrary SQL commands via the sortkey parameter.
by SEC Consult
CVE-2014-4033 EXPLOITDB text
eFront 3.6.14.4 - Cross-Site Scripting via Surname Parameter
Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname parameter to student.php.
by shyamkumar somana
CVE-2014-2575 EXPLOITDB text
Devexpress Aspxfilemanager Control For Webforms And Mvc < 13.1.9 - Path Traversal
Directory traversal vulnerability in the File Manager component in DevExpress ASPxFileManager Control for ASP.NET WebForms and MVC before 13.1.10 and 13.2.x before 13.2.9 allows remote authenticated users to read or write arbitrary files via a .. (dot dot) in the __EVENTARGUMENT parameter.
by RedTeam Pentesting
EIP-2026-114333 EXPLOITDB text VERIFIED
WordPress Theme Infocus - '/infocus/lib/scripts/dl-skin.php' Local File Disclosure
by Felipe Andrian Peixoto