Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-3865 EXPLOITDB text VERIFIED
dpkg-dev 1.3.0 - Path Traversal via Crafted Index Pseudo-Header
Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) a +++ header line with a blank pathname.
by Raphael Geissert
CVE-2014-3934 EXPLOITDB text VERIFIED
PHP-Nuke 8.3 - SQL Injection via Submit_News Module topics[] Parameter
SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php.
by ali ahmady
CVE-2014-3840 EXPLOITDB text VERIFIED
Mayan EDMS 0.13 - Authenticated Stored Cross-Site Scripting via Tag, Title, Name, or Smart Link Fields
Multiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a (1) tag or the (2) title of a source in a Staging folder, (3) Name field in a bootstrap setup, or Title field in a (4) smart link or (5) web form.
by Dolev Farhi
EIP-2026-100926 EXPLOITDB text VERIFIED
Web Terra 1.1 - 'books.cgi' Remote Command Execution
by felipe andrian
CVE-2014-3210 EXPLOITDB text VERIFIED
Booking System < 1.3 - Authenticated SQL Injection via booking_form_id Parameter
SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin before 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the booking_form_id parameter to wp-admin/admin-ajax.php.
by maodun
EIP-2026-101567 EXPLOITDB text
Binatone DT 850W Wireless Router - Multiple Cross-Site Request Forgery Vulnerabilities
by Samandeep Singh
EIP-2026-105942 EXPLOITDB text VERIFIED
Clipperz Password Manager - '/backend/PHP/src/setup/rpc.php' Remote Code Execution
by Manish Tanwar
CVE-2014-3935 EXPLOITDB text VERIFIED
XOOPS 1.0 - Glossaire module - SQL Injection
SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter.
by AtT4CKxT3rR0r1ST
EIP-2026-113927 EXPLOITDB text VERIFIED
WordPress Plugin NextGEN Gallery 1.9.1 - 'photocrati_ajax' Arbitrary File Upload
by SANTHO
EIP-2026-113447 EXPLOITDB text VERIFIED
Wiser Backup - Information Disclosure
by AtT4CKxT3rR0r1ST
EIP-2026-112331 EXPLOITDB text VERIFIED
Softmatica SMART iPBX - Multiple SQL Injections
by AtT4CKxT3rR0r1ST
CVE-2014-4701 EXPLOITDB text VERIFIED
Nagios Plugins <2.0.2 - Info Disclosure
The check_dhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702.
by Dawid Golunski
CVE-2014-2987 EXPLOITDB text
EGroupware < 1.6.001 and < 1.8006 - Cross-Site Request Forgery via Admin User Creation or Settings Modification
Multiple cross-site request forgery (CSRF) vulnerabilities in EGroupware Enterprise Line (EPL) before 1.1.20140505, EGroupware Community Edition before 1.8.007.20140506, and EGroupware before 14.1 beta allow remote attackers to hijack the authentication of administrators for requests that (1) create an administrator user via an admin.uiaccounts.add_user action to index.php or (2) modify settings via the newsettings parameter in an admin.uiconfig.index action to index.php. NOTE: vector 2 can be used to execute arbitrary PHP code by leveraging CVE-2014-2988.
by High-Tech Bridge SA
CVE-2014-3749 EXPLOITDB text VERIFIED
Construtiva CIS Manager - SQL Injection via Email Parameter
SQL injection vulnerability in Construtiva CIS Manager allows remote attackers to execute arbitrary SQL commands via the email parameter to autenticar/lembrarlogin.asp.
by Edge
EIP-2026-111987 EXPLOITDB text VERIFIED
Seo Panel - 'file' Directory Traversal
by Eric Sesterhenn
CVE-2014-2046 EXPLOITDB text VERIFIED
Broadcom Ltd PIPA C211 rev2 - Info Disclosure
cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information via a certain request to the config.getValuesHashExcludePaths method or (2) modify the firmware via unspecified vectors.
by Portcullis
CVE-2014-2084 EXPLOITDB text
Skybox View Appliances - Info Disclosure
Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain sensitive information via a request to (1) scripts/commands/getSystemInformation or (2) scripts/commands/getNetworkConfigurationInfo, cause a denial of service (reboot) via a request to scripts/commands/reboot, or cause a denial of service (shutdown) via a request to scripts/commands/shutdown.
by Luigi Vezzoso
CVE-2014-3740 EXPLOITDB text VERIFIED
Spiceworks < 7.2.00190 - Authenticated Cross-Site Scripting via Ticket Summary Field
Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the portal page.
by Dolev Farhi
CVE-2014-5383 EXPLOITDB text
AlienVault OSSIM < 4.7.0 - Authenticated SQL Injection
SQL injection vulnerability in AlienVault OSSIM before 4.7.0 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
by Chris Hebert
CVE-2014-2084 EXPLOITDB text
Skybox View Appliances - Info Disclosure
Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain sensitive information via a request to (1) scripts/commands/getSystemInformation or (2) scripts/commands/getNetworkConfigurationInfo, cause a denial of service (reboot) via a request to scripts/commands/reboot, or cause a denial of service (shutdown) via a request to scripts/commands/shutdown.
by Luigi Vezzoso
CVE-2014-3806 EXPLOITDB text
VMTurbo Operations Manager < 4.6 - Unauthenticated Directory Traversal via xml_path Parameter
Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the xml_path parameter.
by Jamal Pecou
CVE-2014-3246 EXPLOITDB text VERIFIED
Collabtive 1.2 - Authenticated SQL Injection via Folder Parameter
SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileview_list action to manageajax.php.
by Deepak Rathore
CVE-2014-3247 EXPLOITDB text VERIFIED
Collabtive 1.2 - Authenticated Cross-Site Scripting via Admin Project Description Parameter
Cross-site scripting (XSS) vulnerability in Collabtive 1.2 allows remote authenticated users to inject arbitrary web script or HTML via the desc parameter in an Add project (addpro) action to admin.php.
by Deepak Rathore
CVE-2014-3225 EXPLOITDB text
Cobbler 2.4.x-2.6.x - Authenticated Path Traversal via Kickstart Field
Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.
by Dolev Farhi
EIP-2026-106001 EXPLOITDB text VERIFIED
CMS Touch - 'pages.php?Page_ID' SQL Injection
by indoushka