Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-110267 EXPLOITDB text
OpenCart 1.5.6.1 - 'openbay' Multiple SQL Injections
by Saadi Siddiqui
CVE-2014-2531 EXPLOITDB text VERIFIED
InterWorx Web Control Panel <5.0.14 - SQL Injection
SQL injection vulnerability in xhr.php in InterWorx Web Control Panel (aka InterWorx Hosting Control Panel and InterWorx-CP) before 5.0.14 build 577 allows remote authenticated users to execute arbitrary SQL commands via the i parameter in a search action to the (1) NodeWorx , (2) SiteWorx, or (3) Resellers interface, as demonstrated by the "or" key in a pgn8state object in an i object in a JSON object.
by Eric Flokstra
CVE-2014-2668 EXPLOITDB text VERIFIED
Apache CouchDB < 1.5.0 - Denial of Service via /_uuids Count Parameter
Apache CouchDB 1.5.0 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via the count parameter to /_uuids.
by Krusty Hack
CVE-2014-1982 EXPLOITDB text
Allied Telesis AT-RG634A, iMG624A, iMG616LH, iMG646BD - Unauthenticated Remote Code Execution via CLI Interface
The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges and execute arbitrary commands via a direct request to cli.html.
by Groundworks Technologies
EIP-2026-100789 EXPLOITDB text VERIFIED
DotItYourself - 'dot-it-yourself.cgi' Remote Command Execution
by Felipe Andrian Peixoto
EIP-2026-100756 EXPLOITDB text VERIFIED
Beheer Systeem - 'pbs.cgi' Remote Command Execution
by Felipe Andrian Peixoto
EIP-2026-111618 EXPLOITDB text
qEngine CMS 6.0.0 - Multiple Vulnerabilities
by LiquidWorm
EIP-2026-111617 EXPLOITDB text VERIFIED
qEngine 4.1.6/6.0.0 - 'task.php' Local File Inclusion
by Gjoko Krstic
EIP-2026-108989 EXPLOITDB text
Kemana Directory 1.5.6 - Remote Code Execution
by LiquidWorm
EIP-2026-108988 EXPLOITDB text
Kemana Directory 1.5.6 - kemana_admin_passwd Cookie User Password Hash Disclosure
by LiquidWorm
EIP-2026-108987 EXPLOITDB text
Kemana Directory 1.5.6 - Database Backup Disclosure
by LiquidWorm
EIP-2026-108986 EXPLOITDB text
Kemana Directory 1.5.6 - 'task.php' Local File Inclusion
by LiquidWorm
EIP-2026-108985 EXPLOITDB text
Kemana Directory 1.5.6 - 'qvc_init()' Cookie Poisoning CAPTCHA Bypass
by LiquidWorm
EIP-2026-107396 EXPLOITDB text VERIFIED
Getsimple CMS 3.3.1 - Persistent Cross-Site Scripting
by Jeroen - IT Nerdbox
EIP-2026-105753 EXPLOITDB text
Cart Engine 3.0.0 - Remote Code Execution
by LiquidWorm
EIP-2026-105752 EXPLOITDB text
Cart Engine 3.0.0 - Database Backup Disclosure
by LiquidWorm
EIP-2026-105751 EXPLOITDB text
Cart Engine 3.0.0 - 'task.php' Local File Inclusion
by LiquidWorm
CVE-2013-7346 EXPLOITDB text VERIFIED
Symphony CMS < 2.3.2 - Cross-Site Request Forgery via SQL Injection in Authors Sort Parameter
Cross-site request forgery (CSRF) vulnerability in Symphony CMS before 2.3.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the sort parameter to system/authors/, related to CVE-2013-2559.
by High-Tech Bridge
CVE-2008-6660 EXPLOITDB text VERIFIED
BigDump 0.29b - Unauthenticated Arbitrary File Upload and Remote Code Execution via Executable Extension Bypass
Unrestricted file upload vulnerability in bigdump.php in Alexey Ozerov BigDump 0.29b allows remote attackers to execute arbitrary code by uploading a file with an executable extension followed by a .sql extension, then accessing this file via a direct request. NOTE: some of these details are obtained from third party information.
by felipe andrian
EIP-2026-109125 EXPLOITDB text VERIFIED
LifeSize UVC 1.2.6 - (Authenticated) Remote Code Execution
by Brandon Perry
EIP-2026-100824 EXPLOITDB text VERIFIED
innoEDIT - 'innoedit.cgi' Remote Command Execution
by Felipe Andrian Peixoto
CVE-2014-2017 EXPLOITDB MEDIUM text
OXID eShop <4.7.11-4.8.4, <5.0.11-5.1.4 - CRLF Injection
CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4, and Community Edition before 4.7.11 and 4.8.x before 4.8.4 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.
by //sToRm
CVSS 6.1
EIP-2026-102317 EXPLOITDB text
Wireless Drive 1.1.0 iOS - Multiple Web Vulnerabilities
by Vulnerability-Lab
EIP-2026-101624 EXPLOITDB text
D-Link DIR-600L AX 1.00 - Cross-Site Request Forgery
by Dhruv Shah
CVE-2014-2587 EXPLOITDB text
McAfee Asset Manager 6.6 - SQL Injection
SQL injection vulnerability in jsp/reports/ReportsAudit.jsp in McAfee Asset Manager 6.6 allows remote authenticated users to execute arbitrary SQL commands via the username of an audit report (aka user parameter).
by Brandon Perry