Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109226 EXPLOITDB text VERIFIED
LuxCal 3.2.2 - Cross-Site Request Forgery / Blind SQL Injection
by TUNISIAN CYBER
EIP-2026-107443 EXPLOITDB text VERIFIED
GNUPanel 0.3.5_R4 - Multiple Vulnerabilities
by Necmettin COSKUN
CVE-2014-0983 EXPLOITDB text VERIFIED
Oracle VirtualBox < 4.3.8 Local Guest-to-Host RCE via 3D Acceleration
Multiple array index errors in programs that are automatically generated by VBox/HostServices/SharedOpenGL/crserverlib/server_dispatch.py in Oracle VirtualBox 4.2.x through 4.2.20 and 4.3.x before 4.3.8, when using 3D Acceleration, allow local guest OS users to execute arbitrary code on the Chromium server via certain CR_MESSAGE_OPCODES messages with a crafted index, which are not properly handled by the (1) CR_VERTEXATTRIB4NUBARB_OPCODE to the crServerDispatchVertexAttrib4NubARB function, (2) CR_VERTEXATTRIB1DARB_OPCODE to the crServerDispatchVertexAttrib1dARB function, (3) CR_VERTEXATTRIB1FARB_OPCODE to the crServerDispatchVertexAttrib1fARB function, (4) CR_VERTEXATTRIB1SARB_OPCODE to the crServerDispatchVertexAttrib1sARB function, (5) CR_VERTEXATTRIB2DARB_OPCODE to the crServerDispatchVertexAttrib2dARB function, (6) CR_VERTEXATTRIB2FARB_OPCODE to the crServerDispatchVertexAttrib2fARB function, (7) CR_VERTEXATTRIB2SARB_OPCODE to the crServerDispatchVertexAttrib2sARB function, (8) CR_VERTEXATTRIB3DARB_OPCODE to the crServerDispatchVertexAttrib3dARB function, (9) CR_VERTEXATTRIB3FARB_OPCODE to the crServerDispatchVertexAttrib3fARB function, (10) CR_VERTEXATTRIB3SARB_OPCODE to the crServerDispatchVertexAttrib3sARB function, (11) CR_VERTEXATTRIB4DARB_OPCODE to the crServerDispatchVertexAttrib4dARB function, (12) CR_VERTEXATTRIB4FARB_OPCODE to the crServerDispatchVertexAttrib4fARB function, and (13) CR_VERTEXATTRIB4SARB_OPCODE to the crServerDispatchVertexAttrib4sARB function.
by Core Security
EIP-2026-102143 EXPLOITDB text
ZYXEL P-660HN-T1A Router - Authentication Bypass
by Michael Grifalconi
CVE-2014-2043 EXPLOITDB text VERIFIED
Procentia IntelliPen <1.1.18.1658 - SQL Injection
SQL injection vulnerability in Resources/System/Templates/Data.aspx in Procentia IntelliPen before 1.1.18.1658 allows remote authenticated users to execute arbitrary SQL commands via the value parameter.
by Portcullis
EIP-2026-117301 EXPLOITDB text
iCAM Workstation Control 4.8.0.0 - Authentication Bypass
by StealthHydra
CVE-2014-2534 EXPLOITDB text VERIFIED
BlackBerry QNX Neutrino RTOS <6.5.x - Info Disclosure
/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading "bad parameter" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow.
by cenobyte
EIP-2026-109398 EXPLOITDB text VERIFIED
MeiuPic 2.1.2 - 'ctl' Local File Inclusion
by Dr.3v1l
CVE-2014-2044 EXPLOITDB text VERIFIED
ownCloud < 5.0 - Authenticated Remote Code Execution via Alternate Data Stream Filename Bypass
Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbitrary names, and execute arbitrary code via an Alternate Data Stream (ADS) syntax in the filename parameter, as demonstrated using .htaccess::$DATA to upload a PHP program.
by Portcullis
EIP-2026-102964 EXPLOITDB text VERIFIED
QNX - '.Phgrafx' File Enumeration
by cenobyte
CVE-2013-6835 EXPLOITDB text VERIFIED
iPhone OS < 7.1 - Unauthenticated Information Disclosure via FaceTime Audio URL
TelephonyUI Framework in Apple iOS 7 before 7.1, when Safari is used, does not require user confirmation for FaceTime audio calls, which allows remote attackers to obtain telephone number or e-mail address information via a facetime-audio: URL.
by Guillaume Ross
EIP-2026-101780 EXPLOITDB text
Huawei E5331 MiFi Mobile Hotspot 21.344.11.00.414 - Multiple Vulnerabilities
by SEC Consult
EIP-2026-100387 EXPLOITDB text VERIFIED
Kentico CMS 7.0.75 - User Information Disclosure
by Charlie Campbell & Lyndon Mendoza
EIP-2026-105946 EXPLOITDB text VERIFIED
ClipSharePro 4.1 - Local File Inclusion
by Saadi Siddiqui
EIP-2026-111518 EXPLOITDB text VERIFIED
Professional Designer E-Store - 'id' Multiple SQL Injections
by Nawaf Alkeraithe
EIP-2026-105053 EXPLOITDB text VERIFIED
Ajax File Manager - Directory Traversal
by Eduardo Alves
CVE-2014-2317 EXPLOITDB text
OpenDocMan <1.2.7.2 - SQL Injection
SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained from third party information.
by High-Tech Bridge SA
CVE-2014-1944 EXPLOITDB text
ilch_cms < 2.0 - Cross-Site Scripting via Guestbook Text Parameter
Cross-site scripting (XSS) vulnerability in Ilch CMS 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the text parameter to index.php/guestbook/index/newentry.
by High-Tech Bridge SA
EIP-2026-106171 EXPLOITDB text VERIFIED
Cory Jobs Search - 'cid' SQL Injection
by Slotleet
EIP-2026-114005 EXPLOITDB text VERIFIED
WordPress Plugin Relevanssi - 'category_name' SQL Injection
by anonymous
CVE-2014-10034 EXPLOITDB text VERIFIED
couponphp < 1.1.0 - Authenticated SQL Injection via iDisplayLength or iDisplayStart Parameter
Multiple SQL injection vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to execute arbitrary SQL commands via the (1) iDisplayLength or (2) iDisplayStart parameter to (a) comments_paginate.php or (b) stores_paginate.php in admin/ajax/.
by LiquidWorm
CVE-2013-6233 EXPLOITDB text
SpagoBI < 4.0 - Authenticated Cross-Site Scripting via Short Document Metadata Description Field
Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via the Description field in the "Short document metadata."
by Christian Catalano
CVE-2013-6232 EXPLOITDB text
SpagoBI < 4.0 - Authenticated Cross-Site Scripting via Document Note
Cross-site scripting (XSS) vulnerability in SpagoBI before 4.1 allows remote authenticated users to inject arbitrary web script or HTML via a document note in the execution page.
by Christian Catalano
CVE-2013-6234 EXPLOITDB HIGH text
SpagoBI < 4.1 - Authenticated Arbitrary File Upload via Worksheet Designer
Unrestricted file upload vulnerability in the Worksheet designer in SpagoBI before 4.1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, aka "XSS File Upload."
by Christian Catalano
CVSS 8.0
CVE-2014-10035 EXPLOITDB text VERIFIED
couponphp < 1.1.0 - Authenticated Cross-Site Scripting via Admin Area Parameters
Multiple cross-site scripting (XSS) vulnerabilities in the admin area in couponPHP before 1.2.0 allow remote administrators to inject arbitrary web script or HTML via the (1) sEcho parameter to comments_paginate.php or (2) stores_paginate.php or the (3) affiliate_url, (4) description, (5) domain, (6) seo[description], (7) seo[heading], (8) seo[title], (9) seo[keywords], (10) setting[logo], (11) setting[perpage], or (12) setting[sitename] to admin/index.php.
by LiquidWorm