Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-0372 EXPLOITDB text VERIFIED
Oracle Demantra Demand Management - SQL Injection
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to DM Others.
by Portcullis
CVE-2014-0379 EXPLOITDB text VERIFIED
Oracle Demantra Demand Management - SQL Injection
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0.x, 7.3.1.x, 12.2.0, 12.2.1, and 12.2.2 allows remote attackers to affect integrity via unknown vectors related to DM Others.
by Portcullis
CVE-2013-5795 EXPLOITDB text VERIFIED
Oracle Demantra Demand Management - Info Disclosure
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, 12.2.2, and 12.2.3 allows remote attackers to affect confidentiality via unknown vectors related to DM Others.
by Portcullis
CVE-2013-5877 EXPLOITDB text VERIFIED
Oracle Demantra Demand Management <12.2.1 - Info Disclosure
Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.0, and 12.2.1 allows remote attackers to affect confidentiality via unknown vectors related to DM Others.
by Portcullis
CVE-2014-1908 EXPLOITDB text
VideoWhisper Live Streaming <4.29.5 - Info Disclosure
The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.
by High-Tech Bridge SA
CVE-2013-6043 EXPLOITDB text
Softaculous Webuzo < 2.1.4 - Username Enumeration via Login Error Messages
The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests.
by Mahendra
EIP-2026-113273 EXPLOITDB text VERIFIED
webERP 4.11.3 - 'SalesInquiry.php?SortBy' SQL Injection
by HauntIT
EIP-2026-110799 EXPLOITDB text
PHP-CMDB 0.7.3 - Multiple Vulnerabilities
by HauntIT
EIP-2026-110769 EXPLOITDB text VERIFIED
PHP Ticket System Beta 1 - 'get_all_created_by_user.php?id' SQL Injection
by HauntIT
CVE-2013-6231 EXPLOITDB HIGH text
SpagoBI < 4.1 - Privilege Escalation via AdapterHTTP Script
SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script
by Christian Catalano
CVSS 8.8
CVE-2014-9304 EXPLOITDB text
Plex Media Server < 0.9.9.2 - Server-Side Request Forgery and Authentication Bypass via X-Plex-Url Header
Plex Media Server before 0.9.9.3 allows remote attackers to bypass the web server whitelist, conduct SSRF attacks, and execute arbitrary administrative actions via multiple crafted X-Plex-Url headers to system/proxy, which are inconsistently processed by the request handler in the backend web server.
by SEC Consult
EIP-2026-101847 EXPLOITDB text
MICROSENS Profi Line Switch 10.3.1 - Privilege Escalation
by SEC Consult
CVE-2014-100031 EXPLOITDB text
Ganesha Digital Library 4.2 - SQL Injection via id Parameter
Multiple SQL injection vulnerabilities in Ganesha Digital Library (GDL) 4.2 allow remote attackers to execute arbitrary SQL commands via the id parameter in (1) download.php or (2) main.php.
by ByEge
EIP-2026-102217 EXPLOITDB text
Bluetooth Photo Share Pro 2.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2014-2211 EXPLOITDB text VERIFIED
POSH < 3.2.1 - SQL Injection via RSS URL Parameter
SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter.
by Anthony BAUBE
CVE-2014-4613 EXPLOITDB MEDIUM text
Piwigo < 2.6.2 - Cross-Site Request Forgery via User Addition in Administration Panel
Cross-site request forgery (CSRF) vulnerability in the administration panel in Piwigo before 2.6.2 allows remote attackers to hijack the authentication of administrators for requests that add users via a pwg.users.add action in a request to ws.php.
by killall-9
CVSS 6.5
EIP-2026-117701 EXPLOITDB text VERIFIED
Notepad++ CCompletion Plugin 1.19 - Local Stack Buffer Overflow
by tishion
EIP-2026-116488 EXPLOITDB text VERIFIED
VideoLAN VLC Media Player 2.1.3 - '.avs' Crash (PoC)
by kw4
CVE-2014-100012 EXPLOITDB text VERIFIED
Sendy 1.1.8.4 - SQL Injection via i Parameter
SQL injection vulnerability in /app in Sendy 1.1.8.4 allows remote attackers to execute arbitrary SQL commands via the i parameter.
by Hurley
EIP-2026-102314 EXPLOITDB text
WiFiles HD 1.3 iOS - Local File Inclusion
by Vulnerability-Lab
EIP-2026-102289 EXPLOITDB text
Private Camera Pro 5.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2014-1677 EXPLOITDB HIGH text
Technicolor TC7200 - Info Disclosure
Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.
by Jeroen - IT Nerdbox
CVSS 7.5
CVE-2014-1854 EXPLOITDB text VERIFIED
WordPress AdRotate Pro/FREE <3.9.5/3.9.4 - SQL Injection
SQL injection vulnerability in library/clicktracker.php in the AdRotate Pro plugin 3.9 through 3.9.5 and AdRotate Free plugin 3.9 through 3.9.4 for WordPress allows remote attackers to execute arbitrary SQL commands via the track parameter.
by High-Tech Bridge SA
CVE-2014-2090 EXPLOITDB text
ILIAS 4.4.1 - Authenticated Cross-Site Scripting via tar, tar_val, or title Parameter
Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ILIAS 4.4.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tar, (2) tar_val, or (3) title parameter.
by HauntIT
CVE-2014-2091 EXPLOITDB text VERIFIED
ATutor 2.1.1 - Authenticated Stored Cross-Site Scripting via Forum Title Parameter
Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title parameter in an add_forum action. NOTE: the original disclosure also reported issues that may not cross privilege boundaries.
by HauntIT