Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-108104 EXPLOITDB text VERIFIED
Job Site 1.0 - Multiple Vulnerabilities
by AtT4CKxT3rR0r1ST
CVE-2014-1836 EXPLOITDB text VERIFIED
ImpressCMS < 1.3.6 - Path Traversal and Arbitrary File Deletion via Image Path Parameter
Absolute path traversal vulnerability in htdocs/libraries/image-editor/image-edit.php in ImpressCMS before 1.3.6 allows remote attackers to delete arbitrary files via a full pathname in the image_path parameter in a cancel action.
by Pedro Ribeiro
EIP-2026-106940 EXPLOITDB text
Eventy Online Scheduler 1.8 - Multiple Vulnerabilities
by AtT4CKxT3rR0r1ST
EIP-2026-105588 EXPLOITDB text
Booking Calendar - Multiple Vulnerabilities
by AtT4CKxT3rR0r1ST
EIP-2026-101811 EXPLOITDB text
Inteno DG301 - Command Injection
by Juan J. Guelfo
CVE-2013-7055 EXPLOITDB CRITICAL text
D-Link DIR-100 4.03B07 - Insufficiently Protected Credentials
D-Link DIR-100 4.03B07 has PPTP and poe information disclosure
by Felix Richter
CVSS 9.8
EIP-2026-101373 EXPLOITDB text VERIFIED
Netgear D6300B - '/diag.cgi?IPAddr4' Remote Command Execution
by Marcel Mangold
EIP-2026-105854 EXPLOITDB text VERIFIED
CiMe Citas Médicas - Multiple Vulnerabilities
by vinicius777
CVE-2013-7179 EXPLOITDB text VERIFIED
Seowon Intech SWC-9100 - OS Command Injection via ping_ipaddr Parameter
The ping functionality in cgi-bin/diagnostic.cgi on Seowon Intech SWC-9100 routers allows remote attackers to execute arbitrary commands via shell metacharacters in the ping_ipaddr parameter.
by Josue Rojas
CVE-2013-7183 EXPLOITDB text VERIFIED
Seowon Intech SWC-9100 - Unauthenticated Denial of Service via reboot.cgi
cgi-bin/reboot.cgi on Seowon Intech SWC-9100 routers allows remote attackers to (1) cause a denial of service (reboot) via a default_reboot action or (2) reset all configuration values via a factory_default action.
by Josue Rojas
CVE-2014-1610 EXPLOITDB text VERIFIED
MediaWiki <1.22.2/<1.21.5/<1.19.11 - RCE
MediaWiki 1.22.x before 1.22.2, 1.21.x before 1.21.5, and 1.19.x before 1.19.11, when DjVu or PDF file upload support is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php, which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.
by @u0x
CVE-2014-125125 EXPLOITDB HIGH text
A10 Networks AX Loadbalancer <2.7.0 - Path Traversal
A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the handling of the filename parameter in the /xml/downloads endpoint, which fails to properly sanitize user input. An unauthenticated attacker can exploit this flaw by sending crafted HTTP requests containing directory traversal sequences to read arbitrary files outside the intended directory. The files returned by the vulnerable endpoint are deleted from the system after retrieval. This can lead to unauthorized disclosure of sensitive information such as SSL certificates and private keys, as well as unintended file deletion.
by xistence
EIP-2026-110559 EXPLOITDB text
pfSense 2.1 build 20130911-1816 - Directory Traversal
by @u0x
CVE-2014-100002 EXPLOITDB text
ManageEngine SupportCenter Plus < 7.9 - Path Traversal via WorkOrder.do Attach Parameter
Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to WorkOrder.do in the file attachment for a new ticket.
by xistence
EIP-2026-109163 EXPLOITDB text VERIFIED
LinPHA 1.3.4 - Multiple Vulnerabilities
by killall-9
EIP-2026-102294 EXPLOITDB text
SimplyShare 1.4 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2014-1631 EXPLOITDB HIGH text VERIFIED
Eventum < 2.3.5 - Unauthenticated Application Reinstallation via Direct Setup Request
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.
by High-Tech Bridge
CVSS 7.5
EIP-2026-119341 EXPLOITDB text
Ability Mail Server 2013 -Persistent Cross-Site Scripting / Cross-Site Request Forgery (Password Reset)
by David Um
CVE-2014-1631 EXPLOITDB HIGH text VERIFIED
Eventum < 2.3.5 - Unauthenticated Application Reinstallation via Direct Setup Request
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.
by High-Tech Bridge
CVSS 7.5
CVE-2013-6674 EXPLOITDB text
SeaMonkey < 2.20 - Cross-Site Scripting via Data URL in IFRAME
Cross-site scripting (XSS) vulnerability in Mozilla Thunderbird 17.x through 17.0.8, Thunderbird ESR 17.x through 17.0.10, and SeaMonkey before 2.20 allows user-assisted remote attackers to inject arbitrary web script or HTML via an e-mail message containing a data: URL in an IFRAME element, a related issue to CVE-2014-2018.
by Vulnerability-Lab
CVE-2013-5582 EXPLOITDB HIGH text
Ammyy Admin < 3.2 - Improper Authentication via Fixed Memory Location
Ammyy Admin 3.2 and earlier stores the client ID at a fixed memory location, which might make it easier for user-assisted remote attackers to bypass authentication by running a local program that extracts a field from the AA_v3.2.exe file.
by Bhadresh Patel
CVSS 7.8
EIP-2026-114606 EXPLOITDB text VERIFIED
ZenPhoto - SQL Injection
by KedAns-Dz
EIP-2026-114480 EXPLOITDB text VERIFIED
XOS Shop - 'goto' SQL Injection
by JoKeR_StEx
EIP-2026-114211 EXPLOITDB text VERIFIED
WordPress Plugin WP E-Commerce - Multiple Vulnerabilities
by KedAns-Dz
CVE-2014-1683 EXPLOITDB text VERIFIED
SkyBlueCanvas CMS <1.1 r248-04 - RCE
The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) name, (2) email, (3) subject, or (4) message parameter to index.php.
by Scott Parish