Text Exploits

EIP-2026-105009 EXPLOITDB text VERIFIED

AFCommerce - 'controlheader.php' Remote File Inclusion

by NoGe

View

EIP-2026-105008 EXPLOITDB text VERIFIED

AFCommerce - 'adminpassword.php' Remote File Inclusion

by NoGe

View

EIP-2026-105007 EXPLOITDB text VERIFIED

AFCommerce - 'adblock.php' Remote File Inclusion

by NoGe

View

CVE-2014-8359 EXPLOITDB text

Huawei Mobile Partner Firmware - Access Control

Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll in the Mobile Partner directory.

by LiquidWorm

View

EIP-2026-114412 EXPLOITDB text VERIFIED

xBoard 5.0/5.5/6.0 - 'view.php' Local File Inclusion

by TUNISIAN CYBER

View

EIP-2026-110725 EXPLOITDB text

PHP MBB CMS 004 - Multiple Vulnerabilities

by cr4wl3r

View

EIP-2026-102296 EXPLOITDB text

Song Exporter 2.1.1 RS iOS - Local File Inclusion

by Vulnerability-Lab

View

CVE-2013-6987 EXPLOITDB text

Synology Diskstation Manager - Path Traversal

Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/.

by Andrea Fabrizi

View

EIP-2026-114344 EXPLOITDB text VERIFIED

WordPress Theme Persuasion 2.x - Arbitrary File Download / File Deletion

by Interference Security

View

CVE-2013-6976 EXPLOITDB text

Cisco Epc3925 - CSRF

Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496.

by Jeroen - IT Nerdbox

View

CVE-2013-7420 EXPLOITDB text VERIFIED

Hancom Office 2010 SE - Buffer Overflow

Buffer overflow in Hancom Office 2010 SE allows remote attackers to execute arbitrary via a long string in the Text attribute in a TEXTART XML element in an HML file.

by diroverflow

View

CVE-2013-6890 EXPLOITDB text VERIFIED

Debian Linux - Authentication Bypass

denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names.

by Helmut Grohne

View

CVE-2013-5676 EXPLOITDB text

Sonarsource Jenkins Plugin - Cryptographic Issue

The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information (cleartext passwords) by reading the value in the sonar.sonarPassword parameter from jenkins/configure.

by Christian Catalano

View

CVE-2013-2627 EXPLOITDB text VERIFIED

Leed Light Feed <1.5 - SQL Injection

SQL injection vulnerability in action.php in Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action.

by Alexandre Herzog

View

CVE-2013-5573 EXPLOITDB text

Jenkins 1.523 - XSS

Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.

by Christian Catalano

View

CVE-2013-6883 EXPLOITDB text

Cru-inc Ditto Forensic Fieldstation Firmware < 2013oct15a - CSRF

Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to hijack the authentication of administrators for requests that modify the disk erase technique settings via unspecified vectors.

by Martin Wundram

View

CVE-2013-6882 EXPLOITDB text

Cru-inc Ditto Forensic Fieldstation Firmware < 2013oct15a - XSS

Multiple cross-site scripting (XSS) vulnerabilities in CRU Ditto Forensic FieldStation with firmware 2013Oct15a and earlier allow (1) remote attackers to inject arbitrary web script or HTML via the username parameter in a login or (2) remote authenticated users to inject arbitrary web script or HTML via unspecified form fields.

by Martin Wundram

View

CVE-2013-6881 EXPLOITDB text

Cru-inc Ditto Forensic Fieldstation Firmware - OS Command Injection

CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) sector size or (2) skip count fields for the forensic imaging task.

by Martin Wundram

View

CVE-2013-6767 EXPLOITDB text

Quickheal Antivirus Pro - Memory Corruption

Stack-based buffer overflow in pepoly.dll in Quick Heal AntiVirus Pro 7.0.0.1 allows local users to execute arbitrary code or cause a denial of service (process crash) via a long *.text value in a PE file.

by Arash Allebrahim

View

CVE-2013-5058 EXPLOITDB text VERIFIED

Microsoft Windows - Privilege Escalation

Integer overflow in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows local users to gain privileges via a crafted application, aka "Win32k Integer Overflow Vulnerability."

by Core Security

View

CVE-2013-7233 EXPLOITDB text VERIFIED

WordPress <2.0.11 - CSRF

Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of administrators for requests that move comments to the moderation list.

by MustLive

View

CVE-2013-6839 EXPLOITDB text

Instantsoft Instantcms < 1.10.3 - SQL Injection

SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/[id].

by High-Tech Bridge SA

View

CVE-2013-6884 EXPLOITDB text

Cru-inc Ditto Forensic Fieldstation Firmware - Credentials Management

The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges.

by Martin Wundram

View

CVE-2013-6420 EXPLOITDB text

Php < 10.9.1 - Memory Corruption

The asn1_time_to_time_t function in ext/openssl/openssl.c in PHP before 5.3.28, 5.4.x before 5.4.23, and 5.5.x before 5.5.7 does not properly parse (1) notBefore and (2) notAfter timestamps in X.509 certificates, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted certificate that is not properly handled by the openssl_x509_parse function.

by Stefan Esser

View

EIP-2026-102234 EXPLOITDB text

FileMaster SY-IT 3.1 iOS - Multiple Web Vulnerabilities

by Vulnerability-Lab

View