Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-109455 EXPLOITDB text VERIFIED
Middle School Homework Page 1.3 Beta 1 - Multiple Vulnerabilities
by AtT4CKxT3rR0r1ST
EIP-2026-108248 EXPLOITDB text VERIFIED
Joomla! Component com_aclsfgpl - 'index.php' Arbitrary File Upload
by TUNISIAN CYBER
EIP-2026-106576 EXPLOITDB text VERIFIED
Dredge School Administration System - '/DSM/loader.php?Id' SQL Injection
by AtT4CKxT3rR0r1ST
EIP-2026-106574 EXPLOITDB text VERIFIED
Dredge School Administration System - '/DSM/loader.php' Account Information Disclosure
by AtT4CKxT3rR0r1ST
EIP-2026-106573 EXPLOITDB text VERIFIED
Dredge School Administration System - '/DSM/Backup/processbackup.php' Database Backup Information Disclosure
by AtT4CKxT3rR0r1ST
CVE-2014-1619 EXPLOITDB text
Cubic CMS 5.1.1-5.2 - SQL Injection via Resource ID, Version ID, Login, or Pass Parameter
Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2, and 5.2 allow remote attackers to execute arbitrary SQL commands via the (1) resource_id or (2) version_id parameter to recursos/agent.php or (3) login or (4) pass parameter to login.usuario.
by Eugenio Delfa
CVE-2014-1636 EXPLOITDB text VERIFIED
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
by AtT4CKxT3rR0r1ST
CVE-2014-1637 EXPLOITDB text VERIFIED
Command School Student Management System <1.06.01 - Info Disclosure
Command School Student Management System 1.06.01 does not properly restrict access to sw/backup/backup_ray2.php, which allows remote attackers to download a database backup via a direct request.
by AtT4CKxT3rR0r1ST
CVE-2014-1636 EXPLOITDB text VERIFIED
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
by AtT4CKxT3rR0r1ST
CVE-2014-1636 EXPLOITDB text VERIFIED
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
by AtT4CKxT3rR0r1ST
CVE-2014-1636 EXPLOITDB text VERIFIED
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
by AtT4CKxT3rR0r1ST
CVE-2014-1636 EXPLOITDB text VERIFIED
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
by AtT4CKxT3rR0r1ST
CVE-2014-1636 EXPLOITDB text VERIFIED
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
by AtT4CKxT3rR0r1ST
CVE-2014-1636 EXPLOITDB text VERIFIED
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
by AtT4CKxT3rR0r1ST
CVE-2014-1636 EXPLOITDB text VERIFIED
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
by AtT4CKxT3rR0r1ST
CVE-2014-1636 EXPLOITDB text VERIFIED
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
by AtT4CKxT3rR0r1ST
CVE-2014-1636 EXPLOITDB text VERIFIED
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
by AtT4CKxT3rR0r1ST
CVE-2014-1636 EXPLOITDB text VERIFIED
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
by AtT4CKxT3rR0r1ST
CVE-2014-1636 EXPLOITDB text VERIFIED
Command School Student Management System 1.06.01 - SQL Injection
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin_school_names.php, (2) admin_subjects.php, (3) admin_grades.php, (4) admin_terms.php, (5) admin_school_years.php, (6) admin_sgrades.php, (7) admin_media_codes_1.php, (8) admin_infraction_codes.php, (9) admin_generations.php, (10) admin_relations.php, (11) admin_titles.php, or (12) health_allergies.php in sw/.
by AtT4CKxT3rR0r1ST
CVE-2013-6924 EXPLOITDB CRITICAL text
Seagate BlackArmor NAS 220 Firmware sg2000-2000.1331 - Remote Command Execution via backupmgt/getAlias.php ip Parameter
Seagate BlackArmor NAS devices with firmware sg2000-2000.1331 allow remote attackers to execute arbitrary commands via shell metacharacters in the ip parameter to backupmgt/getAlias.php.
by Jeroen - IT Nerdbox
CVSS 9.8
CVE-2013-6923 EXPLOITDB text
Seagate BlackArmor NAS 220 Firmware sg2000-2000.1331 - Cross-Site Scripting via fullname or workname Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to inject arbitrary web script or HTML via the (1) fullname parameter to admin/access_control_user_edit.php or (2) workname parameter to admin/network_workgroup_domain.php.
by Jeroen - IT Nerdbox
CVE-2013-6922 EXPLOITDB text
Seagate BlackArmor NAS 220 Firmware sg2000-2000.1331 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in the Seagate BlackArmor NAS 220 devices with firmware sg2000-2000.1331 allow remote attackers to hijack the authentication of administrators for requests that (1) add user accounts via a crafted request to admin/access_control_user_add.php; (2) modify or (3) delete user accounts; (4) perform a factory reset; (5) perform a device reboot; or (6) add, (7) modify, or (8) delete shares and volumes.
by Jeroen - IT Nerdbox
EIP-2026-119360 EXPLOITDB text
DirectControlTM 3.1.7.0 - Multiple Vulnerabilities
by mohamad ch
EIP-2026-103762 EXPLOITDB text
ACE Stream Media 2.1 - 'acestream://' Format String
by LiquidWorm
CVE-2014-0620 EXPLOITDB text
Technicolor TC7200 STD6.01.12 - Cross-Site Scripting via ADDNewDomain or VmTracerouteHost Parameter
Multiple cross-site scripting (XSS) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to inject arbitrary web script or HTML via the (1) ADDNewDomain parameter to parental/website-filters.asp or (2) VmTracerouteHost parameter to goform/status/diagnostics-route.
by Jeroen - IT Nerdbox