Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2014-0621 EXPLOITDB text
Technicolor TC7200 STD6.01.12 - Cross-Site Request Forgery via Multiple Endpoints
Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that (1) perform a factory reset via a request to goform/system/factory, (2) disable advanced options via a request to goform/advanced/options, (3) remove ip-filters via the IpFilterAddressDelete1 parameter to goform/advanced/ip-filters, or (4) remove firewall settings via the cbFirewall parameter to goform/advanced/firewall.
by Jeroen - IT Nerdbox
CVE-2013-7282 EXPLOITDB text
Nisuta NS-WIR150NE/NS-WIR300N - Auth Bypass
The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WIR300N router with firmware 5.07.36_NIS01 allows remote attackers to bypass authentication via a "Cookie: :language=en" HTTP header.
by Amplia Security Advisories
CVE-2013-6480 EXPLOITDB text VERIFIED
Apache Libcloud 0.12.3-0.13.2 - Exposure of Sensitive Information via DigitalOcean Destroy API
Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.
by anonymous
CVE-2013-7240 EXPLOITDB text VERIFIED
Advanced Dewplayer <1.2 - Path Traversal
Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.
by Henri Salo
CVE-2013-7278 EXPLOITDB text VERIFIED
Naxtech CMS Afroditi 1.0 - SQL Injection
SQL injection vulnerability in Naxtech CMS Afroditi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to default.asp.
by projectzero labs
EIP-2026-101647 EXPLOITDB text
D-Link DSL-2750u ME_1.09 - Cross-Site Request Forgery
by FIGHTERx war
CVE-2013-7209 EXPLOITDB text VERIFIED
JForum - Cross-Site Request Forgery in Admin Module
Cross-site request forgery (CSRF) vulnerability in admBase/login.page in the Admin module in JForum allows remote attackers to hijack the authentication of administrators for requests that change the user group permissions of arbitrary users via a groupsSave action.
by arno
EIP-2026-105009 EXPLOITDB text VERIFIED
AFCommerce - 'controlheader.php' Remote File Inclusion
by NoGe
EIP-2026-105008 EXPLOITDB text VERIFIED
AFCommerce - 'adminpassword.php' Remote File Inclusion
by NoGe
EIP-2026-105007 EXPLOITDB text VERIFIED
AFCommerce - 'adblock.php' Remote File Inclusion
by NoGe
CVE-2014-8359 EXPLOITDB text
Huawei Mobile Partner 23.009.05.03.1014 - Untrusted Search Path and DLL Hijacking via wintab32.dll
Untrusted search path vulnerability in Huawei Mobile Partner for Windows 23.009.05.03.1014 allows local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse wintab32.dll in the Mobile Partner directory.
by LiquidWorm
EIP-2026-114412 EXPLOITDB text VERIFIED
xBoard 5.0/5.5/6.0 - 'view.php' Local File Inclusion
by TUNISIAN CYBER
EIP-2026-110725 EXPLOITDB text
PHP MBB CMS 004 - Multiple Vulnerabilities
by cr4wl3r
EIP-2026-102296 EXPLOITDB text
Song Exporter 2.1.1 RS iOS - Local File Inclusion
by Vulnerability-Lab
CVE-2013-6987 EXPLOITDB text
Synology DiskStation Manager - Path Traversal via FileBrowser Components
Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary files via a .. (dot dot) in the (1) path parameter to file_delete.cgi or (2) folder_path parameter to file_share.cgi in webapi/FileStation/; (3) dlink parameter to fbdownload/; or unspecified parameters to (4) html5_upload.cgi, (5) file_download.cgi, (6) file_sharing.cgi, (7) file_MVCP.cgi, or (8) file_rename.cgi in webapi/FileStation/.
by Andrea Fabrizi
EIP-2026-114344 EXPLOITDB text VERIFIED
WordPress Theme Persuasion 2.x - Arbitrary File Download / File Deletion
by Interference Security
CVE-2013-6976 EXPLOITDB text
Cisco EPC3925 - Cross-Site Request Forgery via Quick Setup Password Change
Cross-site request forgery (CSRF) vulnerability in goform/Quick_setup on Cisco EPC3925 devices allows remote attackers to hijack the authentication of administrators for requests that change a password via the Password and PasswordReEnter parameters, aka Bug ID CSCuh37496.
by Jeroen - IT Nerdbox
CVE-2013-7420 EXPLOITDB text VERIFIED
Hancom Office 2010 SE - Buffer Overflow
Buffer overflow in Hancom Office 2010 SE allows remote attackers to execute arbitrary via a long string in the Text attribute in a TEXTART XML element in an HML file.
by diroverflow
CVE-2013-6890 EXPLOITDB text VERIFIED
Debian Linux - Authentication Bypass
denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login names.
by Helmut Grohne
CVE-2013-5676 EXPLOITDB text
Jenkins Plugin for SonarQube <= 3.7 - Authenticated Cleartext Password Exposure via sonar.sonarPassword Parameter
The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information (cleartext passwords) by reading the value in the sonar.sonarPassword parameter from jenkins/configure.
by Christian Catalano
CVE-2013-2627 EXPLOITDB text VERIFIED
Leed Light Feed <1.5 - SQL Injection
SQL injection vulnerability in action.php in Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action.
by Alexandre Herzog
CVE-2013-5573 EXPLOITDB text
Jenkins 1.523 - Stored Cross-Site Scripting via User Description Field
Cross-site scripting (XSS) vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration.
by Christian Catalano
CVE-2013-6883 EXPLOITDB text
CRU Ditto Forensic FieldStation Firmware < 2013Oct15a - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to hijack the authentication of administrators for requests that modify the disk erase technique settings via unspecified vectors.
by Martin Wundram
CVE-2013-6882 EXPLOITDB text
CRU Ditto Forensic FieldStation Firmware < 2013Oct15a - Cross-Site Scripting via Username Parameter
Multiple cross-site scripting (XSS) vulnerabilities in CRU Ditto Forensic FieldStation with firmware 2013Oct15a and earlier allow (1) remote attackers to inject arbitrary web script or HTML via the username parameter in a login or (2) remote authenticated users to inject arbitrary web script or HTML via unspecified form fields.
by Martin Wundram
CVE-2013-6881 EXPLOITDB text
CRU Ditto Forensic FieldStation Firmware < 2013Oct15a - OS Command Injection via Sector Size or Skip Count Fields
CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) sector size or (2) skip count fields for the forensic imaging task.
by Martin Wundram