Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-7189 EXPLOITDB text VERIFIED
iScripts AutoHoster - SQL Injection
Multiple SQL injection vulnerabilities in iScripts AutoHoster, possibly 2.4, allow remote attackers to execute arbitrary SQL commands via the cmbdomain parameter to (1) checktransferstatus.php, (2) checktransferstatusbck.php, or (3) additionalsettings.php; or (4) invno parameter to payinvoiceothers.php.
by i-Hmx
EIP-2026-102270 EXPLOITDB text
Phone Drive Eightythree 4.1.1 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-110349 EXPLOITDB text VERIFIED
Osclass - Multiple Input Validation Vulnerabilities
by R3d-D3V!L
EIP-2026-100313 EXPLOITDB text VERIFIED
Etoshop B2B Vertical Marketplace Creator - Multiple SQL Injections
by R3d-D3V!L
CVE-2014-1214 EXPLOITDB HIGH text VERIFIED
ProJoom Smart Flash Header < 3.0.2 - Unauthenticated Arbitrary File Upload via Crafted Dest and Filename Parameters
views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for Joomla! allows remote attackers to upload and execute arbitrary files via a crafted (1) dest parameter and (2) arbitrary extension in the Filename parameter.
by Yuri Kramarz
CVSS 8.8
EIP-2026-105572 EXPLOITDB text VERIFIED
BoastMachine - 'blog' SQL Injection
by Omar Kurt
CVE-2013-6875 EXPLOITDB text VERIFIED
Nagios XI < 2012r2.4 - SQL Injection via tfPassword Parameter
SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parameter to nagiosql/index.php.
by Denis Andzakovic
CVE-2013-7192 EXPLOITDB text VERIFIED
Dynamic Biz Website Builder - SQL Injection
Multiple SQL injection vulnerabilities in Dynamic Biz Website Builder (QuickWeb) allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/news-events/newdetail.asp, or the (2) UserID or (3) Password to login.asp.
by R3d-D3V!L
CVE-2013-7192 EXPLOITDB text VERIFIED
Dynamic Biz Website Builder - SQL Injection
Multiple SQL injection vulnerabilities in Dynamic Biz Website Builder (QuickWeb) allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to apps/news-events/newdetail.asp, or the (2) UserID or (3) Password to login.asp.
by R3d-D3V!L
EIP-2026-113410 EXPLOITDB text VERIFIED
WHMCompleteSolution (WHMCS) 4.x/5.x - Multiple Web Vulnerabilities
by AhwAk20o0 --
EIP-2026-109001 EXPLOITDB text VERIFIED
KikChat - Local File Inclusion / Remote Code Execution
by cr4wl3r
EIP-2026-106326 EXPLOITDB text VERIFIED
Cythosia 2.x Botnet (C2 Web Panel) - SQL Injection
by GalaxyAndroid
EIP-2026-101914 EXPLOITDB text
Pentagram Cerberus P 6363 DSL Router - Multiple Vulnerabilities
by condis
CVE-2012-0874 EXPLOITDB text
JBoss EAP < 5.2.0 - Unauthenticated Remote Code Execution via JMX/EJB Invoker
The (1) JMXInvokerHAServlet and (2) EJBInvokerHAServlet invoker servlets in JBoss Enterprise Application Platform (EAP) before 5.2.0, Web Platform (EWP) before 5.2.0, BRMS Platform before 5.3.1, and SOA Platform before 5.3.1 do not require authentication by default in certain profiles, which might allow remote attackers to invoke MBean methods and execute arbitrary code via unspecified vectors. NOTE: this issue can only be exploited when the interceptor is not properly configured with a "second layer of authentication," or when used in conjunction with other vulnerabilities that bypass this second layer.
by rgod
CVE-2013-4988 EXPLOITDB text VERIFIED
IcoFX < 2.5 - Remote Code Execution via Long idCount in ICONDIR Structure
Stack-based buffer overflow in IcoFX 2.5 and earlier allows remote attackers to execute arbitrary code via a long idCount value in an ICONDIR structure in an ICO file. NOTE: some of these details are obtained from third party information.
by Core Security
EIP-2026-113054 EXPLOITDB text VERIFIED
Veno File Manager - 'q' Arbitrary File Download
by Daniel Godoy
CVE-2013-7194 EXPLOITDB text VERIFIED
eFront 3.6.14 - Authenticated Stored Cross-Site Scripting via Administrator Fields
Multiple cross-site scripting (XSS) vulnerabilities in www/administrator.php in eFront 3.6.14 (build 18012) allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) Last name, (2) Lesson name, or (3) Course name field.
by sajith
CVE-2013-7097 EXPLOITDB text VERIFIED
7mediaws eduTrac < 1.1.2 - Path Traversal via Installer Overview showmask Parameter
Directory traversal vulnerability in 7 Media Web Solutions eduTrac before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the showmask parameter to installer/overview.php.
by High-Tech Bridge
CVE-2013-6492 EXPLOITDB text VERIFIED
Piranha Configuration Tool 0.8.6 - Unauthenticated Configuration Access via HTTP POST Request
The Piranha Configuration Tool in Piranha 0.8.6 does not properly restrict access to webpages, which allows remote attackers to bypass authentication and read or modify the LVS configuration via an HTTP POST request.
by Andreas Schiermeier
EIP-2026-102277 EXPLOITDB text
Photo Video Album Transfer 1.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-111324 EXPLOITDB text VERIFIED
PlaySms 0.9.9.2 - Cross-Site Request Forgery
by Saadi Siddiqui
EIP-2026-103763 EXPLOITDB text
Air Gallery 1.0 Air Photo Browser - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-100771 EXPLOITDB text VERIFIED
CGILua 3.0 - SQL Injection
by aceeeeeeeer .
CVE-2013-7319 EXPLOITDB text VERIFIED
WordPress Download Mgr <2.5.9 - XSS
Cross-site scripting (XSS) vulnerability in the Download Manager plugin before 2.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the title field.
by Jeroen - IT Nerdbox
EIP-2026-110417 EXPLOITDB text VERIFIED
Ovidentia 7.9.6 - Multiple Vulnerabilities
by sajith