Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-113701 EXPLOITDB text VERIFIED
WordPress Plugin dzs-videogallery - Arbitrary File Upload
by link_satisi
EIP-2026-102077 EXPLOITDB text
TP-Link WR740N/WR740ND - Multiple Cross-Site Request Forgery Vulnerabilities
by Samandeep Singh
CVE-2013-6936 EXPLOITDB text VERIFIED
MyBB Ajax forum stat Plugin 2.0 - SQL Injection via tooltip or usertooltip Parameter
Multiple SQL injection vulnerabilities in ajaxfs.php in the Ajax forum stat (Ajaxfs) Plugin 2.0 for MyBB (aka MyBulletinBoard) allow remote attackers to execute arbitrary SQL commands via the (1) tooltip or (2) usertooltip parameter.
by IeDb ir
EIP-2026-101917 EXPLOITDB text
Pirelli Discus DRG A125g - Remote Change SSID Value
by Sebastián Magof
EIP-2026-109141 EXPLOITDB text
LimeSurvey 2.00+ (build 131107) - Multiple Vulnerabilities
by LiquidWorm
EIP-2026-107816 EXPLOITDB text VERIFIED
ImpressPages CMS 3.8 - Persistent Cross-Site Scripting
by sajith
CVE-2013-5912 EXPLOITDB text VERIFIED
Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 - Remote Code Execution via VhttpdMgr
VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action.
by Eduardo Gonzalez
EIP-2026-110874 EXPLOITDB text
PHP-Nuke 8.2.4 - Multiple Vulnerabilities
by Sojobo dev team
CVE-2013-6831 EXPLOITDB text VERIFIED
PineApp Mail-SeCure 3.70 and earlier on 5099SK - Privilege Escalation via Sudoers Misconfiguration
PineApp Mail-SeCure 3.70 and earlier on 5099SK and earlier platforms has a sudoers file that does not properly restrict user specifications, which allows local users to gain privileges via a sudo command that leverages access to the qmailq account.
by Ruben Garrote García
EIP-2026-115495 EXPLOITDB text
JPEGView 1.0.29 - Crash (PoC)
by Debasish Mandal
EIP-2026-104079 EXPLOITDB text VERIFIED
SKIDATA Freemotion.Gate - Web Services Multiple Command Execution Vulnerabilities
by Dennis Kelly
CVE-2013-4547 EXPLOITDB text VERIFIED
nginx 0.8.41-1.4.3 and 1.5.x < 1.5.7 - URI Restriction Bypass via Unescaped Space Character
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.
by Ivan Fratric
CVE-2013-6796 EXPLOITDB text VERIFIED
DeepOfix < 3.3 - Unauthenticated Authentication Bypass via Empty Password
The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to bypass authentication via an empty password, which triggers an LDAP anonymous bind.
by Gerardo Vazquez_ Eduardo Arriols
CVE-2013-5030 EXPLOITDB text
Ruckus Wireless Zoneflex 2942 <9.6.0.0.267 - Auth Bypass
Ruckus Wireless Zoneflex 2942 devices with firmware 9.6.0.0.267 allow remote attackers to bypass authentication, and subsequently access certain configuration/ and maintenance/ scripts, by constructing a crafted URI after receiving an authentication error for an arbitrary login attempt.
by myexploit
CVE-2013-10034 EXPLOITDB CRITICAL text
Kaseya KServer <6.3.0.2 - File Upload
An unrestricted file upload vulnerability exists in Kaseya KServer versions prior to 6.3.0.2. The uploadImage.asp endpoint allows unauthenticated users to upload files to arbitrary paths via a crafted filename parameter in a multipart/form-data POST request. Due to the lack of authentication and input sanitation, an attacker can upload a file with an .asp extension to a web-accessible directory, which can then be invoked to execute arbitrary code with the privileges of the IUSR account. The vulnerability enables remote code execution without prior authentication and was resolved in version 6.3.0.2 by removing the vulnerable uploadImage.asp endpoint.
by Security-Assessment.com
EIP-2026-114341 EXPLOITDB text
WordPress Theme Make A Statement (MaS) - Cross-Site Request Forgery
by DevilScreaM
EIP-2026-114326 EXPLOITDB text
WordPress Theme Euclid 1.x - Cross-Site Request Forgery
by DevilScreaM
EIP-2026-114323 EXPLOITDB text
WordPress Theme Dimension - Cross-Site Request Forgery
by DevilScreaM
EIP-2026-114304 EXPLOITDB text
WordPress Theme Amplus - Cross-Site Request Forgery
by DevilScreaM
EIP-2026-112743 EXPLOITDB text VERIFIED
TomatoCart 1.1.8.2 - 'class' Local File Inclusion
by Esac
CVE-2013-6225 EXPLOITDB CRITICAL text
LiveZilla 5.0.1.4 - Remote Code Execution via Path Traversal
LiveZilla 5.0.1.4 has a Remote Code Execution vulnerability
by Curesec Research Team
CVSS 9.8
CVE-2014-5007 EXPLOITDB CRITICAL text
ManageEngine Desktop Central 7.0-9.0 - Path Traversal & Arbitrary File Write via AgentLogUploader
Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows remote attackers to write to and execute arbitrary files as SYSTEM via a .. (dot dot) in the filename parameter.
by Security-Assessment.com
CVSS 9.8
CVE-2013-6117 EXPLOITDB text
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 - Unauthenticated Authentication Bypass via TCP Port 37777
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.
by Jake Reynolds
EIP-2026-102243 EXPLOITDB text
Google Gmail IOS Mobile Application - Persistent Cross-Site Scripting
by Ali Raza
EIP-2026-102112 EXPLOITDB text
WBR-3406 Wireless Broadband NAT Router - Web-Console Password Change Bypass / Cross-Site Request Forgery
by Yakir Wizman