Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-6873 EXPLOITDB text VERIFIED
Testa Online Test Management System 2.0.0.2 - SQL Injection via test_id Parameter
SQL injection vulnerability in Testa Online Test Management System (OTMS) 2.0.0.2 allows remote attackers to execute arbitrary SQL commands via the test_id parameter.
by Ashiyane Digital Security Team
CVE-2014-1990 EXPLOITDB text
TOSHIBA TEC e-Studio 232, 233, 282, and 283 - Cross-Site Request Forgery in TopAccess
Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the web-based management utility) on TOSHIBA TEC e-Studio 232, 233, 282, and 283 devices allows remote attackers to hijack the authentication of administrators for requests that change passwords.
by Hubert Gradek
CVE-2013-6618 EXPLOITDB text
Juniper Junos Authenticated RCE via J-Web PHP rsargs Parameter
jsdm/ajax/port.php in J-Web in Juniper Junos before 10.4R13, 11.4 before 11.4R7, 12.1 before 12.1R5, 12.2 before 12.2R3, and 12.3 before 12.3R1 allows remote authenticated users to execute arbitrary commands via the rsargs parameter in an exec action.
by Sense of Security
EIP-2026-114331 EXPLOITDB text
WordPress Theme Highlight Premium - Cross-Site Request Forgery / Arbitrary File Upload
by DevilScreaM
CVE-2013-3528 EXPLOITDB text VERIFIED
Vanilla Forums <2.0.18.8 - Code Injection
Unspecified vulnerability in the update check in Vanilla Forums before 2.0.18.8 has unspecified impact and remote attack vectors, related to "object injection."
by EgiX
CVE-2013-6164 EXPLOITDB text
projeqtor 3.4.0 - SQL Injection via objectId Parameter
SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter.
by Vicente Aguilera Diaz
CVE-2013-6364 EXPLOITDB HIGH text VERIFIED
Horde Groupware Webmail Edition - Cross-Site Request Forgery and Cross-Site Scripting in Saved Search
Horde Groupware Webmail Edition has CSRF and XSS when saving search as a virtual address book
by Marcela Benetrix
CVSS 8.8
CVE-2013-6058 EXPLOITDB text
appRain CMF < 3.0.2 - SQL Injection via PATH_INFO to blog-by-cat/
SQL injection vulnerability in appRain CMF 3.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to blog-by-cat/.
by High-Tech Bridge SA
CVE-2013-4985 EXPLOITDB HIGH text VERIFIED
Vivotek IP7160 IP7361 IP8332 Firmware - Unauthenticated RTSP Authentication Bypass
Multiple Vivotek IP Cameras remote authentication bypass that could allow access to the video stream
by Core Security
CVSS 7.5
CVE-2013-5220 EXPLOITDB text
HOT HOTBOX Router Firmware 2.1.11 - Denial of Service via Crafted HTTP POST Data
goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data.
by Oz Elisyan
EIP-2026-100516 EXPLOITDB text VERIFIED
RASPcalendar 1.01 (ASP) - Admin Login
by Hackeri-AL UAH-Crew
EIP-2026-109449 EXPLOITDB text
Microweber 0.905 - Error-Based SQL Injection
by Zy0d0x
CVE-2013-6357 EXPLOITDB text
Apache Tomcat < 5.5.25 - Cross-Site Request Forgery via Manager Application
Cross-site request forgery (CSRF) vulnerability in the Manager application in Apache Tomcat 5.5.25 and earlier allows remote attackers to hijack the authentication of administrators for requests that manipulate application deployment via the POST method, as demonstrated by a /manager/html/undeploy?path= URI. NOTE: the vendor disputes the significance of this report, stating that "the Apache Tomcat Security team has not accepted any reports of CSRF attacks against the Manager application ... as they require a reckless system administrator.
by Ivano Binetti
EIP-2026-104405 EXPLOITDB text
Practico 13.9 - Multiple Vulnerabilities
by LiquidWorm
EIP-2026-114354 EXPLOITDB text
WordPress Theme Think Responsive 1.0 - Arbitrary File Upload
by Byakuya Kouta
EIP-2026-114352 EXPLOITDB text VERIFIED
WordPress Theme Switchblade 1.3 - Arbitrary File Upload
by Byakuya Kouta
EIP-2026-110528 EXPLOITDB text VERIFIED
pdirl PHP Directory Listing 1.0.4 - Cross-Site Scripting
by Vulnerability-Lab
EIP-2026-107814 EXPLOITDB text
ImpressPages CMS 3.6 - Arbitrary File Deletion
by LiquidWorm
EIP-2026-107813 EXPLOITDB text
ImpressPages CMS 3.6 - 'manage()' Remote Code Execution
by LiquidWorm
CVE-2013-5694 EXPLOITDB text
Opsview < 4.4.1 - SQL Injection via service_selection Parameter
SQL injection vulnerability in status/service/acknowledge in Opsview before 4.4.1 allows remote attackers to execute arbitrary SQL commands via the service_selection parameter.
by J. Oquendo
EIP-2026-107815 EXPLOITDB text
ImpressPages CMS 3.6 - Multiple Cross-Site Scripting / SQL Injection Vulnerabilities
by LiquidWorm
EIP-2026-102091 EXPLOITDB text
Unicorn Router WB-3300NR - Cross-Site Request Forgery (Factory Reset/DNS Change)
by absane
CVE-2013-6793 EXPLOITDB text VERIFIED
Olat 7.8.0.1 - Cross-Site Scripting via Calendar Event Name or Date Field
Multiple cross-site scripting (XSS) vulnerabilities in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allow remote attackers to inject arbitrary web script or HTML via the (1) event name or (2) date field.
by Vulnerability-Lab
EIP-2026-119454 EXPLOITDB text VERIFIED
XAMPP for Windows 1.8.2 - Blind SQL Injection
by Sebastián Magof
CVE-2013-6794 EXPLOITDB text VERIFIED
Olat 7.8.0.1 - Cross-Site Scripting via Calendar Location Field
Cross-site scripting (XSS) vulnerability in the Calendar module in Olat 7.8.0.1 (b20130821 N1) allows remote attackers to inject arbitrary web script or HTML via the Location field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
by Vulnerability-Lab