Text Exploits

CVE-2013-2586 EXPLOITDB text

XAMPP 1.8.1 - XSS

XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute cross-site scripting (XSS) attacks via the WriteIntoLocalDisk method.

by Manuel García Cárdenas

View

CVE-2013-5748 EXPLOITDB text

Simplerisk < 20130915-001 - CSRF

Cross-site request forgery (CSRF) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to hijack the authentication of users for requests that add projects via an add_project action.

by Ryan Dewhurst

View

CVE-2013-5697 EXPLOITDB text

Simone Tellini Mod Accounting < 0.5 - SQL Injection

SQL injection vulnerability in mod_accounting.c in the mod_accounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header.

by Wireghoul

View

EIP-2026-102039 EXPLOITDB text

Tenda W309R Router 5.07.46 - Configuration Disclosure

by SANTHO

View

EIP-2026-101530 EXPLOITDB text

Asus RT-N66U 3.0.0.4.374_720 - Cross-Site Request Forgery

by cgcai

View

EIP-2026-107242 EXPLOITDB text VERIFIED

FreeSMS - '/pages/crc_handler.php?scheduleid' SQL Injection

by Sarahma Security

View

EIP-2026-107241 EXPLOITDB text VERIFIED

FreeSMS - '/pages/crc_handler.php' Multiple Cross-Site Scripting Vulnerabilities

by Sarahma Security

View

EIP-2026-111292 EXPLOITDB text VERIFIED

Piwigo 2.5.2 - Cross-Site Scripting

by Arsan

View

EIP-2026-105248 EXPLOITDB text VERIFIED

ArticleSetup - Multiple Vulnerabilities

by DevilScreaM

View

EIP-2026-104404 EXPLOITDB text VERIFIED

Posnic Stock Management System 1.02 - Multiple Vulnerabilities

by Sarahma Security

View

CVE-2013-6852 EXPLOITDB text

HP 2620-24-poe+ Switch - CSRF

Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword method.

by Hubert Gradek

View

CVE-2013-5692 EXPLOITDB text

X2engine X2crm < 3.4.1 - Path Traversal

Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php/admin/translationManager.

by High-Tech Bridge SA

View

CVE-2013-5693 EXPLOITDB text

X2engine X2crm < 3.4.1 - XSS

Cross-site scripting (XSS) vulnerability in X2Engine X2CRM before 3.5 allows remote attackers to inject arbitrary web script or HTML via the model parameter to index.php/admin/editor.

by High-Tech Bridge SA

View

EIP-2026-103344 EXPLOITDB text

ZeroShell 'cgi-bin/kerbynet' - Local File Disclosure

by Yann CAM

View

CVE-2013-5118 EXPLOITDB text

Good for Enterprise <2.2.4.1659 - XSS

Cross-site scripting (XSS) vulnerability in the Good for Enterprise app before 2.2.4.1659 for iOS allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail message.

by Mario

View

CVE-2013-5917 EXPLOITDB text

Rodrigo Coimbra Nospam Pti - SQL Injection

SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the comment_post_ID parameter.

by Alexandro Silva

View

EIP-2026-112047 EXPLOITDB text VERIFIED

SilverStripe CMS - Multiple HTML Injection Vulnerabilities

by Benjamin Kunz Mejri

View

EIP-2026-102566 EXPLOITDB text VERIFIED

Blue Coat ProxySG 5.x and Security Gateway OS - Denial of Service

by anonymous

View

EIP-2026-116239 EXPLOITDB text VERIFIED

Share KM 1.0.19 - Remote Denial of Service

by Yuda Prawira

View

CVE-2013-5961 EXPLOITDB text VERIFIED

Danny Morris Lazy Seo - Unrestricted File Upload

Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in lazy-seo/.

by Ashiyane Digital Security Team

View

EIP-2026-108769 EXPLOITDB text VERIFIED

Joomla! Component JVideoClip 1.5.1 - 'uid' SQL Injection

by SixP4ck3r

View

CVE-2013-5091 EXPLOITDB text

vTiger CRM <5.4.0 - SQL Injection

SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. NOTE: this issue might be a duplicate of CVE-2011-4559.

by High-Tech Bridge SA

View

EIP-2026-109566 EXPLOITDB text VERIFIED

Monstra CMS 1.2.0 - 'login' SQL Injection

by linc0ln.dll

View

EIP-2026-109420 EXPLOITDB text VERIFIED

MentalJS - Sandbox Security Bypass

by Rafay Baloch

View

EIP-2026-114015 EXPLOITDB text VERIFIED

WordPress Plugin RokMicroNews - 'thumb.php' Multiple Vulnerabilities

by MustLive

View