Text Exploits

EIP-2026-114014 EXPLOITDB text VERIFIED

WordPress Plugin RokIntroScroller - 'thumb.php' Multiple Vulnerabilities

by MustLive

View

EIP-2026-100150 EXPLOITDB text

AspxCommerce 2.0 - Arbitrary File Upload

by SANTHO

View

EIP-2026-114016 EXPLOITDB text VERIFIED

WordPress Plugin RokNewsPager - 'thumb.php' Multiple Vulnerabilities

by MustLive

View

CVE-2013-5962 EXPLOITDB text

Envato Complete Gallery Manager Plugin - Unrestricted File Upload

Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/[year]/[month]/.

by Vulnerability-Lab

View

CVE-2013-10044 EXPLOITDB HIGH text VERIFIED

OpenEMR < 4.1.1 Patch 14 - SQL Injection

An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Once elevated, the attacker can exploit an unrestricted file upload flaw to achieve remote code execution, resulting in full compromise of the application and its host system.

by xistence

CVSS 8.8

View

CVE-2013-2472 EXPLOITDB text

Oracle Java SE <7u21,6u45,5u45 - Info Disclosure

Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ShortBandedRaster size checks" in 2D.

by Packet Storm

View

EIP-2026-114017 EXPLOITDB text VERIFIED

WordPress Plugin RokStories - 'thumb.php' Multiple Vulnerabilities

by MustLive

View

EIP-2026-113394 EXPLOITDB text VERIFIED

Western Digital Arkeia Appliance 10.0.10 - Multiple Vulnerabilities

by xistence

View

CVE-2013-5745 EXPLOITDB text VERIFIED

David King Vino < 3.7.3 - Improper Input Validation

The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication.

by Trustwave's SpiderLabs

View

EIP-2026-101962 EXPLOITDB text

Router ONO Hitron CDE-30364 - Cross-Site Request Forgery

by Matias Mingorance Svensson

View

CVE-2010-4513 EXPLOITDB text VERIFIED

Zimplit Cms < 3.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS 3.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter in a load action to zimplit.php and (2) client parameter to English_manual_version_2.php.

by Yashar shahinzadeh

View

EIP-2026-113910 EXPLOITDB text VERIFIED

WordPress Plugin mukioplayer4wp - 'cid' SQL Injection

by Ashiyane Digital Security Team

View

CVE-2013-3179 EXPLOITDB text

Microsoft SharePoint Server - XSS

Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."

by Vulnerability-Lab

View

EIP-2026-103324 EXPLOITDB text

Synology DiskStation Manager (DSM) 4.3-3776 - Multiple Vulnerabilities

by Andrea Fabrizi

View

EIP-2026-102299 EXPLOITDB text

Talkie Bluetooth Video iFiles 2.0 iOS - Multiple Vulnerabilities

by Vulnerability-Lab

View

CVE-2013-5730 EXPLOITDB text

Dlink Dsl-2740b Firmware - CSRF

Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DSL-2740B Gateway with firmware EU_1.00 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or disable Wireless MAC Address Filters via a wlFltMode action to wlmacflt.cmd, (2) enable or disable firewall protections via a request to scdmz.cmd, or (3) enable or disable remote management via a save action to scsrvcntr.cmd.

by Ivano Binetti

View

EIP-2026-107421 EXPLOITDB text VERIFIED

glFusion 1.3.0 - 'search.php?cat_id' SQL Injection

by Omar Kurt

View

EIP-2026-106923 EXPLOITDB text VERIFIED

eTransfer Lite - 'file name' HTML Injection

by Benjamin Kunz Mejri

View

EIP-2026-101622 EXPLOITDB text

D-Link DIR-505 1.06 - Multiple Vulnerabilities

by Alessandro Di Pinto

View

EIP-2026-114661 EXPLOITDB text VERIFIED

Zyxware Health Monitoring System - Multiple Vulnerabilities

by Sarahma Security

View

CVE-2013-4341 EXPLOITDB text

Moodle < 2.2.11 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or HTML via a crafted blog link within an RSS feed.

by Ciaran McNally

View

CVE-2013-4984 EXPLOITDB text VERIFIED

Sophos Web Appliance <3.7.9.1, <3.8-3.8.1.1 - Privilege Escalation

The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.

by Core Security

View

EIP-2026-111459 EXPLOITDB text VERIFIED

Practico CMS 13.7 - Authentication Bypass

by shiZheni

View

EIP-2026-105994 EXPLOITDB text VERIFIED

CMS Mini 0.2.2 - Multiple Vulnerabilities

by SANTHO

View

CVE-2012-3748 EXPLOITDB text

Apple Safari < 6.0.1 - Race Condition

Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.

by Vitaliy Toropov

View