Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-102302 EXPLOITDB text
UbiDisk File Manager 2.0 iOS - Multiple Web Vulnerabilities
by Vulnerability-Lab
EIP-2026-102265 EXPLOITDB text
OliveOffice Mobile Suite 2.0.3 iOS - Local File Inclusion
by Vulnerability-Lab
EIP-2026-102259 EXPLOITDB text
My File Explorer 1.3.1 iOS - Multiple Web Vulnerabilities
by Vulnerability-Lab
CVE-2013-5147 EXPLOITDB text
iPhone OS < 6.1.4 - Passcode Lock Bypass via Race Condition
Passcode Lock in Apple iOS before 7 does not properly manage the lock state, which allows physically proximate attackers to bypass an intended passcode requirement by leveraging a race condition involving phone calls and ejection of a SIM card.
by Vulnerability-Lab
CVE-2013-5977 EXPLOITDB text VERIFIED
Cart66 Lite Plugin < 1.5.1.15 - Cross-Site Request Forgery
Cross-site request forgery (CSRF) vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that (1) create or modify products or conduct cross-site scripting (XSS) attacks via the (2) Product name or (3) Price description field in a product save action via a request to wp-admin/admin.php.
by absane
CVE-2013-5978 EXPLOITDB MEDIUM text VERIFIED
Cart66 Lite Plugin < 1.5.1.14 - Cross-Site Scripting via Product Name or Price Description
Multiple cross-site scripting (XSS) vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Product name or (2) Price description fields via a request to wp-admin/admin.php. NOTE: This issue may only cross privilege boundaries if used in combination with CVE-2013-5977.
by absane
CVSS 6.1
EIP-2026-112428 EXPLOITDB text VERIFIED
StatusNet/Laconica 0.7.4/0.8.2/0.9.0beta3 - Arbitrary File Reading
by spiderboy
CVE-2011-3918 EXPLOITDB text
Android < 4.0.3 - Denial of Service via Zygote Process Fork Request
The Zygote process in Android 4.0.3 and earlier accepts fork requests from processes with arbitrary UIDs, which allows remote attackers to cause a denial of service (reboot loop) via a crafted application.
by Luca Verderame
EIP-2026-105476 EXPLOITDB text VERIFIED
Bilboplanet - 'auth.php' SQL Injection
by Omar Kurt
CVE-2013-7409 EXPLOITDB text
ALLPlayer 5.6.2-5.8.1 - Buffer Overflow via .m3u Playlist File
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.
by metacom
EIP-2026-114630 EXPLOITDB text VERIFIED
Ziteman CMS - Login Page SQL Injection
by Ashiyane Digital Security Team
EIP-2026-104282 EXPLOITDB text
Imperva SecureSphere Web Application Firewall MX 9.5.6 - Blind SQL Injection
by Giuseppe D'Amore
CVE-2013-1743 EXPLOITDB text VERIFIED
Bugzilla 4.1.x-4.2.x < 4.2.7 and 4.3.x-4.4.x < 4.4.1 - Cross-Site Scripting via Tabular Report Field Values
Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a field value that is not properly handled during construction of a tabular report, as demonstrated by the (1) summary or (2) real name field. NOTE: this issue exists because of an incomplete fix for CVE-2012-4189.
by Mateusz Goik
CVE-2013-1742 EXPLOITDB text VERIFIED
Bugzilla 2.x-4.0.10, 4.1.x-4.2.6, 4.3.x-4.4.0 - Cross-Site Scripting via editflagtypes.cgi id or sortkey Parameter
Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) id or (2) sortkey parameter.
by Mateusz Goik
EIP-2026-114263 EXPLOITDB text VERIFIED
WordPress Plugin WP-Realty - 'listing_id' SQL Injection
by Napsterakos
EIP-2026-113992 EXPLOITDB text
WordPress Plugin Quick Contact Form 6.0 - Persistent Cross-Site Scripting
by Zy0d0x
EIP-2026-105091 EXPLOITDB text VERIFIED
Alienvault Open Source SIEM (OSSIM) - 'Timestamp' Directory Traversal
by Ding Yu-Chi
CVE-2013-6114 EXPLOITDB text
Apple Motion 5.0.7 - Denial of Service via OZDocument::parseElement Integer Overflow
Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service (application crash) via a (1) large or (2) small value in the subview attribute of a viewer element in a .motn file.
by Jean Pascal Pereira
CVE-2013-4362 EXPLOITDB text VERIFIED
davfs2 1.4.6-1.4.7 - Privilege Escalation via System Function in kernel_interface.c and mount_davfs.c
WEB-DAV Linux File System (davfs2) 1.4.6 and 1.4.7 allow local users to gain privileges via unknown attack vectors in (1) kernel_interface.c and (2) mount_davfs.c, related to the "system" function.
by Lorenzo Cantoni
CVE-2013-10038 EXPLOITDB CRITICAL text VERIFIED
FlashChat 6.0.2, 6.0.4-6.0.8 - Unauthenticated Arbitrary File Upload via upload.php
An unauthenticated arbitrary file upload vulnerability exists in FlashChat versions 6.0.2 and 6.0.4 through 6.0.8. The upload.php endpoint fails to properly validate file types and authentication, allowing attackers to upload malicious PHP scripts. Once uploaded, these scripts can be executed remotely, resulting in arbitrary code execution as the web server user.
by x-hayben21
EIP-2026-106845 EXPLOITDB text
elproLOG MONITOR Webaccess 2.1 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-105968 EXPLOITDB text
CMS Formulasi 2.07 - Multiple Vulnerabilities
by Sarahma Security
EIP-2026-104880 EXPLOITDB text VERIFIED
Aanval 7.1 build 70151 - Multiple Vulnerabilities
by xistence
EIP-2026-112366 EXPLOITDB text VERIFIED
SPAMINA Cloud Email Firewall - Directory Traversal
by Sisco Barrera
CVE-2013-5640 EXPLOITDB text
Gnew 2013.1 - SQL Injection via Multiple Parameters
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) answer_id or (2) question_id parameter to polls/vote.php, (3) story_id parameter to comments/add.php or (4) comments/edit.php, or (5) thread_id parameter to posts/add.php. NOTE: this issue was SPLIT due to differences in researchers and disclosure dates. CVE-2013-7349 already covers the news_id parameter to news/send.php, user_email parameter to users/register.php, and thread_id to posts/edit.php vectors.
by High-Tech Bridge SA