Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-5639 EXPLOITDB text
Gnew < 2013.1 - Path Traversal via gnew_language Cookie
Directory traversal vulnerability in users/login.php in Gnew 2013.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the gnew_language cookie.
by High-Tech Bridge SA
CVE-2013-7349 EXPLOITDB text
Gnew 2013.1 - SQL Injection via news_id, thread_id, or user_email Parameter
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to posts/edit.php, or (3) user_email parameter to users/password.php or (4) users/register.php. NOTE: these issues were SPLIT from CVE-2013-5640 due to differences in researchers and disclosure dates.
by High-Tech Bridge SA
CVE-2013-5696 EXPLOITDB text VERIFIED
GLPI < 0.84.2 - Cross-Site Request Forgery and SQL Injection via Install Script
inc/central.class.php in GLPI before 0.84.2 does not attempt to make install/install.php unavailable after an installation is completed, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks, and (1) perform a SQL injection via an Etape_4 action or (2) execute arbitrary PHP code via an update_1 action.
by High-Tech Bridge SA
CVE-2013-5967 EXPLOITDB text VERIFIED
AlienVault OSSIM < 4.3 - SQL Injection via RadarReport Date Parameter
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from parameter to (1) radar-iso27001-potential.php, (2) radar-iso27001-A12IS_acquisition-pot.php, (3) radar-iso27001-A11AccessControl-pot.php, (4) radar-iso27001-A10Com_OP_Mgnt-pot.php, or (5) radar-pci-potential.php in RadarReport/.
by Yu-Chi Ding
EIP-2026-103465 EXPLOITDB text VERIFIED
Evince PDF Reader 2.32.0.145 (Windows) / 3.4.0 (Linux) - Denial of Service
by Deva
CVE-2013-4987 EXPLOITDB text VERIFIED
PineApp Mail-SeCure <3.70 - Privilege Escalation
PineApp Mail-SeCure before 3.70 allows remote authenticated users to gain privileges by leveraging console access and providing shell metacharacters in a "system ping" command.
by Core Security
CVE-2013-5680 EXPLOITDB text VERIFIED
HylaFAX+ 5.2.4-5.5.3 - Heap-Based Buffer Overflow via Long USER Command
Heap-based buffer overflow in hfaxd in HylaFAX+ 5.2.4 through 5.5.3, when using LDAP authentication, might allow remote attackers to cause a denial of service (child hang) or execute arbitrary code via a long USER command.
by Dennis Jenkins
CVE-2013-2586 EXPLOITDB text
XAMPP 1.8.1 - Cross-Site Scripting via WriteIntoLocalDisk Method
XAMPP 1.8.1 does not properly restrict access to xampp/lang.php, which allows remote attackers to modify xampp/lang.tmp and execute cross-site scripting (XSS) attacks via the WriteIntoLocalDisk method.
by Manuel García Cárdenas
CVE-2013-5748 EXPLOITDB text
simplerisk < 20130916-001 - Cross-Site Request Forgery via add_project Action
Cross-site request forgery (CSRF) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to hijack the authentication of users for requests that add projects via an add_project action.
by Ryan Dewhurst
CVE-2013-5697 EXPLOITDB text
mod_accounting < 0.5 - SQL Injection via Host Header
SQL injection vulnerability in mod_accounting.c in the mod_accounting module 0.5 and earlier for Apache allows remote attackers to execute arbitrary SQL commands via a Host header.
by Wireghoul
EIP-2026-102039 EXPLOITDB text
Tenda W309R Router 5.07.46 - Configuration Disclosure
by SANTHO
EIP-2026-101530 EXPLOITDB text
Asus RT-N66U 3.0.0.4.374_720 - Cross-Site Request Forgery
by cgcai
EIP-2026-107242 EXPLOITDB text VERIFIED
FreeSMS - '/pages/crc_handler.php?scheduleid' SQL Injection
by Sarahma Security
EIP-2026-107241 EXPLOITDB text VERIFIED
FreeSMS - '/pages/crc_handler.php' Multiple Cross-Site Scripting Vulnerabilities
by Sarahma Security
EIP-2026-111292 EXPLOITDB text VERIFIED
Piwigo 2.5.2 - Cross-Site Scripting
by Arsan
EIP-2026-105248 EXPLOITDB text VERIFIED
ArticleSetup - Multiple Vulnerabilities
by DevilScreaM
EIP-2026-104404 EXPLOITDB text VERIFIED
Posnic Stock Management System 1.02 - Multiple Vulnerabilities
by Sarahma Security
CVE-2013-6852 EXPLOITDB text
HP 2620-24-PoE+ Switch - Cross-Site Request Forgery via setPassword Method
Cross-site request forgery (CSRF) vulnerability in html/json.html on HP 2620 switches allows remote attackers to hijack the authentication of administrators for requests that change an administrative password via the setPassword method.
by Hubert Gradek
CVE-2013-5692 EXPLOITDB text
X2Engine X2CRM < 3.5 - Authenticated Path Traversal via Translation Manager File Parameter
Directory traversal vulnerability in X2Engine X2CRM before 3.5 allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the file parameter to index.php/admin/translationManager.
by High-Tech Bridge SA
CVE-2013-5693 EXPLOITDB text
X2Engine X2CRM < 3.5 - Cross-Site Scripting via Model Parameter
Cross-site scripting (XSS) vulnerability in X2Engine X2CRM before 3.5 allows remote attackers to inject arbitrary web script or HTML via the model parameter to index.php/admin/editor.
by High-Tech Bridge SA
EIP-2026-103344 EXPLOITDB text
ZeroShell 'cgi-bin/kerbynet' - Local File Disclosure
by Yann CAM
CVE-2013-5118 EXPLOITDB text
Good for Enterprise <2.2.4.1659 - XSS
Cross-site scripting (XSS) vulnerability in the Good for Enterprise app before 2.2.4.1659 for iOS allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail message.
by Mario
CVE-2013-5917 EXPLOITDB text
NOSpam PTI 2.1 - SQL Injection via comment_post_ID Parameter
SQL injection vulnerability in wp-comments-post.php in the NOSpam PTI plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the comment_post_ID parameter.
by Alexandro Silva
EIP-2026-112047 EXPLOITDB text VERIFIED
SilverStripe CMS - Multiple HTML Injection Vulnerabilities
by Benjamin Kunz Mejri
EIP-2026-102566 EXPLOITDB text VERIFIED
Blue Coat ProxySG 5.x and Security Gateway OS - Denial of Service
by anonymous