Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-116239 EXPLOITDB text VERIFIED
Share KM 1.0.19 - Remote Denial of Service
by Yuda Prawira
CVE-2013-5961 EXPLOITDB text VERIFIED
Lazy SEO 1.1.9 - Unauthenticated Arbitrary File Upload and Remote Code Execution via lazyseo.php
Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in lazy-seo/.
by Ashiyane Digital Security Team
EIP-2026-108769 EXPLOITDB text VERIFIED
Joomla! Component JVideoClip 1.5.1 - 'uid' SQL Injection
by SixP4ck3r
CVE-2013-5091 EXPLOITDB text
vtiger CRM < 5.4.0 - Authenticated SQL Injection via onlyforuser Parameter
SQL injection vulnerability in CalendarCommon.php in vTiger CRM 5.4.0 and possibly earlier allows remote authenticated users to execute arbitrary SQL commands via the onlyforuser parameter in an index action to index.php. NOTE: this issue might be a duplicate of CVE-2011-4559.
by High-Tech Bridge SA
EIP-2026-109566 EXPLOITDB text VERIFIED
Monstra CMS 1.2.0 - 'login' SQL Injection
by linc0ln.dll
EIP-2026-109420 EXPLOITDB text VERIFIED
MentalJS - Sandbox Security Bypass
by Rafay Baloch
EIP-2026-114015 EXPLOITDB text VERIFIED
WordPress Plugin RokMicroNews - 'thumb.php' Multiple Vulnerabilities
by MustLive
EIP-2026-114014 EXPLOITDB text VERIFIED
WordPress Plugin RokIntroScroller - 'thumb.php' Multiple Vulnerabilities
by MustLive
EIP-2026-100150 EXPLOITDB text
AspxCommerce 2.0 - Arbitrary File Upload
by SANTHO
EIP-2026-114016 EXPLOITDB text VERIFIED
WordPress Plugin RokNewsPager - 'thumb.php' Multiple Vulnerabilities
by MustLive
CVE-2013-5962 EXPLOITDB text
Gallery Manager Plugin < 3.3.4 rev40279 - Unauthenticated Arbitrary File Upload and RCE via upload-images.php
Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/[year]/[month]/.
by Vulnerability-Lab
CVE-2013-10044 EXPLOITDB HIGH text VERIFIED
OpenEMR < 4.1.1 Patch 14 - SQL Injection
An authenticated SQL injection vulnerability exists in OpenEMR ≤ 4.1.1 Patch 14 that allows a low-privileged attacker to extract administrator credentials and subsequently escalate privileges. Once elevated, the attacker can exploit an unrestricted file upload flaw to achieve remote code execution, resulting in full compromise of the application and its host system.
by xistence
CVSS 8.8
CVE-2013-2472 EXPLOITDB text
Oracle Java SE <7u21,6u45,5u45 - Info Disclosure
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "Incorrect ShortBandedRaster size checks" in 2D.
by Packet Storm
EIP-2026-114017 EXPLOITDB text VERIFIED
WordPress Plugin RokStories - 'thumb.php' Multiple Vulnerabilities
by MustLive
EIP-2026-113394 EXPLOITDB text VERIFIED
Western Digital Arkeia Appliance 10.0.10 - Multiple Vulnerabilities
by xistence
CVE-2013-5745 EXPLOITDB text VERIFIED
GNOME Vino < 3.7.3 - Denial of Service via Authentication Error Handling
The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error causes the connection to close during authentication, which allows remote attackers to cause a denial of service (infinite loop, CPU and disk consumption) via multiple crafted requests during authentication.
by Trustwave's SpiderLabs
EIP-2026-101962 EXPLOITDB text
Router ONO Hitron CDE-30364 - Cross-Site Request Forgery
by Matias Mingorance Svensson
CVE-2010-4513 EXPLOITDB text VERIFIED
zimplit_cms < 3.0 - Cross-Site Scripting via file and client Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Zimplit CMS 3.0, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) file parameter in a load action to zimplit.php and (2) client parameter to English_manual_version_2.php.
by Yashar shahinzadeh
EIP-2026-113910 EXPLOITDB text VERIFIED
WordPress Plugin mukioplayer4wp - 'cid' SQL Injection
by Ashiyane Digital Security Team
CVE-2013-3179 EXPLOITDB text
Microsoft SharePoint Server 2007 SP3, 2010 SP1/SP2, 2013 - Cross-Site Scripting
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2007 SP3, 2010 SP1 and SP2, and 2013 allows remote attackers to inject arbitrary web script or HTML via a crafted request, aka "SharePoint XSS Vulnerability."
by Vulnerability-Lab
EIP-2026-103324 EXPLOITDB text
Synology DiskStation Manager (DSM) 4.3-3776 - Multiple Vulnerabilities
by Andrea Fabrizi
EIP-2026-102299 EXPLOITDB text
Talkie Bluetooth Video iFiles 2.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2013-5730 EXPLOITDB text
D-Link DSL-2740B Firmware EU_1.00 - Cross-Site Request Forgery via Wireless MAC Filter, Firewall, or Remote Management
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DSL-2740B Gateway with firmware EU_1.00 allow remote attackers to hijack the authentication of administrators for requests that (1) enable or disable Wireless MAC Address Filters via a wlFltMode action to wlmacflt.cmd, (2) enable or disable firewall protections via a request to scdmz.cmd, or (3) enable or disable remote management via a save action to scsrvcntr.cmd.
by Ivano Binetti
EIP-2026-107421 EXPLOITDB text VERIFIED
glFusion 1.3.0 - 'search.php?cat_id' SQL Injection
by Omar Kurt
EIP-2026-106923 EXPLOITDB text VERIFIED
eTransfer Lite - 'file name' HTML Injection
by Benjamin Kunz Mejri