Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101622 EXPLOITDB text
D-Link DIR-505 1.06 - Multiple Vulnerabilities
by Alessandro Di Pinto
EIP-2026-114661 EXPLOITDB text VERIFIED
Zyxware Health Monitoring System - Multiple Vulnerabilities
by Sarahma Security
CVE-2013-4341 EXPLOITDB text
Moodle < 2.2.11, 2.3.x < 2.3.9, 2.4.x < 2.4.6, 2.5.x < 2.5.2 - Cross-Site Scripting via RSS Feed Blog Link
Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or HTML via a crafted blog link within an RSS feed.
by Ciaran McNally
CVE-2013-4984 EXPLOITDB text VERIFIED
Sophos Web Appliance <3.7.9.1, <3.8-3.8.1.1 - Privilege Escalation
The close_connections function in /opt/cma/bin/clear_keys.pl in Sophos Web Appliance before 3.7.9.1 and 3.8 before 3.8.1.1 allows local users to gain privileges via shell metacharacters in the second argument.
by Core Security
EIP-2026-111459 EXPLOITDB text VERIFIED
Practico CMS 13.7 - Authentication Bypass
by shiZheni
EIP-2026-105994 EXPLOITDB text VERIFIED
CMS Mini 0.2.2 - Multiple Vulnerabilities
by SANTHO
CVE-2012-3748 EXPLOITDB text
Safari < 6.0.1 - Remote Code Execution via JavaScript Array Race Condition
Race condition in WebKit in Apple iOS before 6.0.1 and Safari before 6.0.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving JavaScript arrays.
by Vitaliy Toropov
CVE-2013-5672 EXPLOITDB text
IndiaNIC Testimonial Plugin 2.2 - Cross-Site Request Forgery via Admin Actions
Multiple cross-site request forgery (CSRF) vulnerabilities in the IndiaNIC Testimonial plugin 2.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) add a testimonial via an iNIC_testimonial_save action; (2) add a listing template via an iNIC_testimonial_save_listing_template action; (3) add a widget template via an iNIC_testimonial_save_widget action; insert cross-site scripting (XSS) sequences via the (4) project_name, (5) project_url, (6) client_name, (7) client_city, (8) client_state, (9) description, (10) tags, (11) video_url, or (12) is_featured, (13) title, (14) widget_title, (15) no_of_testimonials, (16) filter_by_country, (17) filter_by_tags, or (18) widget_template parameter to wp-admin/admin-ajax.php.
by RogueCoder
CVE-2013-2470 EXPLOITDB text
Oracle Java SE <7u21,6u45,5u45 - Info Disclosure
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 21 and earlier, 6 Update 45 and earlier, and 5.0 Update 45 and earlier, and OpenJDK 7, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D. NOTE: the previous information is from the June 2013 CPU. Oracle has not commented on claims from another vendor that this issue allows remote attackers to bypass the Java sandbox via vectors related to "ImagingLib byte lookup processing."
by GuHe
CVE-2013-5673 EXPLOITDB text
IndiaNIC Testimonial plugin 2.2 - SQL Injection via custom_query Parameter
SQL injection vulnerability in testimonial.php in the IndiaNIC Testimonial plugin 2.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the custom_query parameter in a testimonial_add action to wp-admin/admin-ajax.php.
by RogueCoder
EIP-2026-106375 EXPLOITDB text VERIFIED
dBlog CMS - 'm' SQL Injection
by ACC3SS
EIP-2026-102063 EXPLOITDB text
TP-Link TD-W8951ND - Multiple Vulnerabilities
by xistence
EIP-2026-101355 EXPLOITDB text
MikroTik RouterOS - sshd (ROSSSH) Remote Heap Corruption
by kingcope
EIP-2026-100326 EXPLOITDB text VERIFIED
Flo CMS - 'archivem' SQL Injection
by ACC3SS
EIP-2026-119014 EXPLOITDB text
Oracle Java - ByteComponentRaster.verify() Memory Corruption
by Packet Storm
EIP-2026-105207 EXPLOITDB text VERIFIED
appRain CMF - Multiple Cross-Site Request Forgery Vulnerabilities
by Yashar shahinzadeh
CVE-2013-4982 EXPLOITDB CRITICAL text VERIFIED
AVTECH AVN801 DVR Firmware - Authentication Bypass via Captcha
AVTECH AVN801 DVR has a security bypass via the administration login captcha
by Core Security
CVSS 9.8
CVE-2013-4978 EXPLOITDB text VERIFIED
AloahaPDFViewer <5.0.0.7 - Buffer Overflow
Stack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and earlier in Aloaha PDF Suite FREE allows remote attackers to execute arbitrary code via a crafted PDF file.
by Marcos Accossatto
CVE-2013-3313 EXPLOITDB HIGH text
Loftek Nexus 543 IP Camera - Info Disclosure
The Loftek Nexus 543 IP Camera stores passwords in cleartext, which allows remote attackers to obtain sensitive information via an HTTP GET request to check_users.cgi. NOTE: cleartext passwords can also be obtained from proc/kcore when leveraging the directory traversal vulnerability in CVE-2013-3311.
by Craig Young
CVSS 7.5
CVE-2013-3312 EXPLOITDB HIGH text
Loftek Nexus 543 Firmware - Cross-Site Request Forgery via set_users.cgi
Multiple cross-site request forgery (CSRF) vulnerabilities in the Loftek Nexus 543 IP Camera allow remote attackers to hijack the authentication of unspecified victims for requests that change (1) passwords or (2) firewall configuration, as demonstrated by a request to set_users.cgi.
by Craig Young
CVSS 8.8
CVE-2013-3311 EXPLOITDB HIGH text
Loftek Nexus 543 Firmware - Unauthenticated Path Traversal via URL
Directory traversal vulnerability in the Loftek Nexus 543 IP Camera allows remote attackers to read arbitrary files via a .. (dot dot) in the URL of an HTTP GET request.
by Craig Young
CVSS 7.5
EIP-2026-111231 EXPLOITDB text
PhpVibe 3.1 - Multiple Vulnerabilities
by Esac
EIP-2026-109651 EXPLOITDB text
MusicBox 2.3.8 - Multiple Vulnerabilities
by DevilScreaM
EIP-2026-109588 EXPLOITDB text
mooSocial 1.3 - Multiple Vulnerabilities
by Esac
EIP-2026-108586 EXPLOITDB text
Joomla! Component com_virtuemart 2.0.22a - SQL Injection
by Matias Fontanini