Text Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-102241 EXPLOITDB text
FTP OnConnect 1.4.11 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2013-4977 EXPLOITDB text VERIFIED
Hikvision DS-2CD7153-E <4.1.0 b130111 - Buffer Overflow
Buffer overflow in the RTSP Packet Handler in Hikvision DS-2CD7153-E IP camera with firmware 4.1.0 b130111 (Jan 2013), and possibly other devices, allows remote attackers to cause a denial of service (device crash and reboot) and possibly execute arbitrary code via a long string in the Range header field in an RTSP transaction.
by Core Security
CVE-2013-5028 EXPLOITDB text VERIFIED
Kwoksys Kwok Info Server <2.8.5 - SQL Injection
SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the (1) hardwareType, (2) hardwareStatus, or (3) hardwareLocation parameter in a search command.
by Yogesh Phadtare
CVE-2013-4885 EXPLOITDB text VERIFIED
NMap <6.40 - Path Traversal
The http-domino-enum-passwords.nse script in NMap before 6.40, when domino-enum-passwords.idpath is set, allows remote servers to upload "arbitrarily named" files via a crafted FullName parameter in a response, as demonstrated using directory traversal sequences.
by Piotr Duszynski
CVE-2013-5316 EXPLOITDB text
RiteCMS 1.0.0 - CSRF
Cross-site request forgery (CSRF) vulnerability in RiteCMS 1.0.0 allows remote attackers to hijack the authentication of administrators for requests that change the administrator password via an edit user action to cms/index.php.
by Yashar shahinzadeh
CVE-2013-5578 EXPLOITDB text
StarUML - Buffer Overflow
Buffer overflow in the ToDot method in the WINGRAPHVIZLib.NEATO ActiveX control in WinGraphviz.dll in StarUML allows remote attackers to execute arbitrary code via a long argument.
by d3b4g
CVE-2013-5317 EXPLOITDB text
RiteCMS 1.0.0 - XSS
Cross-site scripting (XSS) vulnerability in RiteCMS 1.0.0 allows remote authenticated users to inject arbitrary web script or HTML via the mode parameter to cms/index.php.
by Yashar shahinzadeh
CVE-2013-4867 EXPLOITDB MEDIUM text VERIFIED
Electronic Arts Karotz Smart Rabbit <12.07.19.00 - Code Injection
Electronic Arts Karotz Smart Rabbit 12.07.19.00 allows Python module hijacking
by Trustwave's SpiderLabs
CVSS 6.3
CVE-2013-4864 EXPLOITDB CRITICAL text VERIFIED
MiCasaVerde VeraLite <1.5.408 - SSRF
MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (SSRF) issue.
by Trustwave's SpiderLabs
CVSS 9.8
CVE-2013-4863 EXPLOITDB HIGH text VERIFIED
MiCasaVerde VeraLite <1.5.408 - RCE
The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port 49451 or (2) remote authenticated users to execute arbitrary Lua code via a RunLua action in a request to port_49451/upnp/control/hag.
by Trustwave's SpiderLabs
CVSS 8.8
CVE-2013-4862 EXPLOITDB HIGH text VERIFIED
MiCasaVerde VeraLite <1.5.408 - Privilege Escalation
MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) obtain hashed passwords via the cgi-bin/cmh/backup.sh page.
by Trustwave's SpiderLabs
CVSS 8.1
CVE-2013-4861 EXPLOITDB MEDIUM text VERIFIED
MiCasaVerde VeraLite <1.5.408 - Path Traversal
Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. (dot dot) in the filename parameter.
by Trustwave's SpiderLabs
CVSS 6.5
CVE-2013-3212 EXPLOITDB HIGH text
vtiger CRM <5.4.0 - Code Injection
vtiger CRM 5.4.0 and earlier contain local file-include vulnerabilities in 'customerportal.php' which allows remote attackers to view files and execute local script code.
by EgiX
CVSS 8.1
CVE-2013-10046 EXPLOITDB HIGH text VERIFIED
Agnitum Outpost Internet Security 8.1 - Privilege Escalation
A local privilege escalation vulnerability exists in Agnitum Outpost Internet Security 8.1 that allows an unprivileged user to execute arbitrary code with SYSTEM privileges. The flaw resides in the acs.exe component, which exposes a named pipe that accepts unauthenticated commands. By exploiting a directory traversal weakness in the pipe protocol, an attacker can instruct the service to load a malicious DLL from a user-controlled location. The DLL is then executed in the context of the privileged service.
by Ahmad Moghimi
CVE-2013-3803 EXPLOITDB text VERIFIED
Oracle Hyperion <11.1.2.305 - Info Disclosure
Unspecified vulnerability in the Hyperion BI+ component in Oracle Hyperion 11.1.1.3, 11.1.1.4.107 and earlier, 11.1.2.1.129 and earlier, and 11.1.2.2.305 and earlier allows remote authenticated users to affect confidentiality via unknown vectors related to Intelligence Service.
by Richard Warren
EIP-2026-116392 EXPLOITDB text
TEC-IT TBarCode - OCX ActiveX Control (TBarCode4.ocx 4.1.0) Crash (PoC)
by d3b4g
EIP-2026-113594 EXPLOITDB text
WordPress Plugin Better WP Security 3.4.8/3.4.9/3.4.10/3.5.2/3.5.3 - Persistent Cross-Site Scripting
by Richard Warren
CVE-2013-3215 EXPLOITDB CRITICAL text
vtiger CRM <5.4.0 - Auth Bypass
vtiger CRM 5.4.0 and earlier contain an Authentication Bypass Vulnerability due to improper authentication validation in the validateSession function.
by EgiX
CVSS 9.8
EIP-2026-112590 EXPLOITDB text
Telmanik CMS Press 1.01b - 'pages.php?page_name' SQL Injection
by Anarchy Angel
CVE-2013-4898 EXPLOITDB text
Timeline Plugin 4.2.5p9 - RCE
Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5p9 for SocialEngine allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in public/temporary/timeline/.
by spyk2r
CVE-2013-5318 EXPLOITDB text VERIFIED
Ginkgo CMS 5.0 - SQL Injection
SQL injection vulnerability in Ginkgo CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the rang parameter to index.php.
by Raw-x
EIP-2026-107310 EXPLOITDB text
FunGamez - Arbitrary File Upload
by cr4wl3r
CVE-2013-4789 EXPLOITDB text VERIFIED
Cotonti <0.9.14 - SQL Injection
SQL injection vulnerability in modules/rss/rss.php in Cotonti before 0.9.14 allows remote attackers to execute arbitrary SQL commands via the "c" parameter to index.php.
by High-Tech Bridge SA
CVE-2013-5006 EXPLOITDB text
Western Digital My Net - Info Disclosure
main_internet.php on the Western Digital My Net N600 and N750 with firmware 1.03.12 and 1.04.16, and the N900 and N900C with firmware 1.05.12, 1.06.18, and 1.06.28, allows remote attackers to discover the cleartext administrative password by reading the "var pass=" line within the HTML source code.
by Kyle Lovett
CVE-2013-2581 EXPLOITDB text VERIFIED
TP-Link IP Cameras <LM.1.6.18P12_sign6 - RCE
cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12_sign6 allows remote attackers to modify the firmware revision via a "preset" action.
by Core Security
By Source
All 31,337 Writeup 60,173 Exploitdb 49,996 Nomisec 21,717 Metasploit 3,219 Github 2,564 Vulncheck_xdb 905 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,940 ruby 5,908 c 3,565 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 91 go 55 postscript 25 xml 24