Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-4727 EXPLOITDB text VERIFIED
DDSN Interactive cm3 Acora CMS - Info Disclosure
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx.
by Pedro Andujar
CVE-2013-3314 EXPLOITDB HIGH text
Loftek Nexus 543 Firmware - Unauthenticated Sensitive Information Exposure via get_realip.cgi and get_status.cgi
The Loftek Nexus 543 IP Camera allows remote attackers to obtain (1) IP addresses via a request to get_realip.cgi or (2) firmware versions (ui and system), timestamp, serial number, p2p port number, and wifi status via a request to get_status.cgi.
by Craig Young
CVSS 7.5
EIP-2026-101180 EXPLOITDB text
Belkin G Wireless Router Firmware 5.00.12 - Remote Code Execution
by Aodrulez
CVE-2013-3597 EXPLOITDB text VERIFIED
SearchBlox < 7.5 - Exposure of Sensitive Information via CollectionListServlet
servlet/CollectionListServlet in SearchBlox before 7.5 build 1 allows remote attackers to read usernames and passwords via a getList action.
by Ricky Roane Jr
CVE-2013-4900 EXPLOITDB text
DeWeS web server <0.4.2 - Path Traversal
Directory traversal vulnerability in DeWeS web server 0.4.2 and possibly earlier, as used in Twilight CMS, allows remote attackers to read arbitrary files via a ..%5c (dot dot encoded backslash) in a GET request.
by High-Tech Bridge SA
CVE-2008-4423 EXPLOITDB text VERIFIED
Ovidentia 6.6.5 - SQL Injection via Item Parameter in Contact Modify Action
SQL injection vulnerability in index.php in Ovidentia 6.6.5 allows remote attackers to execute arbitrary SQL commands via the item parameter in a contact modify action.
by LiquidWorm
EIP-2026-105764 EXPLOITDB text
CBHotel Hotel Software and Booking system 1.8 - Multiple Vulnerabilities
by Dylan Irzi
CVE-2013-1662 EXPLOITDB text VERIFIED
VMware Workstation 8.x-9.x and Player 4.x-5.x - Privilege Escalation via PATH lsb_release Hijacking
vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in a directory in the PATH, related to use of the popen library function.
by Tavis Ormandy
CVE-2013-4124 EXPLOITDB text
Samba 3.x-3.5.21, 3.6.x-3.6.16, 4.x-4.0.7 - Denial of Service via Malformed NTTRANS Packet
Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
by x90c
CVE-2013-0632 EXPLOITDB CRITICAL text
Adobe ColdFusion 9.0-9.0.2, 10 - Unauthenticated Authentication Bypass and Remote Code Execution via RDS Component
administrator.cfc in Adobe ColdFusion 9.0, 9.0.1, 9.0.2, and 10 allows remote attackers to bypass authentication and possibly execute arbitrary code by logging in to the RDS component using the default empty password and leveraging this session to access the administrative web interface, as exploited in the wild in January 2013.
by Scott Buckel
CVSS 9.8
EIP-2026-119011 EXPLOITDB text
Oracle Java - 'BytePackedRaster.verify()' Signed Integer Overflow
by Packet Storm
CVE-2013-4888 EXPLOITDB text VERIFIED
Xibo 1.4.2 - Cross-Site Scripting via Layout Parameter
Cross-site scripting (XSS) vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page.
by Jacob Holcomb
EIP-2026-114115 EXPLOITDB text
WordPress Plugin ThinkIT 0.1 - Multiple Vulnerabilities
by Yashar shahinzadeh
CVE-2013-4900 EXPLOITDB text VERIFIED
DeWeS web server <0.4.2 - Path Traversal
Directory traversal vulnerability in DeWeS web server 0.4.2 and possibly earlier, as used in Twilight CMS, allows remote attackers to read arbitrary files via a ..%5c (dot dot encoded backslash) in a GET request.
by High-Tech Bridge
EIP-2026-102006 EXPLOITDB text
Sitecom N300/N600 Devices - Multiple Vulnerabilities
by Roberto Paleari
CVE-2013-3586 EXPLOITDB text
Samsung Smart Viewer - Unauthenticated Authentication Bypass via SessionID Cookie
Samsung Web Viewer for Samsung DVR devices allows remote attackers to bypass authentication via an arbitrary SessionID value in a cookie.
by Andrea Fabrizi
EIP-2026-105571 EXPLOITDB text VERIFIED
Bo-Blog 2.1.1 - Cross-Site Scripting / SQL Injection
by Ashiyane Digital Security Team
CVE-2013-0526 EXPLOITDB text
IBM Avocent 1754 KVM - Command Injection
ping.php in Global Console Manager 16 (GCM16) and Global Console Manager 32 (GCM32) before 1.20.0.22575 on the IBM Avocent 1754 KVM switch allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) count or (2) size parameter.
by Alejandro Alvarez Bravo
EIP-2026-111625 EXPLOITDB text VERIFIED
Quack Chat 1.0 - Multiple Vulnerabilities
by Dylan Irzi
EIP-2026-102275 EXPLOITDB text
Photo Transfer Upload 1.0 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-102222 EXPLOITDB text
Copy to WebDAV 1.1 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
CVE-2013-5092 EXPLOITDB text VERIFIED
AlgoSec Firewall Analyzer 6.1-b86 - XSS
Cross-site scripting (XSS) vulnerability in afa/php/Login.php in AlgoSec Firewall Analyzer 6.1-b86 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
by Asheesh kumar Mani Tripathi
EIP-2026-119012 EXPLOITDB text
Oracle Java - 'IntegerInterleavedRaster.verify()' Signed Integer Overflow
by Packet Storm
EIP-2026-113168 EXPLOITDB text
w-CMS 2.0.1 - Remote Code Execution
by ICheer_No0M
EIP-2026-112395 EXPLOITDB text
Spitfire CMS 1.1.4 - Cross-Site Request Forgery
by Yashar shahinzadeh