Text Exploits

CVE-2013-4865 EXPLOITDB MEDIUM text VERIFIED

MiCasaVerde VeraLite <1.5.408 - CSRF

Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that install arbitrary firmware via the squashfs parameter.

by Trustwave's SpiderLabs

CVSS 6.5

View

CVE-2013-4859 EXPLOITDB HIGH text VERIFIED

INSTEON Hub 2242-222 - No Auth Required

INSTEON Hub 2242-222 lacks Web and API authentication

by Trustwave's SpiderLabs

CVSS 8.1

View

CVE-2013-7389 EXPLOITDB text

D-Link DIR-645 Router - XSS

Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid parameter to parentalcontrols/bind.php, (2) RESULT parameter to info.php, or (3) receiver parameter to bsc_sms_send.php.

by Roberto Paleari

View

CVE-2013-4868 EXPLOITDB MEDIUM text VERIFIED

Karotz API <12.07.19.00 - Info Disclosure

Karotz API 12.07.19.00: Session Token Information Disclosure

by Trustwave's SpiderLabs

CVSS 5.3

View

CVE-2013-2653 EXPLOITDB text VERIFIED

SilverStripe 3.0.3 - CSRF

security/MemberLoginForm.php in SilverStripe 3.0.3 supports login using a GET request, which makes it easier for remote attackers to conduct phishing attacks without detection by the victim.

by Fara Rustein

View

CVE-2013-4200 EXPLOITDB text VERIFIED

Plone < 4.1.1 - Access Control

The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows remote attackers to bypass the allow_external_login_sites filtering property, redirect users to arbitrary web sites, and conduct phishing attacks via a space before a URL in the "next" parameter to acl_users/credentials_cookie_auth/require_login.

by Cyrill Bannwart

View

CVE-2013-4624 EXPLOITDB text VERIFIED

Jahia xCM 6.6.1.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Jahia xCM 6.6.1.0 before hotfix 7 allow remote attackers to inject arbitrary web script or HTML via (1) the site parameter to engines/manager.jsp, (2) the searchString parameter to administration/ in a search action, or the (3) username, (4) firstName, (5) lastName, (6) email, or (7) organization field to administration/ in a users action.

by High-Tech Bridge

View

CVE-2013-4624 EXPLOITDB text VERIFIED

Jahia xCM 6.6.1.0 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Jahia xCM 6.6.1.0 before hotfix 7 allow remote attackers to inject arbitrary web script or HTML via (1) the site parameter to engines/manager.jsp, (2) the searchString parameter to administration/ in a search action, or the (3) username, (4) firstName, (5) lastName, (6) email, or (7) organization field to administration/ in a users action.

by High-Tech Bridge

View

EIP-2026-107160 EXPLOITDB text

FluxBB 1.5.3 - Multiple Vulnerabilities

by LiquidWorm

View

EIP-2026-102307 EXPLOITDB text

WebDisk 3.0.2 PhotoViewer iOS - Command Execution

by Vulnerability-Lab

View

EIP-2026-102291 EXPLOITDB text

Private Photos 1.0 iOS - Persistent Cross-Site Scripting

by Vulnerability-Lab

View

EIP-2026-113442 EXPLOITDB text

Windu CMS 2.2 - Multiple Vulnerabilities

by LiquidWorm

View

CVE-2013-1616 EXPLOITDB text VERIFIED

Symantec Web Gateway < 5.1 - OS Command Injection

The management console on the Symantec Web Gateway (SWG) appliance before 5.1.1 allows remote attackers to execute arbitrary commands by injecting a command into an application script.

by SEC Consult

View

EIP-2026-106690 EXPLOITDB text

Easy Blog by JM LLC - Multiple Vulnerabilities

by Sp3ctrecore

View

EIP-2026-105402 EXPLOITDB text

Basic Forum by JM LLC - Multiple Vulnerabilities

by Sp3ctrecore

View

EIP-2026-105092 EXPLOITDB text VERIFIED

Alienvault Open Source SIEM (OSSIM) - Multiple Cross-Site Scripting Vulnerabilities

by xistence

View

CVE-2013-4625 EXPLOITDB text VERIFIED

WordPress Duplicator <0.4.5 - XSS

Cross-site scripting (XSS) vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter.

by High-Tech Bridge

View

EIP-2026-112997 EXPLOITDB text VERIFIED

vBulletin 4.0.2 - 'update_order' SQL Injection

by n3tw0rk

View

CVE-2013-2574 EXPLOITDB HIGH text VERIFIED

FOSCAM IP Camera FI8620 - Info Disclosure

An Access vulnerability exists in FOSCAM IP Camera FI8620 due to insufficient access restrictions in the /tmpfs/ and /log/ directories, which could let a malicious user obtain sensitive information.

by Core Security

CVSS 7.5

View

CVE-2013-2577 EXPLOITDB text VERIFIED

XnView <2.04 - RCE

Buffer overflow in XnView before 2.04 allows remote attackers to execute arbitrary code via a crafted PCT file.

by Core Security

View

CVE-2013-3174 EXPLOITDB text

Microsoft Windows - Code Injection

DirectShow in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 allows remote attackers to execute arbitrary code via a crafted GIF file, aka "DirectShow Arbitrary Memory Overwrite Vulnerability."

by Andrés Gómez Ramírez

View

CVE-2013-2576 EXPLOITDB text VERIFIED

Artweaver <3.1.6 - Buffer Overflow

Buffer overflow in Artweaver before 3.1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted AWD file.

by Core Security

View

EIP-2026-106403 EXPLOITDB text

Dell Kace 1000 SMA 5.4.742 - SQL Injection

by Vulnerability-Lab

View

EIP-2026-102274 EXPLOITDB text

Photo Server 2.0 iOS - Multiple Vulnerabilities

by Vulnerability-Lab

View

EIP-2026-116477 EXPLOITDB text VERIFIED

VbsEdit 5.9.3 - '.smi' Buffer Overflow (PoC)

by d3b4g

View