Text Exploits

CVE-2013-5314 EXPLOITDB text VERIFIED

Serendipity <1.6.2 - XSS

Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[htmltarget] parameter.

by Omar Kurt

View

CVE-2013-4620 EXPLOITDB text VERIFIED

OpenEMR 4.1.1 - XSS

Cross-site scripting (XSS) vulnerability in interface/main/onotes/office_comments_full.php in OpenEMR 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the note parameter.

by Nate Drier

View

EIP-2026-100231 EXPLOITDB text VERIFIED

Corda Highwire - 'Highwire.ashx' Full Path Disclosure

by Adam Willard

View

EIP-2026-100230 EXPLOITDB text VERIFIED

Corda .NET Redirector - 'redirector.corda' Cross-Site Scripting

by Adam Willard

View

CVE-2013-5020 EXPLOITDB text VERIFIED

MiniBB <3.0.1 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in bb_admin.php in MiniBB before 3.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_name, (2) forum_group, (3) forum_icon, or (4) forum_desc parameter. NOTE: the whatus vector is already covered by CVE-2008-2066.

by Netsparker

View

EIP-2026-113027 EXPLOITDB text

vBulletin vBShout Mod - Persistent Cross-Site Scripting

by []0iZy5

View

EIP-2026-113016 EXPLOITDB text

vBulletin Advanced User Tagging Mod - Persistent Cross-Site Scripting

by []0iZy5

View

CVE-2013-4951 EXPLOITDB text VERIFIED

Mintboard 0.3 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in Mintboard 0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) pass parameter in views/login.php or (3) name or (4) pass parameter in views/signup.php.

by Canberk BOLAT

View

EIP-2026-108024 EXPLOITDB text VERIFIED

iVote - 'details.php' SQL Injection

by Ashiyane Digital Security Team

View

CVE-2013-2160 EXPLOITDB text VERIFIED

Apache Cxf < 2.5.10 - Resource Management Error

The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors.

by SEC Consult

View

CVE-2010-1183 EXPLOITDB text

Oracle Solaris - Info Disclosure

Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager.

by Larry W. Cashdollar

View

EIP-2026-102195 EXPLOITDB text VERIFIED

Air Drive Plus - Multiple Input Validation Vulnerabilities

by Benjamin Kunz Mejri

View

EIP-2026-110311 EXPLOITDB text VERIFIED

OpenNetAdmin 13.03.01 - Remote Code Execution

by Mandat0ry

View

EIP-2026-101614 EXPLOITDB text

D-Link - OS-Command Injection via UPnP Interface

by m-1-k-3

View

CVE-2013-3515 EXPLOITDB text

Openx < 2.8.10 - XSS

Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php.

by High-Tech Bridge SA

View

CVE-2013-7376 EXPLOITDB text

OpenX 2.8.10 - CSRF

Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514.

by High-Tech Bridge SA

View

CVE-2013-3729 EXPLOITDB text

Kasseler-cms < 2 - CSRF

Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler CMS before 2 r1232 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) groups[] parameter in a send action in the sendmail module or (2) query parameter in a sql_query action in the database module to admin.php, related to CVE-2013-3727.

by High-Tech Bridge SA

View

EIP-2026-104341 EXPLOITDB text

Mobile Atlas Creator 1.9.12 - Persistent Command Injection

by Vulnerability-Lab

View

CVE-2013-4949 EXPLOITDB text VERIFIED

Machform 2 - RCE

Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/.

by Yashar shahinzadeh

View

CVE-2013-4948 EXPLOITDB text VERIFIED

Machform 2 - SQL Injection

SQL injection vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary SQL commands via the element_2 parameter.

by Yashar shahinzadeh

View

CVE-2013-4694 EXPLOITDB text VERIFIED

Winamp <5.64 Build 3418 - Buffer Overflow

Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk.

by Julien Ahrens

View

CVE-2013-4695 EXPLOITDB HIGH text

Winamp 5.63 - RCE

Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution

by Julien Ahrens

CVSS 7.8

View

EIP-2026-116004 EXPLOITDB text VERIFIED

Opera 12.15 - vtable Corruption

by echo

View

EIP-2026-114217 EXPLOITDB text VERIFIED

WordPress Plugin WP Feed - 'nid' SQL Injection

by Iranian Exploit DataBase

View

CVE-2013-4117 EXPLOITDB text VERIFIED

Anshul Sharma Category-grid-view-gallery - XSS

Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter.

by Iranian Exploit DataBase

View