Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-102264 EXPLOITDB text
Olive File Manager 1.0.1 iOS - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-102242 EXPLOITDB text
FTP Sprite 1.2.1 iOS - Persistent Cross-Site Scripting
by Vulnerability-Lab
CVE-2013-4945 EXPLOITDB text
BMC Service Desk Express 10.2.1.95 - SQL Injection
Multiple SQL injection vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to execute arbitrary SQL commands via the (1) ASPSESSIONIDASSRATTQ, (2) TABLE_WIDGET_1, (3) TABLE_WIDGET_2, (4) browserDateTimeInfo, or (5) browserNumberInfo cookie parameter to DashBoardGUI.aspx; or the (6) UID parameter to login.aspx.
by Nuri Fattah
CVE-2013-4883 EXPLOITDB text
McAfee ePolicy Orchestrator <4.6.6 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in McAfee ePolicy Orchestrator 4.6.6 and earlier, and the ePO Extension for the McAfee Agent (MA) 4.5 through 4.6, allow remote attackers to inject arbitrary web script or HTML via the (1) instanceId parameter core/loadDisplayType.do; (2) instanceId or (3) monitorUrl parameter to console/createDashboardContainer.do; uid parameter to (4) ComputerMgmt/sysDetPanelBoolPie.do or (5) ComputerMgmt/sysDetPanelSummary.do; (6) uid, (7) orion.user.security.token, or (8) ajaxMode parameter to ComputerMgmt/sysDetPanelQry.do; or (9) uid, (10) orion.user.security.token, or (11) ajaxMode parameter to ComputerMgmt/sysDetPanelSummary.do.
by Nuri Fattah
EIP-2026-114080 EXPLOITDB text VERIFIED
WordPress Plugin Spicy Blogroll - Local File Inclusion
by Ahlspiess
CVE-2013-4946 EXPLOITDB text
BMC Service Desk Express 10.2.1.95 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in BMC Service Desk Express (SDE) 10.2.1.95 allow remote attackers to inject arbitrary web script or HTML via the (1) SelTab parameter to QV_admin.aspx, the (2) CallBack parameter to QV_grid.aspx, or the (3) HelpPage parameter to commonhelp.aspx.
by Nuri Fattah
CVE-2013-4954 EXPLOITDB text VERIFIED
Genetech Solutions Pie-Register <1.31 - XSS
Multiple cross-site scripting (XSS) vulnerabilities in wp-login.php in the Genetech Solutions Pie-Register plugin before 1.31 for WordPress, when "Allow New Registrations to set their own Password" is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) pass1 or (2) pass2 parameter in a register action. NOTE: some of these details are obtained from third party information.
by gravitylover
CVE-2013-5314 EXPLOITDB text VERIFIED
Serendipity < 1.6.2 - Cross-Site Scripting via serendipity[htmltarget] Parameter
Cross-site scripting (XSS) vulnerability in serendipity_admin_image_selector.php in Serendipity 1.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the serendipity[htmltarget] parameter.
by Omar Kurt
CVE-2013-4620 EXPLOITDB text VERIFIED
OpenEMR 4.1.1 - Cross-Site Scripting via Office Comments Note Parameter
Cross-site scripting (XSS) vulnerability in interface/main/onotes/office_comments_full.php in OpenEMR 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the note parameter.
by Nate Drier
EIP-2026-100231 EXPLOITDB text VERIFIED
Corda Highwire - 'Highwire.ashx' Full Path Disclosure
by Adam Willard
EIP-2026-100230 EXPLOITDB text VERIFIED
Corda .NET Redirector - 'redirector.corda' Cross-Site Scripting
by Adam Willard
CVE-2013-5020 EXPLOITDB text VERIFIED
MiniBB < 3.0.1 - Cross-Site Scripting via forum_name, forum_group, forum_icon, or forum_desc Parameter
Multiple cross-site scripting (XSS) vulnerabilities in bb_admin.php in MiniBB before 3.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_name, (2) forum_group, (3) forum_icon, or (4) forum_desc parameter. NOTE: the whatus vector is already covered by CVE-2008-2066.
by Netsparker
EIP-2026-113027 EXPLOITDB text
vBulletin vBShout Mod - Persistent Cross-Site Scripting
by []0iZy5
EIP-2026-113016 EXPLOITDB text
vBulletin Advanced User Tagging Mod - Persistent Cross-Site Scripting
by []0iZy5
CVE-2013-4951 EXPLOITDB text VERIFIED
mintboard 0.3 - Cross-Site Scripting via Login or Signup Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Mintboard 0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) pass parameter in views/login.php or (3) name or (4) pass parameter in views/signup.php.
by Canberk BOLAT
EIP-2026-108024 EXPLOITDB text VERIFIED
iVote - 'details.php' SQL Injection
by Ashiyane Digital Security Team
CVE-2013-2160 EXPLOITDB text VERIFIED
Apache CXF 2.5.0-2.5.9, 2.6.0-2.6.6, 2.7.0-2.7.3 - Denial of Service via Crafted XML
The streaming XML parser in Apache CXF 2.5.x before 2.5.10, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via crafted XML with a large number of (1) elements, (2) attributes, (3) nested constructs, and possibly other vectors.
by SEC Consult
CVE-2010-1183 EXPLOITDB text
Oracle Solaris - Arbitrary File Write via Symlink Attack on /tmp/CLEANUP
Certain patch-installation scripts in Oracle Solaris allow local users to append data to arbitrary files via a symlink attack on the /tmp/CLEANUP temporary file, related to use of Update Manager.
by Larry W. Cashdollar
EIP-2026-102195 EXPLOITDB text VERIFIED
Air Drive Plus - Multiple Input Validation Vulnerabilities
by Benjamin Kunz Mejri
EIP-2026-110311 EXPLOITDB text VERIFIED
OpenNetAdmin 13.03.01 - Remote Code Execution
by Mandat0ry
EIP-2026-101614 EXPLOITDB text
D-Link - OS-Command Injection via UPnP Interface
by m-1-k-3
CVE-2013-3515 EXPLOITDB text
OpenX < 2.8.10 - Cross-Site Scripting via Package or Group Parameter
Multiple cross-site scripting (XSS) vulnerabilities in OpenX Source 2.8.10 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) package parameter to www/admin/plugin-index.php or the (2) group parameter to www/admin/plugin-settings.php.
by High-Tech Bridge SA
CVE-2013-7376 EXPLOITDB text
OpenX 2.8.10 - Cross-Site Request Forgery via Plugin Preferences and Settings
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to (1) plugin-preferences.php or (2) plugin-settings.php in www/admin, a different vulnerability than CVE-2013-3514.
by High-Tech Bridge SA
CVE-2013-3729 EXPLOITDB text
Kasseler CMS < 2 - Cross-Site Request Forgery via Admin PHP Parameters
Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler CMS before 2 r1232 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via the (1) groups[] parameter in a send action in the sendmail module or (2) query parameter in a sql_query action in the database module to admin.php, related to CVE-2013-3727.
by High-Tech Bridge SA
EIP-2026-104341 EXPLOITDB text
Mobile Atlas Creator 1.9.12 - Persistent Command Injection
by Vulnerability-Lab