Text Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-3307 EXPLOITDB HIGH text
Linksys E1000/E1200/E3200 - Command Injection
Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in the apply.cgi ping_ip parameter on TCP port 52000.
by m-1-k-3
CVSS 8.3
EIP-2026-100804 EXPLOITDB text VERIFIED
FtpLocate - HTML Injection
by Chako
CVE-2013-2227 EXPLOITDB HIGH text
Glpi - Improper Input Validation
GLPI 0.83.7 has Local File Inclusion in common.tabs.php.
by LiquidWorm
CVSS 7.5
EIP-2026-109561 EXPLOITDB text VERIFIED
Monkey CMS - Multiple Vulnerabilities
by Yashar shahinzadeh_ Mormoroth
EIP-2026-106917 EXPLOITDB text VERIFIED
et-chat - Privilege Escalation / Arbitrary File Upload
by MR.XpR
CVE-2013-4664 EXPLOITDB MEDIUM text
SPBAS Business Automation Software 2012 - XSS
SPBAS Business Automation Software 2012 has XSS.
by Christy Philip Mathew
CVSS 6.1
CVE-2013-10055 EXPLOITDB CRITICAL text VERIFIED
Havalite CMS 1.1.7 - Unauthenticated RCE
An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The application fails to enforce proper file extension validation and authentication checks, allowing remote attackers to upload malicious PHP files via a crafted multipart/form-data POST request. Once uploaded, the attacker can access the file directly under havalite/tmp/files/, resulting in remote code execution.
by CWH Underground
EIP-2026-114145 EXPLOITDB text
WordPress Plugin Ultimate WordPress Auction Plugin 1.0 - Cross-Site Request Forgery
by expl0i13r
CVE-2013-4665 EXPLOITDB MEDIUM text
SPBAS Business Automation Software 2012 - CSRF
SPBAS Business Automation Software 2012 has CSRF.
by Christy Philip Mathew
CVSS 6.5
EIP-2026-112091 EXPLOITDB text VERIFIED
Simple File Manager 024 - Authentication Bypass
by Chako
EIP-2026-107161 EXPLOITDB text VERIFIED
Fly-High CMS 2012-07-08 - Unrestricted Arbitrary File Upload
by CWH Underground
EIP-2026-114570 EXPLOITDB text VERIFIED
ZamFoo - 'date' Remote Command Injection
by localhost.re
EIP-2026-100071 EXPLOITDB text VERIFIED
TaxiMonger for Android - 'name' HTML Injection
by Ismail Kaleem
CVE-2013-10054 EXPLOITDB CRITICAL text VERIFIED
LibrettoCMS 1.1.7 - Unauthenticated RCE
An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 (and possibly earlier) contains an unauthenticated arbitrary file upload vulnerability in its File Manager plugin. The upload handler located at adm/ui/js/ckeditor/plugins/pgrfilemanager/php/upload.php fails to properly validate file extensions, allowing attackers to upload files with misleading extensions and subsequently rename them to executable .php scripts. This enables remote code execution on the server without authentication.
by CWH Underground
CVE-2013-2182 EXPLOITDB text VERIFIED
Monkey < 1.4.0 - Access Control
The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash.
by felipensp
CVE-2013-3543 EXPLOITDB text
Axis Media Control Activex Control - Access Control
The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) 6.2.10.11 for AXIS network cameras allows remote attackers to create or overwrite arbitrary files via a file path to the (1) StartRecord, (2) SaveCurrentImage, or (3) StartRecordMedia methods.
by Javier Repiso Sánchez
CVE-2013-3691 EXPLOITDB HIGH text
Ovislink Airlive Poe2600hd Firmware - Denial of Service
AirLive POE-2600HD allows remote attackers to cause a denial of service (device reset) via a long URL.
by Sánchez_ Lopez_ Castillo
CVSS 7.5
CVE-2013-3963 EXPLOITDB text VERIFIED
Grandstream Gxv Device Firmware < 1.0.4.43 - CSRF
Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the authentication of unspecified victims for requests that add users.
by Castillo
CVE-2013-1606 EXPLOITDB text VERIFIED
UI Airvision Firmware < 1.1.5 - Memory Corruption
Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT AirCam with airVision firmware before 1.1.6 allows remote attackers to execute arbitrary code via a long rtsp: URI in a DESCRIBE request.
by Core Security
EIP-2026-114264 EXPLOITDB text
WordPress Plugin WP-SendSms 1.0 - Multiple Vulnerabilities
by expl0i13r
CVE-2013-3739 EXPLOITDB text VERIFIED
Network-weathermap .network Weathermap < 0.97 - Path Traversal
Directory traversal vulnerability in editor.php in Network Weathermap 0.97c and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the mapname parameter in a show_config action.
by Anthony Dubuissez
CVE-2013-3961 EXPLOITDB text
Abeel Simple Php Agenda < 2.2.8 - SQL Injection
SQL injection vulnerability in edit_event.php in Simple PHP Agenda before 2.2.9 allows remote authenticated users to execute arbitrary SQL commands via the eventid parameter.
by Anthony Dubuissez
EIP-2026-109834 EXPLOITDB text VERIFIED
NanoBB 0.7 - Multiple Vulnerabilities
by CWH Underground
EIP-2026-109500 EXPLOITDB text VERIFIED
mkCMS - 'index.php' Arbitrary PHP Code Execution
by CWH Underground
EIP-2026-107168 EXPLOITDB text VERIFIED
Fobuc Guestbook 0.9 - SQL Injection
by CWH Underground
By Source
All 31,337 Writeup 60,186 Exploitdb 49,996 Nomisec 21,730 Metasploit 3,219 Github 2,577 Vulncheck_xdb 905 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,951 ruby 5,908 c 3,567 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 91 go 55 postscript 25 xml 24