Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-4949 EXPLOITDB text VERIFIED
Machform 2 - Unauthenticated Arbitrary File Upload and Remote Code Execution via view.php
Unrestricted file upload vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a direct request to the file in the upload form's directory in data/.
by Yashar shahinzadeh
CVE-2013-4948 EXPLOITDB text VERIFIED
Machform 2 - SQL Injection via element_2 Parameter
SQL injection vulnerability in view.php in Machform 2 allows remote attackers to execute arbitrary SQL commands via the element_2 parameter.
by Yashar shahinzadeh
CVE-2013-4694 EXPLOITDB text VERIFIED
Winamp <5.64 Build 3418 - Buffer Overflow
Stack-based buffer overflow in gen_jumpex.dll in Winamp before 5.64 Build 3418 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a package with a long Skin directory name. NOTE: a second buffer overflow involving a long GUI Search field to ml_local.dll was also reported. However, since it is only exploitable by the user of the application, this issue would not cross privilege boundaries unless Winamp is running under a highly restricted environment such as a kiosk.
by Julien Ahrens
CVE-2013-4695 EXPLOITDB HIGH text
Winamp 5.63 - Arbitrary Code Execution via Invalid Pointer Dereference
Winamp 5.63: Invalid Pointer Dereference leading to Arbitrary Code Execution
by Julien Ahrens
CVSS 7.8
EIP-2026-116004 EXPLOITDB text VERIFIED
Opera 12.15 - vtable Corruption
by echo
EIP-2026-114217 EXPLOITDB text VERIFIED
WordPress Plugin WP Feed - 'nid' SQL Injection
by Iranian Exploit DataBase
CVE-2013-4117 EXPLOITDB text VERIFIED
Category Grid View Gallery 2.3.1 - Cross-Site Scripting via ID Parameter
Cross-site scripting (XSS) vulnerability in includes/CatGridPost.php in the Category Grid View Gallery plugin 2.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ID parameter.
by Iranian Exploit DataBase
CVE-2013-4950 EXPLOITDB text VERIFIED
Machform 2 - Cross-Site Scripting via view.php element_2 Parameter
Cross-site scripting (XSS) vulnerability in view.php in Machform 2 allows remote attackers to inject arbitrary web script or HTML via the element_2 parameter.
by Yashar shahinzadeh
CVE-2014-2671 EXPLOITDB text VERIFIED
Microsoft Windows Media Player 11.0.5721.5230 - Memory Corruption
Microsoft Windows Media Player (WMP) 11.0.5721.5230 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via a crafted WAV file.
by Asesino04
CVE-2013-2225 EXPLOITDB text
GLPI < 0.83.9 - Unauthenticated PHP Object Unserialization via _predefined_fields Parameter
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.
by Xavier Mehrenberger
CVE-2013-2218 EXPLOITDB text VERIFIED
libvirt 1.0.6 - Denial of Service via virConnectListAllInterfaces Double Free
Double free vulnerability in the virConnectListAllInterfaces method in interface/interface_backend_netcf.c in libvirt 1.0.6 allows remote attackers to cause a denial of service (libvirtd crash) via a filtering flag that causes an interface to be skipped, as demonstrated by the "virsh iface-list --inactive" command.
by Daniel P. Berrange
CVE-2013-1414 EXPLOITDB text
FortiOS < 4.3.13 and 5.x < 5.0.2 - Cross-Site Request Forgery
Multiple cross-site request forgery (CSRF) vulnerabilities in Fortinet FortiOS on FortiGate firewall devices before 4.3.13 and 5.x before 5.0.2 allow remote attackers to hijack the authentication of administrators for requests that modify (1) settings or (2) policies, or (3) restart the device via a rebootme action to system/maintenance/shutdown.
by Sven Wurth
EIP-2026-101552 EXPLOITDB text
Barracuda SSL VPN 680Vx 2.3.3.193 - Multiple Script Injection Vulnerabilities
by LiquidWorm
CVE-2013-4147 EXPLOITDB text VERIFIED
YARD RADIUS 1.1.2 - Format String Vulnerability in Log and Version Functions
Multiple format string vulnerabilities in Yet Another Radius Daemon (YARD RADIUS) 1.1.2 allow context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in a request in the (1) log_msg function in log.c or (2) version or (3) build_version function in version.c.
by Hamid Zamani
CVE-2013-4692 EXPLOITDB MEDIUM text VERIFIED
Xorbin Analog Flash Clock 1.0 - XSS
Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS
by Prakhar Prasad
CVSS 6.1
CVE-2013-4692 EXPLOITDB MEDIUM text VERIFIED
Xorbin Analog Flash Clock 1.0 - XSS
Xorbin Analog Flash Clock 1.0 extension for Joomia has XSS
by Prakhar Prasad
CVSS 6.1
EIP-2026-105283 EXPLOITDB text VERIFIED
Atomy Maxsite - 'index.php' Arbitrary File Upload
by Iranian_Dark_Coders_Team
EIP-2026-101695 EXPLOITDB text
eFile Wifi Transfer Manager 1.0 - Multiple Vulnerabilities
by Vulnerability-Lab
EIP-2026-114227 EXPLOITDB text VERIFIED
WordPress Plugin WP Private Messages - 'msgid' SQL Injection
by IeDb ir
EIP-2026-109833 EXPLOITDB text VERIFIED
Nameko - 'nameko.php' Cross-Site Scripting
by Andrea Menin
CVE-2013-3639 EXPLOITDB text VERIFIED
Xaraya < 2.4.0 - Cross-Site Scripting via id/interface/name/tabmodule Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Xaraya 2.4.0-b1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) interface, (3) name, or (4) tabmodule parameter to index.php.
by High-Tech Bridge
EIP-2026-106664 EXPLOITDB text VERIFIED
e107 Advanced Medal System Plugin - SQL Injection
by Life Wasted
EIP-2026-103989 EXPLOITDB text VERIFIED
Motion - Multiple Vulnerabilities
by xistence
CVE-2013-3792 EXPLOITDB text VERIFIED
Oracle VM VirtualBox < 4.2.18 - Denial of Service in Core
Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox prior to 3.2.18, 4.0.20, 4.1.28, and 4.2.18 allows local users to affect availability via unknown vectors related to Core.
by Thomas Dreibholz
EIP-2026-105398 EXPLOITDB text VERIFIED
Barnraiser Prairie - 'get_file.php' Directory Traversal
by prairie