Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-117444 EXPLOITDB text VERIFIED
McAfee Data Loss Prevention - Multiple Information Disclosure Vulnerabilities
by Jamie Ooi
CVE-2013-4953 EXPLOITDB text VERIFIED
Top Games Script 1.2 - SQL Injection
SQL injection vulnerability in play.php in Top Games Script 1.2 allows remote attackers to execute arbitrary SQL commands via the gid parameter.
by AtT4CKxT3rR0r1ST
EIP-2026-111386 EXPLOITDB text
PodHawk 1.85 - Arbitrary File Upload
by CWH Underground
CVE-2007-3519 EXPLOITDB text VERIFIED
phpEventCalendar < 0.2.3 - SQL Injection via eventdisplay.php id Parameter
SQL injection vulnerability in eventdisplay.php in phpEventCalendar 0.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
by AtT4CKxT3rR0r1ST
CVE-2013-4952 EXPLOITDB text
elemata_cms RC 3.0 - SQL Injection via id Parameter
SQL injection vulnerability in functions/global.php in Elemata CMS RC 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
by CWH Underground
CVE-2013-5321 EXPLOITDB text
AlienVault OSSIM 4.1 - SQL Injection
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.1 allow remote attackers to execute arbitrary SQL commands via the (1) sensor parameter in a Query action to forensics/base_qry_main.php; the (2) tcp_flags[] or (3) tcp_port[0][4] parameter to forensics/base_stat_alerts.php; the (4) ip_addr[1][8] or (5) port_type parameter to forensics/base_stat_ports.php; or the (6) sortby or (7) rvalue parameter in a search action to vulnmeter/index.php.
by Glafkos Charalambous
EIP-2026-102082 EXPLOITDB text
TRENDnet TE100-P1U Print Server Firmware 4.11 - Authentication Bypass
by Chako
CVE-2013-3307 EXPLOITDB HIGH text
Linksys E1000/E1200/E3200 - Command Injection
Linksys E1000 devices through 2.1.02, E1200 devices before 2.0.05, and E3200 devices through 1.0.04 allow OS command injection via shell metacharacters in the apply.cgi ping_ip parameter on TCP port 52000.
by m-1-k-3
CVSS 8.3
EIP-2026-100804 EXPLOITDB text VERIFIED
FtpLocate - HTML Injection
by Chako
CVE-2013-2227 EXPLOITDB HIGH text
GLPI 0.83.7 - Local File Inclusion via common.tabs.php
GLPI 0.83.7 has Local File Inclusion in common.tabs.php.
by LiquidWorm
CVSS 7.5
EIP-2026-109561 EXPLOITDB text VERIFIED
Monkey CMS - Multiple Vulnerabilities
by Yashar shahinzadeh_ Mormoroth
EIP-2026-106917 EXPLOITDB text VERIFIED
et-chat - Privilege Escalation / Arbitrary File Upload
by MR.XpR
CVE-2013-4664 EXPLOITDB MEDIUM text
SPBAS Business Automation Software 2012 - XSS
SPBAS Business Automation Software 2012 has XSS.
by Christy Philip Mathew
CVSS 6.1
CVE-2013-10055 EXPLOITDB CRITICAL text VERIFIED
Havalite CMS 1.1.7 - Unauthenticated RCE
An unauthenticated arbitrary file upload vulnerability exists in Havalite CMS version 1.1.7 (and possibly earlier) in the upload.php script. The application fails to enforce proper file extension validation and authentication checks, allowing remote attackers to upload malicious PHP files via a crafted multipart/form-data POST request. Once uploaded, the attacker can access the file directly under havalite/tmp/files/, resulting in remote code execution.
by CWH Underground
EIP-2026-114145 EXPLOITDB text
WordPress Plugin Ultimate WordPress Auction Plugin 1.0 - Cross-Site Request Forgery
by expl0i13r
CVE-2013-4665 EXPLOITDB MEDIUM text
SPBAS Business Automation Software 2012 - CSRF
SPBAS Business Automation Software 2012 has CSRF.
by Christy Philip Mathew
CVSS 6.5
EIP-2026-112091 EXPLOITDB text VERIFIED
Simple File Manager 024 - Authentication Bypass
by Chako
EIP-2026-107161 EXPLOITDB text VERIFIED
Fly-High CMS 2012-07-08 - Unrestricted Arbitrary File Upload
by CWH Underground
EIP-2026-114570 EXPLOITDB text VERIFIED
ZamFoo - 'date' Remote Command Injection
by localhost.re
EIP-2026-100071 EXPLOITDB text VERIFIED
TaxiMonger for Android - 'name' HTML Injection
by Ismail Kaleem
CVE-2013-10054 EXPLOITDB CRITICAL text VERIFIED
LibrettoCMS 1.1.7 - Unauthenticated RCE
An unauthenticated arbitrary file upload vulnerability exists in LibrettoCMS version 1.1.7 (and possibly earlier) contains an unauthenticated arbitrary file upload vulnerability in its File Manager plugin. The upload handler located at adm/ui/js/ckeditor/plugins/pgrfilemanager/php/upload.php fails to properly validate file extensions, allowing attackers to upload files with misleading extensions and subsequently rename them to executable .php scripts. This enables remote code execution on the server without authentication.
by CWH Underground
CVE-2013-2182 EXPLOITDB text VERIFIED
monkey-project/monkey < 1.4.0 - Remote Access Restriction Bypass via Crafted URI
The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash.
by felipensp
CVE-2013-3543 EXPLOITDB text
AXIS Media Control ActiveX Control - Arbitrary File Write via StartRecord, SaveCurrentImage, or StartRecordMedia Methods
The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) 6.2.10.11 for AXIS network cameras allows remote attackers to create or overwrite arbitrary files via a file path to the (1) StartRecord, (2) SaveCurrentImage, or (3) StartRecordMedia methods.
by Javier Repiso Sánchez
CVE-2013-3691 EXPLOITDB HIGH text
AirLive POE-2600HD Firmware - Denial of Service via Long URL
AirLive POE-2600HD allows remote attackers to cause a denial of service (device reset) via a long URL.
by Sánchez_ Lopez_ Castillo
CVSS 7.5
CVE-2013-3963 EXPLOITDB text VERIFIED
Grandstream GXV Device Firmware - Cross-Site Request Forgery in User Management
Cross-site request forgery (CSRF) vulnerability in goform/usermanage in Grandstream GXV3501, GXV3504, GXV3601, GXV3601HD/LL, GXV3611HD/LL, GXV3615W/P, GXV3651FHD, GXV3662HD, GXV3615WP_HD, GXV3500, and possibly other camera models allows remote attackers to hijack the authentication of unspecified victims for requests that add users.
by Castillo