Text Exploits

31,337 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-4098 EXPLOITDB text
DS3 Authentication Server - Improper Input Validation
ServerAdmin/ErrorViewer.jsp in DS3 Authentication Server allow remote attackers to inject arbitrary error-page text via the message parameter.
by Pedro Andujar
CVE-2013-2571 EXPLOITDB CRITICAL text VERIFIED
Iris 3.8 <build 1548 - RCE
Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer.
by Core Security
CVSS 9.8
CVE-2013-0143 EXPLOITDB text VERIFIED
Qnap Viostor Network Video Recorder - Code Injection
cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string.
by Tim Herres
CVE-2013-2621 EXPLOITDB MEDIUM text VERIFIED
Telaen <1.3.1 - Open Redirect
Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL.
by Manuel García Cárdenas
CVSS 6.1
CVE-2013-2623 EXPLOITDB MEDIUM text VERIFIED
Telaen <1.3.1 - XSS
Cross-site Scripting (XSS) in Telaen before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the "f_email" parameter in index.php.
by Manuel García Cárdenas
CVSS 6.1
EIP-2026-105972 EXPLOITDB text VERIFIED
CMS Gratis Indonesia - 'config.php' PHP Code Injection
by CWH Underground
CVE-2013-3969 EXPLOITDB text VERIFIED
Mongodb - Resource Management Error
The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possibly execute arbitrary code via an invalid RefDB object.
by SCRT Security
CVE-2013-2624 EXPLOITDB MEDIUM text VERIFIED
Telean <1.3.1 - Info Disclosure
Telean before 1.3.1 contains a full path disclosure vulnerability which could allow remote attackers to obtain sensitive information through a specially crafted URL request.
by Manuel García Cárdenas
CVSS 5.3
EIP-2026-116914 EXPLOITDB text VERIFIED
BOINC Manager (Seti@home) 7.0.64 - Field Buffer Overflow (SEH)
by xis_one
EIP-2026-111217 EXPLOITDB text VERIFIED
PhpTax 0.8 - File Manipulation 'newvalue' / Remote Code Execution
by CWH Underground
CVE-2013-3724 EXPLOITDB text
Monkey - Improper Input Validation
The mk_request_header_process function in mk_request.c in Monkey 1.1.1 allows remote attackers to cause a denial of service (thread crash and service outage) via a '\0' character in an HTTP request.
by Doug Prostko
CVE-2013-1604 EXPLOITDB text VERIFIED
Maygion IP Camera Firmware < 09.27 - Path Traversal
Directory traversal vulnerability in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.
by Core Security
CVE-2013-2572 EXPLOITDB HIGH text VERIFIED
TP-LINK IP Cameras - Auth Bypass
A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which could let a malicious user obtain unauthorized access to CGI files.
by Core Security
CVSS 7.5
CVE-2013-2567 EXPLOITDB HIGH text VERIFIED
Zavio IP Cameras <1.6.03 - Auth Bypass
An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sensitive information.
by Core Security
CVSS 7.5
EIP-2026-107633 EXPLOITDB text VERIFIED
HostBill - 'cpupdate.php' Authentication Bypass
by localhost.re
CVE-2013-2570 EXPLOITDB CRITICAL text VERIFIED
Zavio IP Cameras <1.6.3 - Command Injection
A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remove malicious user execute arbitrary code.
by Core Security
CVSS 9.8
CVE-2013-2573 EXPLOITDB CRITICAL text VERIFIED
TP-Link IP Camera - Command Injection
A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. and 4171G 1.6.18P12s, which could let a malicious user execute arbitrary code.
by Core Security
CVSS 9.8
CVE-2013-1605 EXPLOITDB text VERIFIED
Maygion IP Camera Firmware < 09.27 - Memory Corruption
Buffer overflow in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to execute arbitrary code via a long filename in a GET request.
by Core Security
EIP-2026-106814 EXPLOITDB text VERIFIED
Elastix - Multiple Cross-Site Scripting Vulnerabilities
by cheki
EIP-2026-113534 EXPLOITDB text VERIFIED
WordPress Plugin ADIF Log Search Widget - 'logbook_search.php' Cross-Site Scripting
by k3170makan
EIP-2026-101176 EXPLOITDB text VERIFIED
Barracuda SSL VPN 680 - 'returnTo' Open Redirection
by Chokri Ben Achor
EIP-2026-119133 EXPLOITDB text
SIEMENS Solid Edge ST4/ST5 WebPartHelper - ActiveX RFMSsvs!JShellExecuteEx Remote Code Execution
by rgod
EIP-2026-116431 EXPLOITDB text
Trend Micro DirectPass 1.5.0.1060 - Multiple Software Vulnerabilities
by Vulnerability-Lab
EIP-2026-116242 EXPLOITDB text
SIEMENS Solid Edge ST4/ST5 SEListCtrlX - ActiveX SetItemReadOnly Arbitrary Memory Rewrite Remote Code Execution
by rgod
EIP-2026-116219 EXPLOITDB text
SAS Integration Technologies Client 9.31_M1 'SASspk.dll' - Stack Overflow
by LiquidWorm
By Source
All 31,337 Writeup 60,186 Exploitdb 49,996 Nomisec 21,730 Metasploit 3,219 Github 2,577 Vulncheck_xdb 905 Inthewild 514 Gitlab 441 Gitee 415 Patchapalooza 312
By Language
text 31,337 python 5,951 ruby 5,908 c 3,567 perl 2,849 html 2,053 php 1,326 bash 459 java 362 c++ 250 javascript 215 shell 91 go 55 postscript 25 xml 24