Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-1606 EXPLOITDB text VERIFIED
Ubiquiti AirVision Firmware < 1.1.6 - Remote Code Execution via RTSP DESCRIBE Request
Buffer overflow in the ubnt-streamer RTSP service on the Ubiquiti UBNT AirCam with airVision firmware before 1.1.6 allows remote attackers to execute arbitrary code via a long rtsp: URI in a DESCRIBE request.
by Core Security
EIP-2026-114264 EXPLOITDB text
WordPress Plugin WP-SendSms 1.0 - Multiple Vulnerabilities
by expl0i13r
CVE-2013-3739 EXPLOITDB text VERIFIED
Network Weathermap < 0.97c - Path Traversal via Mapname Parameter
Directory traversal vulnerability in editor.php in Network Weathermap 0.97c and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the mapname parameter in a show_config action.
by Anthony Dubuissez
CVE-2013-3961 EXPLOITDB text
Simple PHP Agenda < 2.2.9 - Authenticated SQL Injection via edit_event.php eventid Parameter
SQL injection vulnerability in edit_event.php in Simple PHP Agenda before 2.2.9 allows remote authenticated users to execute arbitrary SQL commands via the eventid parameter.
by Anthony Dubuissez
EIP-2026-109834 EXPLOITDB text VERIFIED
NanoBB 0.7 - Multiple Vulnerabilities
by CWH Underground
EIP-2026-109500 EXPLOITDB text VERIFIED
mkCMS - 'index.php' Arbitrary PHP Code Execution
by CWH Underground
EIP-2026-107168 EXPLOITDB text VERIFIED
Fobuc Guestbook 0.9 - SQL Injection
by CWH Underground
EIP-2026-101579 EXPLOITDB text
Buffalo WZR-HP-G300NH2 - Cross-Site Request Forgery
by Prayas Kulshrestha
EIP-2026-111946 EXPLOITDB text VERIFIED
ScriptCase - 'scelta_categoria.php' SQL Injection
by Hossein Hezami
EIP-2026-109206 EXPLOITDB text VERIFIED
Lokboard - 'index_4.php' PHP Code Injection
by CWH Underground
CVE-2013-3575 EXPLOITDB text VERIFIED
HP Insight Diagnostics 9.4.0.4710 - Remote File Inclusion via path Parameter
hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/frontend2/help/ .html files via the path parameter.
by Markus Wulftange
CVE-2013-3574 EXPLOITDB text VERIFIED
HP Insight Diagnostics 9.4.0.4710 - Path Traversal and Arbitrary File Write via devicePath Parameter
Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full pathname in the argument to the devicePath (aka mount) parameter.
by Markus Wulftange
EIP-2026-106125 EXPLOITDB text
Concrete5 CMS 5.6.1.2 - Multiple Vulnerabilities
by expl0i13r
EIP-2026-102532 EXPLOITDB text
Resin Application Server 4.0.36 - Source Code Disclosure
by LiquidWorm
EIP-2026-101366 EXPLOITDB text
MobileIron Virtual Smartphone Platform - Privilege Escalation
by prdelka
EIP-2026-114303 EXPLOITDB text VERIFIED
WordPress Theme Ambience - 'src' Cross-Site Scripting
by Darksnipper
EIP-2026-109349 EXPLOITDB text VERIFIED
Max Forum - Multiple Vulnerabilities
by CWH Underground
EIP-2026-111847 EXPLOITDB text VERIFIED
Ruubikcms 1.1.1 - Persistent Cross-Site Scripting
by expl0i13r
EIP-2026-110770 EXPLOITDB text VERIFIED
PHP Ticket System Beta 1 - Cross-Site Request Forgery
by Pablo Ribeiro
EIP-2026-105762 EXPLOITDB text VERIFIED
Caucho Resin - 'index.php?logout' Cross-Site Scripting
by Gjoko Krstic
EIP-2026-105761 EXPLOITDB text VERIFIED
Caucho Resin - '/resin-admin/' URI Cross-Site Scripting
by Gjoko Krstic
EIP-2026-105020 EXPLOITDB text VERIFIED
AfterLogic WebMail Lite PHP 7.0.1 - Cross-Site Request Forgery
by Pablo Ribeiro
CVE-2013-2852 EXPLOITDB text VERIFIED
Linux kernel <3.9.4 - Privilege Escalation
Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message.
by Kees Cook
CVE-2013-5948 EXPLOITDB text
ASUS RT-AC68U and T-Mobile TM-AC1900 - Authenticated OS Command Injection via Network Analysis Target Field
The Network Analysis tab (Main_Analysis_Content.asp) in the ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the Target field (destIP parameter).
by drone
CVE-2024-12847 EXPLOITDB CRITICAL text
NETGEAR DGN1000 < 1.1.00.48 - Unauthenticated OS Command Injection via setup.cgi
NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been observed to be exploited in the wild since at least 2017 and specifically by the Shadowserver Foundation on 2025-02-06 UTC.
by Roberto Paleari
CVSS 9.8