Text Exploits

EIP-2026-114159 EXPLOITDB text

WordPress Plugin User Role Editor 3.12 - Cross-Site Request Forgery

by Henry Hoggard

View

EIP-2026-114084 EXPLOITDB text VERIFIED

WordPress Plugin Spider Event Calendar 1.3.0 - Multiple Vulnerabilities

by waraxe

View

EIP-2026-114083 EXPLOITDB text VERIFIED

WordPress Plugin Spider Catalog 1.4.6 - Multiple Vulnerabilities

by waraxe

View

EIP-2026-112962 EXPLOITDB text

Vanilla Forums 2.0.18.8 - Multiple Vulnerabilities

by Henry Hoggard

View

CVE-2013-3531 EXPLOITDB text

Radiocms - SQL Injection

SQL injection vulnerability in meneger.php in RadioCMS 2.2 allows remote attackers to execute arbitrary SQL commands via the playlist_id parameter.

by Rooster(XEKA)

View

EIP-2026-101130 EXPLOITDB text

Sony Playstation 3 (PS3) 4.31 - Save Game Preview '.SFO' Handling Local Command Execution

by Vulnerability-Lab

View

EIP-2026-113397 EXPLOITDB text VERIFIED

Weyal CMS - Multiple SQL Injections

by XroGuE

View

CVE-2013-3660 EXPLOITDB HIGH text VERIFIED

Microsoft Windows 7 - Memory Corruption

The EPATHOBJ::pprFlattenRec function in win32k.sys in the kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, and Windows Server 2012 does not properly initialize a pointer for the next object in a certain list, which allows local users to obtain write access to the PATHRECORD chain, and consequently gain privileges, by triggering excessive consumption of paged memory and then making many FlattenPath function calls, aka "Win32k Read AV Vulnerability."

by Tavis Ormandy

CVSS 7.8

View

CVE-2013-3661 EXPLOITDB text VERIFIED

Microsoft Windows 7 - Path Traversal

The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not check whether linked-list traversal is continually accessing the same list member, which allows local users to cause a denial of service (infinite traversal) via vectors that trigger a crafted PATHRECORD chain.

by Tavis Ormandy

View

EIP-2026-113989 EXPLOITDB text VERIFIED

WordPress Plugin ProPlayer 4.7.9.1 - SQL Injection

by Ashiyane Digital Security Team

View

EIP-2026-103056 EXPLOITDB text VERIFIED

Acme thttpd HTTP Server - Directory Traversal

by Metropolis

View

EIP-2026-110798 EXPLOITDB text VERIFIED

PHP-Charts 1.0 - Code Execution

by fizzle stick

View

CVE-2013-3294 EXPLOITDB text

Exponent CMS <2.2.0 - SQL Injection

Multiple SQL injection vulnerabilities in Exponent CMS before 2.2.0 release candidate 1 allow remote attackers to execute arbitrary SQL commands via the (1) src or (2) username parameter to index.php.

by High-Tech Bridge SA

View

EIP-2026-106591 EXPLOITDB text

Drupal Module CKEditor < 4.1WYSIWYG (Drupal 6.x/7.x) - Persistent Cross-Site Scripting

by r0ng

View

EIP-2026-114252 EXPLOITDB text VERIFIED

WordPress Plugin wp-FileManager - 'path' Arbitrary File Download

by ByEge

View

CVE-2013-3081 EXPLOITDB text VERIFIED

Jojo <1.2.2 - SQL Injection

SQL injection vulnerability in the checkEmailFormat function in plugins/jojo_core/classes/Jojo.php in Jojo before 1.2.2 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For HTTP header to /articles/test/.

by High-Tech Bridge SA

View

CVE-2013-3082 EXPLOITDB text VERIFIED

Jojo <1.2.2 - XSS

Cross-site scripting (XSS) vulnerability in plugins/jojo_core/forgot_password.php in Jojo before 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter to forgot-password/.

by High-Tech Bridge SA

View

EIP-2026-116134 EXPLOITDB text VERIFIED

Quick Search 1.1.0.189 - Buffer Overflow (SEH)

by ariarat

View

EIP-2026-114253 EXPLOITDB text VERIFIED

WordPress Plugin wp-FileManager - Arbitrary File Download

by ByEge

View

EIP-2026-113418 EXPLOITDB text

WHMCS 4.x - 'invoicefunctions.php?id' SQL Injection

by Ahmed Aboul-Ela

View

CVE-2013-2754 EXPLOITDB text

Umisoft UMI.CMS <2.9.21905 - CSRF

Cross-site request forgery (CSRF) vulnerability in Umisoft UMI.CMS before 2.9 build 21905 allows remote attackers to hijack the authentication of administrators for requests that add administrator accounts via a request to admin/users/add/user/do/.

by High-Tech Bridge SA

View

EIP-2026-110230 EXPLOITDB text VERIFIED

Open Flash Chart - 'get-data' Cross-Site Scripting

by Deepankar Arora

View

EIP-2026-107927 EXPLOITDB text VERIFIED

Invision Power Board 1.x?/2.x/3.x - Admin Takeover

by John JEAN

View

EIP-2026-107337 EXPLOITDB text VERIFIED

Gallery Server Pro - Arbitrary File Upload

by Drew Calcott

View

EIP-2026-105093 EXPLOITDB text

Alienvault Open Source SIEM (OSSIM) 4.1.2 - Multiple SQL Injections

by RunRunLevel

View