Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-111846 EXPLOITDB text VERIFIED
Ruubikcms 1.1.1 - 'tinybrowser.php?folder' Directory Traversal
by expl0i13r
EIP-2026-106277 EXPLOITDB text VERIFIED
Cuppa CMS - '/alertConfigField.php' Local/Remote File Inclusion
by CWH Underground
CVE-2013-4878 EXPLOITDB text VERIFIED
Parallels Plesk Panel <9.0.x, 9.2.x - RCE
The default configuration of Parallels Plesk Panel 9.0.x and 9.2.x on UNIX, and Small Business Panel 10.x on UNIX, has an improper ScriptAlias directive for phppath, which makes it easier for remote attackers to execute arbitrary code via a crafted request, a different vulnerability than CVE-2012-1823.
by kingcope
CVE-2013-0984 EXPLOITDB text VERIFIED
Mac OS X <= 10.6.8 - Remote Code Execution in Directory Service
Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.
by Core Security
CVE-2013-2134 EXPLOITDB text VERIFIED
Apache Struts 2.0.0-2.3.14.2 - Remote Code Execution via OGNL Expression in Action Name
Apache Struts 2 before 2.3.14.3 allows remote attackers to execute arbitrary OGNL code via a request with a crafted action name that is not properly handled during wildcard matching, a different vulnerability than CVE-2013-2135.
by Jon Passki
CVE-2013-4095 EXPLOITDB text
Imperva SecureSphere 9.0.0.5 - Authenticated Remote Code Execution via Task Command Field
plain/actionsets.html in the SecureSphere Operations Manager (SOM) Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to execute arbitrary commands via a task with a [command].value field in conjunction with an [arguments].value field.
by Pedro Andujar
EIP-2026-101883 EXPLOITDB text
Netgear WPN824v3 - Unauthorized Configuration Download
by Jens Regel
CVE-2013-4098 EXPLOITDB text
DS3 Authentication Server - Remote Code Execution via ErrorViewer.jsp Message Parameter
ServerAdmin/ErrorViewer.jsp in DS3 Authentication Server allow remote attackers to inject arbitrary error-page text via the message parameter.
by Pedro Andujar
CVE-2013-2571 EXPLOITDB CRITICAL text VERIFIED
hcomm xpient_iris < 3.8 - Remote Code Execution via TCP Port 7510
Iris 3.8 before build 1548, as used in Xpient point of sale (POS) systems, allows remote attackers to execute arbitrary commands via a crafted request to TCP port 7510, as demonstrated by opening the cash drawer.
by Core Security
CVSS 9.8
CVE-2013-0143 EXPLOITDB text VERIFIED
QNAP VioStor NVR 4.0.3 and Surveillance Station Pro - Authenticated Remote Code Execution via pingping.cgi Query String
cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by leveraging guest access and placing shell metacharacters in the query string.
by Tim Herres
CVE-2013-2621 EXPLOITDB MEDIUM text VERIFIED
Telaen < 1.3.1 - Open Redirect via redir.php URL Parameter
Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redirect victims to arbitrary websites via a crafted URL.
by Manuel García Cárdenas
CVSS 6.1
CVE-2013-2623 EXPLOITDB MEDIUM text VERIFIED
telaen < 1.3.1 - Cross-Site Scripting via f_email Parameter
Cross-site Scripting (XSS) in Telaen before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the "f_email" parameter in index.php.
by Manuel García Cárdenas
CVSS 6.1
EIP-2026-105972 EXPLOITDB text VERIFIED
CMS Gratis Indonesia - 'config.php' PHP Code Injection
by CWH Underground
CVE-2013-3969 EXPLOITDB text VERIFIED
MongoDB 2.4.0-2.4.4 - Authenticated Denial of Service via Invalid RefDB Object
The find prototype in scripting/engine_v8.h in MongoDB 2.4.0 through 2.4.4 allows remote authenticated users to cause a denial of service (uninitialized pointer dereference and server crash) or possibly execute arbitrary code via an invalid RefDB object.
by SCRT Security
CVE-2013-2624 EXPLOITDB MEDIUM text VERIFIED
telaen < 1.3.1 - Exposure of Sensitive Information via Crafted URL Request
Telean before 1.3.1 contains a full path disclosure vulnerability which could allow remote attackers to obtain sensitive information through a specially crafted URL request.
by Manuel García Cárdenas
CVSS 5.3
EIP-2026-116914 EXPLOITDB text VERIFIED
BOINC Manager (Seti@home) 7.0.64 - Field Buffer Overflow (SEH)
by xis_one
EIP-2026-111217 EXPLOITDB text VERIFIED
PhpTax 0.8 - File Manipulation 'newvalue' / Remote Code Execution
by CWH Underground
CVE-2013-3724 EXPLOITDB text
Monkey 1.1.1 - Denial of Service via Null Byte in HTTP Request
The mk_request_header_process function in mk_request.c in Monkey 1.1.1 allows remote attackers to cause a denial of service (thread crash and service outage) via a '\0' character in an HTTP request.
by Doug Prostko
CVE-2013-1604 EXPLOITDB text VERIFIED
MayGion IP Camera Firmware < 09.27 - Path Traversal via Default URI
Directory traversal vulnerability in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI.
by Core Security
CVE-2013-2572 EXPLOITDB HIGH text VERIFIED
TP-LINK TL-SC 3130, TL-SC 3130G, TL-SC 3171G, TL-SC 4171G < 1.6.18p12 - Security Bypass via Hard-coded Credentials
A Security Bypass vulnerability exists in TP-LINK IP Cameras TL-SC 3130, TL-SC 3130G, 3171G, 4171G, and 3130 1.6.18P12 due to default hard-coded credentials for the administrative Web interface, which could let a malicious user obtain unauthorized access to CGI files.
by Core Security
CVSS 7.5
CVE-2013-2567 EXPLOITDB HIGH text VERIFIED
Zavio IP Cameras <1.6.03 - Auth Bypass
An Authentication Bypass vulnerability exists in the web interface in Zavio IP Cameras through 1.6.03 due to a hardcoded admin account found in boa.conf, which lets a remote malicious user obtain sensitive information.
by Core Security
CVSS 7.5
EIP-2026-107633 EXPLOITDB text VERIFIED
HostBill - 'cpupdate.php' Authentication Bypass
by localhost.re
CVE-2013-2570 EXPLOITDB CRITICAL text VERIFIED
Zavio IP Cameras <1.6.3 - Command Injection
A Command Injection vulnerability exists in Zavio IP Cameras through 1.6.3 in the General.Time.NTP.Server parameter to the sub_C8C8 function of the binary /opt/cgi/view/param, which could let a remove malicious user execute arbitrary code.
by Core Security
CVSS 9.8
CVE-2013-2573 EXPLOITDB CRITICAL text VERIFIED
TP-Link IP Camera - Command Injection
A Command Injection vulnerability exists in the ap parameter to the /cgi-bin/mft/wireless_mft.cgi file in TP-Link IP Cameras TL-SC 3130, TL-SC 3130G, 3171G. and 4171G 1.6.18P12s, which could let a malicious user execute arbitrary code.
by Core Security
CVSS 9.8
CVE-2013-1605 EXPLOITDB text VERIFIED
MayGion IP Camera Firmware < 2013.04.22 (05.53) - Remote Code Execution via Long Filename
Buffer overflow in MayGion IP Cameras with firmware before 2013.04.22 (05.53) allows remote attackers to execute arbitrary code via a long filename in a GET request.
by Core Security