Text Exploits

CVE-2013-10032 EXPLOITDB HIGH text VERIFIED

GetSimpleCMS <3.2.1 - Authenticated RCE

An authenticated remote code execution vulnerability exists in GetSimpleCMS version 3.2.1. The application’s upload.php endpoint allows authenticated users to upload arbitrary files without proper validation of MIME types or extensions. By uploading a .pht file containing PHP code, an attacker can bypass blacklist-based restrictions and place executable code within the web root. A crafted request using a polyglot or disguised extension allows the attacker to execute the payload by accessing the file directly via the web server. This vulnerability exists due to the use of a blacklist for filtering file types instead of a whitelist.

by Ahmed Elhady Mohamed

CVSS 8.8

View

EIP-2026-108523 EXPLOITDB text VERIFIED

Joomla! Component com_s5clanroster - 'id' SQL Injection

by AtT4CKxT3rR0r1ST

View

EIP-2026-105051 EXPLOITDB text VERIFIED

Ajax Availability Calendar 3.x - Multiple Vulnerabilities

by AtT4CKxT3rR0r1ST

View

EIP-2026-102318 EXPLOITDB text

Wireless Photo Access 1.0.10 iOS - Multiple Vulnerabilities

by Vulnerability-Lab

View

EIP-2026-102316 EXPLOITDB text

Wireless Disk PRO 2.3 iOS - Multiple Vulnerabilities

by Vulnerability-Lab

View

EIP-2026-102309 EXPLOITDB text

Wifi Album 1.47 iOS - Command Injection

by Vulnerability-Lab

View

EIP-2026-102231 EXPLOITDB text

File Lite 3.3/3.5 PRO iOS - Multiple Vulnerabilities

by Vulnerability-Lab

View

EIP-2026-102117 EXPLOITDB text

Wifi Photo Transfer 2.1/1.1 PRO - Multiple Vulnerabilities

by Vulnerability-Lab

View

EIP-2026-102001 EXPLOITDB text

SimpleTransfer 2.2.1 - Command Injection

by Vulnerability-Lab

View

EIP-2026-114026 EXPLOITDB text VERIFIED

WordPress Plugin Securimage-WP - 'siwp_test.php' Cross-Site Scripting

by Gjoko Krstic

View

EIP-2026-111967 EXPLOITDB text VERIFIED

Securimage - 'example_form.php' Cross-Site Scripting

by Gjoko Krstic

View

CVE-2013-4630 EXPLOITDB text

Huawei AR - Buffer Overflow

Stack-based buffer overflow on Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 debugging is enabled, allows remote attackers to execute arbitrary code via malformed SNMPv3 requests.

by Roberto Paleari

View

CVE-2013-2678 EXPLOITDB HIGH text

Cisco Linksys E4200 1.0.05 - Code Injection

Cisco Linksys E4200 1.0.05 Build 7 routers contain a Local File Include Vulnerability which could allow remote attackers to obtain sensitive information or execute arbitrary code by sending a crafted URL request to the apply.cgi script using the submit_type parameter.

by sqlhacker

CVSS 8.1

View

CVE-2013-3320 EXPLOITDB MEDIUM text VERIFIED

NetApp OnCommand System Manager <2.2 - XSS

Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields.

by M. Heinzl

CVSS 6.1

View

CVE-2013-3320 EXPLOITDB MEDIUM text VERIFIED

NetApp OnCommand System Manager <2.2 - XSS

Cross-site Scripting (XSS) vulnerability in NetApp OnCommand System Manager before 2.2 allows remote attackers to inject arbitrary web script or HTML via the 'full-name' and 'comment' fields.

by M. Heinzl

CVSS 6.1

View

EIP-2026-109717 EXPLOITDB text VERIFIED

MyBB Game Section Plugin - 'games.php' Multiple Cross-Site Scripting Vulnerabilities

by anonymous

View

CVE-2013-2945 EXPLOITDB text VERIFIED

b2evolution <4.1.7 - SQL Injection

SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this can be leveraged using CSRF to allow remote unauthenticated attackers to execute arbitrary SQL commands.

by High-Tech Bridge SA

View

EIP-2026-103098 EXPLOITDB text

Dovecot with Exim - 'sender_address' Remote Command Execution

by RedTeam Pentesting GmbH

View

CVE-2013-2684 EXPLOITDB MEDIUM text

Cisco Linksys E4200 1.0.05 - XSS

Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

by sqlhacker

CVSS 6.1

View

CVE-2013-4631 EXPLOITDB text

Huawei AR - DoS

Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabled, allow remote attackers to cause a denial of service (device crash) via malformed SNMPv3 requests that leverage unspecified overflow issues.

by Roberto Paleari

View

EIP-2026-113300 EXPLOITDB text VERIFIED

WeBid 1.0.6 - Multiple Vulnerabilities

by Ahmed Aboul-Ela

View

EIP-2026-112302 EXPLOITDB text

Social Site Generator 2.2 - Cross-Site Request Forgery (Add Admin)

by Fallaga

View

EIP-2026-110283 EXPLOITDB text VERIFIED

OpenDocMan 1.2.6.5 - Persistent Cross-Site Scripting

by drone

View

EIP-2026-108624 EXPLOITDB text VERIFIED

Joomla! Component dj-classifieds 2.0 - Blind SQL Injection

by Napsterakos

View

EIP-2026-106233 EXPLOITDB text VERIFIED

Craigslist Gold - SQL Injection

by Fallaga

View