Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
CVE-2013-2684 EXPLOITDB MEDIUM text
Cisco Linksys E4200 1.0.05 Build 7 - Cross-Site Scripting
Cross-site Scripting (XSS) in Cisco Linksys E4200 1.0.05 Build 7 devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
by sqlhacker
CVSS 6.1
CVE-2013-4631 EXPLOITDB text
Huawei AR 150, 200, 1200, 2200, and 3200 - Denial of Service via Malformed SNMPv3 Requests
Huawei AR 150, 200, 1200, 2200, and 3200 routers, when SNMPv3 is enabled, allow remote attackers to cause a denial of service (device crash) via malformed SNMPv3 requests that leverage unspecified overflow issues.
by Roberto Paleari
EIP-2026-113300 EXPLOITDB text VERIFIED
WeBid 1.0.6 - Multiple Vulnerabilities
by Ahmed Aboul-Ela
EIP-2026-112302 EXPLOITDB text
Social Site Generator 2.2 - Cross-Site Request Forgery (Add Admin)
by Fallaga
EIP-2026-110283 EXPLOITDB text VERIFIED
OpenDocMan 1.2.6.5 - Persistent Cross-Site Scripting
by drone
EIP-2026-108624 EXPLOITDB text VERIFIED
Joomla! Component dj-classifieds 2.0 - Blind SQL Injection
by Napsterakos
EIP-2026-106233 EXPLOITDB text VERIFIED
Craigslist Gold - SQL Injection
by Fallaga
EIP-2026-101649 EXPLOITDB text
D-Link DSL-320B - Multiple Vulnerabilities
by m-1-k-3
EIP-2026-101639 EXPLOITDB text
D-Link DNS-323 - Multiple Vulnerabilities
by sghctoma
CVE-2013-1599 EXPLOITDB CRITICAL text VERIFIED
Dlink Dcs-3411 Firmware - OS Command Injection
A Command Injection vulnerability exists in the /var/www/cgi-bin/rtpd.cgi script in D-Link IP Cameras DCS-3411/3430 firmware 1.02, DCS-5605/5635 1.01, DCS-1100L/1130L 1.04, DCS-1100/1130 1.03, DCS-1100/1130 1.04_US, DCS-2102/2121 1.05_RU, DCS-3410 1.02, DCS-5230 1.02, DCS-5230L 1.02, DCS-6410 1.00, DCS-7410 1.00, DCS-7510 1.00, and WCS-1100 1.02, which could let a remote malicious user execute arbitrary commands through the camera’s web interface.
by Core Security
CVSS 9.8
CVE-2013-1594 EXPLOITDB HIGH text VERIFIED
Vivotek PT7135 Firmware 0300a/0400a - Cleartext Credential Storage Exposes Sensitive Information
An Information Disclosure vulnerability exists via a GET request in Vivotek PT7135 IP Camera 0300a and 0400a due to wireless keys and 3rd party credentials stored in clear text.
by Core Security
CVSS 7.5
CVE-2012-4886 EXPLOITDB text VERIFIED
Kingsoft WPS Office <8.1.0.3238 - Buffer Overflow
Stack-based buffer overflow in wpsio.dll in Kingsoft WPS Office 2012 possibly 8.1.0.3238 allows remote attackers to execute arbitrary code via a long BSTR string.
by Zhangjiantao
EIP-2026-116376 EXPLOITDB text
Syslog Watcher Pro 2.8.0.812 - 'Date' Cross-Site Scripting
by demonalex
EIP-2026-115190 EXPLOITDB text VERIFIED
Easy Icon Maker 5.01 - Crash (PoC)
by Asesino04
EIP-2026-106803 EXPLOITDB text VERIFIED
EggBlog 4.1.2 - Arbitrary File Upload
by Pokk3rs
CVE-2013-1598 EXPLOITDB HIGH text VERIFIED
Vivotek PT7135 Firmware 0300a and 0400a - OS Command Injection via system.ntp Parameter
A Command Injection vulnerability exists in Vivotek PT7135 IP Cameras 0300a and 0400a via the system.ntp parameter to the farseer.out binary file, which cold let a malicious user execute arbitrary code.
by Core Security
CVSS 8.8
CVE-2013-1603 EXPLOITDB MEDIUM text VERIFIED
D-Link DCS and WCS Firmware - Unauthenticated Remote Access via Hard-coded Credentials
An Authentication vulnerability exists in D-LINK WCS-1100 1.02, TESCO DCS-2121 1.05_TESCO, TESCO DCS-2102 1.05_TESCO, DCS-7510 1.00, DCS-7410 1.00, DCS-6410 1.00, DCS-5635 1.01, DCS-5605 1.01, DCS-5230L 1.02, DCS-5230 1.02, DCS-3430 1.02, DCS-3411 1.02, DCS-3410 1.02, DCS-2121 1.06_FR, DCS-2121 1.06, DCS-2121 1.05_RU, DCS-2102 1.06_FR, DCS-2102 1.06, DCS-2102 1.05_RU, DCS-1130L 1.04, DCS-1130 1.04_US, DCS-1130 1.03, DCS-1100L 1.04, DCS-1100 1.04_US, and DCS-1100 1.03 due to hard-coded credentials that serve as a backdoor, which allows remote attackers to access the RTSP video stream.
by Core Security
CVSS 5.3
EIP-2026-107169 EXPLOITDB text VERIFIED
Foe CMS 1.6.5 - Multiple Vulnerabilities
by flux77
CVE-2013-2679 EXPLOITDB MEDIUM text VERIFIED
Linksys E4200 Firmware 1.0.05 - Cross-Site Scripting via Multiple Parameters
Multiple cross-site scripting (XSS) vulnerabilities in Cisco Linksys E4200 router with firmware 1.0.05 build 7 allow remote attackers to inject arbitrary web script or HTML via the (1) log_type, (2) ping_ip, (3) ping_size, (4) submit_type, or (5) traceroute_ip parameter to apply.cgi or (6) new_workgroup or (7) submit_button parameter to storage/apply.cgi.
by Carl Benedict
CVSS 6.1
CVE-2013-10050 EXPLOITDB HIGH text VERIFIED
D-Link DIR-300/615 - Command Injection
An OS command injection vulnerability exists in multiple D-Link routers (confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13) via the authenticated tools_vct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid credentials to inject arbitrary shell commands. Exploitation enables full device compromise, including spawning a telnet daemon and establishing a root shell. The vulnerability is present in firmware versions that expose tools_vct.xgi and use the Mathopd/1.5p6 web server. No vendor patch is available, and affected models are end-of-life.
by m-1-k-3
CVSS 8.8
CVE-2013-3242 EXPLOITDB text VERIFIED
Joomla! <2.5.10-3.0.4 - Code Injection
plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated users to conduct PHP object injection attacks and cause a denial of service via unspecified vectors.
by EgiX
CVE-2013-3241 EXPLOITDB text VERIFIED
phpMyAdmin <4.0.0-rc3 - Code Injection
export.php (aka the export script) in phpMyAdmin 4.x before 4.0.0-rc3 overwrites global variables on the basis of the contents of the POST superglobal array, which allows remote authenticated users to inject values via a crafted request.
by waraxe
CVE-2013-2594 EXPLOITDB text
Hornbill Supportworks ITSM <3.4.14 - SQL Injection
SQL injection vulnerability in reports/calldiary.php in Hornbill Supportworks ITSM 1.0.0 through 3.4.14 allows remote attackers to execute arbitrary SQL commands via the callref parameter.
by Joseph Sheridan
CVE-2013-2009 EXPLOITDB HIGH text VERIFIED
WordPress WP Super Cache Plugin <1.2 - RCE
WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution
by anonymous
CVSS 8.8
EIP-2026-101630 EXPLOITDB text
D-Link DIR-615 Rev D3 / DIR-300 Rev A - Multiple Vulnerabilities
by m-1-k-3