Text Exploits

31,394 exploits tracked across all sources.

Sort: Activity Stars
EIP-2026-101003 EXPLOITDB text VERIFIED
Cisco Linksys WRT310N Router - Multiple Denial of Service Vulnerabilities
by Carl Benedict
CVE-2009-4140 EXPLOITDB text VERIFIED
Open Flash Chart v2 Beta 1-v2 Lug Wyrm Charmer - RCE
Unrestricted file upload vulnerability in ofc_upload_image.php in Open Flash Chart v2 Beta 1 through v2 Lug Wyrm Charmer, as used in Piwik 0.2.35 through 0.4.3, Woopra Analytics Plugin before 1.4.3.2, and possibly other products, when register_globals is enabled, allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension through the name parameter with the code in the HTTP_RAW_POST_DATA parameter, then accessing it via a direct request to the file in tmp-upload-images/.
by iskorpitx
EIP-2026-113137 EXPLOITDB text VERIFIED
VoipNow 2.5 - Local File Inclusion
by i-Hmx
CVE-2011-4275 EXPLOITDB text VERIFIED
iTop 1.1.181 and 1.2.0-RC-282 - Cross-Site Scripting via Multiple Input Vectors
Multiple cross-site scripting (XSS) vulnerabilities in iTop (aka IT Operations Portal) 1.1.181 and 1.2.0-RC-282 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted company name, (2) a crafted database server name, (3) a crafted CSV file, (4) a crafted copy-and-paste action, (5) the auth_user parameter in a suggest_pwd action to UI.php, (6) the c[menu] parameter to UniversalSearch.php, (7) the description parameter in a SearchFormToAdd_document_list action to UI.php, (8) the category parameter in an errors action to audit.php, or (9) the suggest_pwd parameter to UI.php.
by iskorpitx
EIP-2026-114314 EXPLOITDB text VERIFIED
WordPress Theme Colormix - Multiple Vulnerabilities
by MustLive
EIP-2026-106231 EXPLOITDB text VERIFIED
Crafty Syntax Live Help 3.1.2 - Remote File Inclusion / Full Path Disclosure
by ITTIHACK
EIP-2026-104358 EXPLOITDB text VERIFIED
Nginx 0.6.x - Arbitrary Code Execution NullByte Injection
by Neal Poole
EIP-2026-101103 EXPLOITDB text VERIFIED
TP-Link TL-WR741N / TL-WR741ND Routers - Multiple Denial of Service Vulnerabilities
by W1ckerMan
CVE-2013-2712 EXPLOITDB text
KrisonAV CMS < 3.0.2 - Cross-Site Scripting via Content Parameter
Cross-site scripting (XSS) vulnerability in services/get_article.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter.
by High-Tech Bridge SA
CVE-2013-1509 EXPLOITDB text
Oracle Fusion Middleware WebCenter Sites 7.6.2, 11.1.1.6.0, 11.1.1.6.1 - Authenticated Integrity Impact
Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.0, and 11.1.1.6.1 allows remote authenticated users to affect integrity via unknown vectors related to WebCenter Sites.
by SEC Consult
CVE-2013-2419 EXPLOITDB text
Oracle Java SE <7.17,6.43,5.41 - DoS
Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect availability via unknown vectors related to 2D. NOTE: the previous information is from the April 2013 CPU. Oracle has not commented on claims from another vendor that this issue is related to "font processing errors" in the International Components for Unicode (ICU) Layout Engine before 51.2.
by SEC Consult
EIP-2026-115283 EXPLOITDB text VERIFIED
Foxit Reader 5.4.3.x < 5.4.5.0124 - PDF XREF Parsing Denial of Service
by FuzzMyApp
CVE-2013-2713 EXPLOITDB text
KrisonAV CMS < 3.0.2 - Cross-Site Request Forgery via User Account Creation
Cross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user accounts via a crafted request.
by High-Tech Bridge SA
EIP-2026-107184 EXPLOITDB text VERIFIED
Fork CMS - 'js.php' Local File Inclusion
by Rafay Baloch
EIP-2026-112351 EXPLOITDB text VERIFIED
Sosci Survey - Multiple Vulnerabilities
by T. Lazauninkas
CVE-2013-2097 EXPLOITDB HIGH text
ZPanel through 10.1.0 - Remote Code Execution
ZPanel through 10.1.0 has Remote Command Execution
by Sven Slootweg
CVSS 7.8
EIP-2026-112964 EXPLOITDB text
Vanilla Forums Van2Shout Plugin 1.0.51 - Multiple Cross-Site Request Forgery Vulnerabilities
by Henry Hoggard
CVE-2013-3524 EXPLOITDB text VERIFIED
Pop Up News module 2.0 - SQL Injection via itemid Parameter
SQL injection vulnerability in popupnewsitem/ in the Pop Up News module 2.0 and possibly earlier for phpVMS allows remote attackers to execute arbitrary SQL commands via the itemid parameter. NOTE: this was originally reported as a problem in phpVMS.
by NoGe
CVE-2013-3301 EXPLOITDB text VERIFIED
Linux Kernel < 3.8.8 - Denial of Service via Ftrace lseek NULL Pointer Dereference
The ftrace implementation in the Linux kernel before 3.8.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by leveraging the CAP_SYS_ADMIN capability for write access to the (1) set_ftrace_pid or (2) set_graph_function file, and then making an lseek system call.
by anonymous
EIP-2026-101201 EXPLOITDB text VERIFIED
Cisco Linksys EA2700 Router - Multiple Vulnerabilities
by Phil Purviance
CVE-2013-3537 EXPLOITDB text VERIFIED
Todoo Forum 2.0 - SQL Injection via id_post or pg Parameter
Multiple SQL injection vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id_post or (2) pg parameter.
by Chiekh Bouchenafa
CVE-2013-3538 EXPLOITDB text VERIFIED
Todoo Forum 2.0 - Cross-Site Scripting via id_post or pg Parameter
Multiple cross-site scripting (XSS) vulnerabilities in todooforum.php in Todoo Forum 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id_post or (2) pg parameter.
by Chiekh Bouchenafa
EIP-2026-104154 EXPLOITDB text VERIFIED
Aibolit - Information Disclosure
by MustLive
CVE-2013-2498 EXPLOITDB text VERIFIED
SimpleHRM <= 2.3 - SQL Injection via Username Parameter
SQL injection vulnerability in the login page in flexycms/modules/user/user_manager.php in SimpleHRM 2.3, 2.2, and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to index.php/user/setLogin.
by Doraemon
EIP-2026-107216 EXPLOITDB text VERIFIED
Free Monthly Websites 2.0 - Admin Password Change
by Yassin Aboukir